US Cyber Command Hacked ISIS

The US military claims to have "successfully" disrupted the online propaganda efforts of the Islamic State in a hacking operation dating back at least to 2016, according to declassified national security documents released on Jan 21st. Operation Inherent Resolve began in 2016 and it was aimed to combat ISIS and was physically lead by US military forces. 

But what was not publicised at the time was the cyberattacks on ISIS by the US military, Australia and other allies who launched what's been described as the largest offensive cyber operation in US military history. US government documents that have been made public recently show that while a US Cyber Command operation that disrupted ISIS computer networks was largely successful. However, there were significant shortcomings 

Documents obtained through FOIA (Freedom of Information Act) requests and made public recently reveal that while successful, the US Cyber Command's campaign to hack ISIS faced some issues, such as lacking the storage space to store all the information stolen from ISIS accounts. According to the recently released documents, Cyber Command was simply not prepared to handle the amount of data it had collected. Operators were found to be having trouble collecting data, interagency deconfliction issues, difficulty vetting targets, and, in at least one case, a close call with the operation being discovered by the adversary. 

The six heavily-redacted documents published by the National Security Archive at the George Washington University in Washington, DC, reveal the conclusions of a 120-day assessment US Cyber Command conducted after the completion of Operation Glowing Symphony.

The command did not have the capability to handle the terabytes of data that it collected, despite the fact that operation had planned to pull data once it had infiltrated ISIS-used servers and use it to further the mission.The newly released documents offer the most detailed assessment of the moves against ISIS by a joint task force created in 2016 by president Barack Obama. Carried out in November 2016, Operation Glowing Symphony was a classified offensive cyber operation executed by Joint Task Force Ares (JTF-Ares).

The operation's primary task was to disrupt ISIS' online presence and propaganda efforts, by hacking or hijacking online social media accounts, and taking down websites and servers used by the terrorist group to spread propaganda materials and recruit new members.

According to a 120-day post-mortem assessment of Operation Glowing Symphony, US Cyber Command did not anticipate the magnitude of the data they would eventually end up exfiltrating from compromised ISIS infrastructure. "The assessment reveals that a key challenge to exploitation was storage of the data itself, an indication of the operation's scope relative to USCYBERCOM's capacity at the time," said Michael Martelle, analyst for the National Security Archive. 

A recommendation included in the 120-day post-mortem assessment was that US Cyber Command's Capabilities Development Group (CDG) develop new data storage solutions for future operations. But data storage was just one of the technical and bureaucratic issues that JTF-Ares faced at the time. Other issues mentioned in the assessment include challenges in coordination with other coalition members and US government agencies, and a lengthy and overly complex process for vetting suspects, which made it difficult to engage time-sensitive targets.

National Security Archive:       ZDNet:       CyberScoop:       Channel News Asia:      Dark Net Diaries:     ABC News:

You Might Also Read:

European Police Launch Global Attack On Islamic State:

Islamic State Likely To Switch To Cyber Warfare:

UK 'biggest audience' In EU For Jihadist Web Content:

 

« Protecting Children In The Digital Age
Electric Grids Targeted For Cyber Attacks »

Directory of Suppliers

WEBINAR: How to design a least privilege architecture in AWS

WEBINAR: How to design a least privilege architecture in AWS

Tuesday, April 14, 2020 - Join SANS and AWS Marketplace to learn about how to design a least privilege architecture in AWS.

Cyber Security Service Supplier Directory

Cyber Security Service Supplier Directory

Free Access: Cyber Security Service Supplier Directory listing 4,000+ specialist service providers.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

Go Cyber

Go Cyber

Go Cyber is a new, highly innovative cyber security training app that uses action based learning to significantly improve the online behaviour of all employees in less than a month.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DigitalStakeout

DigitalStakeout

A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions.

Coranet

Coranet

Coranet offers comprehensive IT and network support services including Network Security.

iLand

iLand

iland is a global cloud service provider of secure and compliant hosting for infrastructure (IaaS), disaster recovery (DRaaS), and backup as a service (BaaS).

MindPoint Group

MindPoint Group

MindPoint Group is a specialist Information Security Consulting firm.

Cyber Security Centre - Daffodil International University

Cyber Security Centre - Daffodil International University

Cyber Security Centre, DIU is a non-profitable organization which is focused on applied research in cyber security.

Kymatio

Kymatio

Kymatio are pioneers in Artificial Intelligence applied to adaptive staff strengthening, cultural change and predictive internal risk analysis.