US Cyber Bombs On ISIS Change The Nature Cyber War

Uploaded on 2016-05-04 in NEWS-Cybersecurity News, INTELLIGENCE--USA, GOVERNMENT-Defence, FREE TO VIEW

US military’s Cyber Command will now run its own aggressive operations as part of the War on Terror, and even augment regular, lethal military strikes with cyber capabilities.

Since its creation in 2009, US Cyber Command has focused its efforts mostly on sophisticated cyber-actors on the world stage, states like Iran, Russia, and North Korea. 

It acts mostly in the new realm of cyber-conflict, in which states can take digital shots at one another without getting too worried about starting a real shooting war. 

But now, the American war on ISIS is blurring the lines between digital and kinetic conflict, opening a new cyber-front in the physical world: For the first time in its short history, the US military’s Cyber Command will now run its own aggressive operations as part of the War on Terror, and even augment regular, lethal military strikes with cyber capabilities.

The announcement came as President Obama prepared to discuss the war on ISIS in Hanover, Germany earlier this week, where he met with world leaders and laid out this new cyber initiative, among others. Deputy Secretary of Defense Robert O. Work has the key quote encapsulating the effort: “We are dropping cyber bombs… We have never done that before.”

Indeed, until now the cyber war on ISIS has been mostly confined to disruption of communications. While ISIS has always been vulnerable to attack online, if only thanks to the youth and modernity of its members, messing with their Twitter accounts simply cannot do the job on its own. If it could, Anonymous would be the most beloved group in the world by now. What we’re talking about here is functionally very different; from diverting ISIS’ troop payment transfers to sending its fighters fake military coordinates, this is cyber as a technical use of military force.

According to Brigham Young professor of law Eric Jensen, there have been basically three major, publicly known cyber-attacks that probably constitute a use of force under international law: Stuxnet, a devastating 2012 attack on the Saudi Aramco oil company, and a recent, rather terrifying attack on Swedish air traffic control. It is possible that this particular cyber-campaign won’t affect that total number of attacks, since ISIS is not a legitimate state. Still, if “cyber bombs” do prove useful against ISIS, we can expect the strategy to continue against real states, as the US rolls out these capabilities to complement attacks in other theaters.

For instance, we don’t currently know if the US attack on Osama Bin Laden’s compound in Pakistan had a cyber component, perhaps taking down the local aircraft tracking systems. If the US launches a similar mission in a few years’ time, the use of cyber weapons to complement real ones will likely be totally routine. Cyber-attacking national infrastructure to support attacks with lethal consequences could change the severity of an otherwise isolated incident, a serious concern with nations already threatening to take cyber incursions as provocative acts of war.

Now, you might wonder what good a “cyber bomb” could do in this case, used against a reasonably modern nation like Iran, sure, but a band of medieval thugs like ISIS? At this point, though, it’s almost impossible to insulate yourself from the effectiveness of cyber war. Al-Qaeda chose to train and sometimes live in literal caves, and yet they still had to use potentially hackable, jam able technology to communicate and coordinate, especially if they were under active attack at the time. Not even the parallel universe of ISIS territory can keep out the modern world to the extent that cyber war becomes ineffective.

ISIS is trying to run a literal war, as opposed to Al-Qaeda’s figurative one, and that means they must hold territory, collect taxes, buy or manufacture supplies, provide (meager) services, and more. There are more than enough points of attack for any cyber warfare outfit, and many of those weaknesses could be debilitating if hit hard enough.

We’ve already seen the effectiveness of blowing up their physical cash shipments with bombs, and now, Cyber Command is messing with their books. ISIS commanders have reportedly become aware that sophisticated hacking is altering their records, we don’t know the details, but this presumably means that the Western attackers are changing the books, rather than deleting them, which would make financial organization all but impossible. Fighters are reportedly deserting the terrorist organization due to low pay, so we should expect some good returns if Cyber Command can make it impossible to get the right amount of pay to the right people, on a regular basis.

Cyber Command will also basically weaponised forum trolling. They’ve already infiltrated some of ISIS’ communications networks with fake identities, hiding or posing as real commanders so they could learn the group’s habits. Now, they hope to exploit this access to distribute false information, like changing the coordinates of a meeting so terrorist leaders drive into a nice open area within easy striking distance of a nearby American drone. At the least, Cyber Command could introduce an element of doubt into every order, or bog ISIS down with unwieldy authentication routines.

The options are virtually endless. They could help shut down a bank to keep it from offloading data right before a missile strike. They could turn off some vital cooling system in a facility so it destroys itself and becomes useless. They could make easy pickings of an ISIS officer by hacking his newer-model car and driving it into a wall. The future of war is going to be very different than the past, and today, the US took a big step toward making that future a reality.
Ein News: http://bit.ly/1SNaqvP

« Disrupting ISIS Online In Africa
Cybersecurity Training For US Undergraduates Is Dismal »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Nullcon

Nullcon

Nullcon provides an integrated platform for exchanging information on the latest attack vectors, zero-day vulnerabilities and unknown threats.

SecurityHQ

SecurityHQ

SecurityHQ (formerly known as Si Consult) is a Global Managed Security Service Provider (MSSP) that monitors networks 24/7, to ensure complete visibility and protection against your cyber threats.

Watchdata Technologies

Watchdata Technologies

Watchdata Technologies is a pioneer in digital authentication and transaction security.

Information System Security Directorate (ISSD) - Afghanistan

Information System Security Directorate (ISSD) - Afghanistan

Information System Security Directorate (ISSD) is the Directorate of MCIT responsible for the security of critical information infrastructures in Afghanistan.

Hunters.AI

Hunters.AI

Hunters is the world's first autonomous hunting solution that leverages top-tier cyber expertise and AI to uncover hidden cyber threats.

Ledger

Ledger

Ledger is a leader in security and infrastructure solutions for cryptocurrencies and blockchain applications using its proprietary technology.

Veriff

Veriff

Veriff provides highly-automated identity-verification services that prevent fraud like nothing else on the market.

Jerusalem Venture Partners (JVP)

Jerusalem Venture Partners (JVP)

JVP’s Center of Excellence in Be’er Sheva aims to identify, nurture and build the next wave of cyber security and big data companies to emerge out of Israel.

Cloudrise

Cloudrise

Cloudrise are elevating cloud security, data protection, and privacy through assessment, technology enablement, and process automation.

Venari Security

Venari Security

Venari is an award-winning cybersecurity SaaS provider that has developed an ETA (Encrypted Traffic Analysis) platform which fundamentally changes the way encrypted traffic is analysed.

Department of Homeland Security (DHS)

Department of Homeland Security (DHS)

The Department of Homeland Security has a vital mission: to secure the nation from the many threats we face. Our duties are wide-ranging, but our goal is clear - keeping America safe.

Securonix

Securonix

Securonix delivers a next generation security analytics and operations management platform for the modern era of big data and advanced cyber threats.

Intelequia

Intelequia

Intelequia SOC is the Security Operations Center your company needs. 24x7 monitoring, protection and automated response to cyber threats.

BluSapphire

BluSapphire

BluSapphire is an industry-first, purpose-built, cloud-native, Hybrid XDR platform powered by AI and big data analytics.

Millennium Corporation

Millennium Corporation

For nearly two decades, Millennium Corporation has been operating on the leading edge of cybersecurity.

Nexer

Nexer

Nexer is a modern tech company with expertise in strategy, technology and communication with a strong vision.