Skip to main content

Analysis | The Cybersecurity 202: Here’s the inside story of Cyber Command's campaign to hack ISIS

By Joseph Marks

National Security Agency Director and U.S. Cyber Command chief Gen. Paul Nakasone. (Salwan Georges/The Washington Post)
Cyber Command had to overcome intense hurdles within the U.S. government to launch the first hacking operation it ever acknowledged: Sabotaging the Islamic State's online propaganda. 
That's according to a trove of declassified but heavily redacted government documents released this morning, which George Washington University’s National Security Archive obtained through a Freedom of Information Act request. They paint the most vivid portrait to date of the complex challenges facing U.S. military hackers as they develop rules for a new domain of warfare. 
They detail objections from other government agencies that worried the hacks, which began in 2016, could damage intelligence operations as well as interagency squabbling over whether to notify other nations when Cybercom hacked ISIS computer files stored within their borders.
The documents also likely hold lessons for today as Cybercom hackers seek to counter Russian disinformation in the run-up to the 2020 election — a project Cybercom Chief Gen. Paul Nakasone says is being directly informed by counter-ISIS hacking operations.
“This was U.S. Cybercom’s first cyberwar,” Michael Martelle, a National Security Archive cybersecurity fellow who led the effort to obtain the documents, told me. “This was the largest-scale operation and the most complex… We can draw a straight line from the counter-ISIL cyber mission to how U.S. Cybercom and the NSA are looking to counter Russia today.”
You are reading The Cybersecurity 202, our must-read newsletter on cybersecurity policy news.
Not a regular subscriber?
One big takeaway from the six documents, which include internal assessments of the effort known as Operation Glowing Symphony after 30 and 120 days, is that Cybercom’s ability to penetrate enemy computer networks has outpaced its ability to manage the immensely complex and bureaucratic process.
Cybercom dedicated a significant amount of time making sure its hacking fit neatly into broader U.S. government and military goals, Martelle told me. For example, the documents show Cybercom struggling with how to hit targets quickly while still ensuring its hacking operations aren’t unnecessarily jeopardizing the work of U.S. spy agencies gathering intelligence about ISIS and not unnecessarily stepping on allies’ toes. 
“This is the first kind of coordination at [this] scale,” Martelle said. “You can read about how they're looking forward to these processes being matured [but] they knew that their processes were immature and untested at this point.”
And a heavily redacted portion of the documents seems to suggest another U.S. adversary — such as Russia or Iran — might have been camping out on ISIS computer networks to spy on U.S. operations there and steal U.S. hacking tools or gain intelligence that might be useful in fighting U.S. forces in cyberspace. 
“I think the takeaway here is…it wasn't just the U.S. coalition versus ISIS here,” Martelle told me. “Lots of other people were interested in what was going on.”
Some of the documents cover information that’s already public. My colleague Ellen Nakashima reported back in 2017, for example, about agency infighting over whether to alert allies about the digital strikes against ISIS.
This is the first time, however, that the public has seen Cybercom’s own candid assessments about the strikes, which it said effectively delayed and degraded ISIS propaganda efforts by “impos[ing] time and resource costs."
Martelle sees Cybercom's move to fulfill the FOIA request — when the government is often reticent to share information about its secretive cyberwarfare — as significant. He reads it as a sign that Cybercom, which is only about a decade old, wants to engage in a broader public discussion about the role hacking should play in future military conflicts.
“The fact that they're responsive to this Freedom of Information Act request and declassifying this stuff is truly notable…This is a pretty huge moment in U.S. cyber history,” he said. “I do get the sense that this is a conscious decision. They’re willing to be a little more open, willing to empower the policy research community.”


President Trump (Andrew Harrer/Bloomberg News)
PINGED: A slight majority of Americans believe President Trump has personally encouraged election interference by U.S. adversaries, a new poll from NPR, PBS NewsHour and Marist finds. That finding from 51 percent of Americans reflects an overall skepticism that the 2020 election will be secure against hackers just weeks before the nation's first primaries and caucuses, NPR's Brett Neely reports.
The poll also found that 41 percent of Americans believe the United States is not very prepared or not prepared at all to keep the November election safe. Four in 10 people expressed concern that foreign powers would tamper with votes to change election results, despite no evidence that Russia changed any votes in 2016. 
Lee Miringoff, director of the Marist College Institute for Public Opinion, which conducted the poll, called the results “a troublesome sign about this keystone of our democracy.”
There's also a strong partisan divide in how voters see election security: Two-thirds of Democrats think the country isn't prepared to secure the 2020 election, while 85 percent of Republicans think it is prepared.
Americans are also highly concerned about disinformation on social media. A staggering 82 percent of surveyed Americans said they expect to read misleading information about the election on social media, with a similar percentage expecting foreign countries to be behind spreading disinformation. Three-quarters of respondents are not confident tech companies will prevent misuse of their platforms during the election, a 9-point increase from a 2018 survey.

European Union commissioner Thierry Breton. (Eric Piermont/AFP/Getty Images)
PATCHED: The European Union will not explicitly ban any companies in its guidelines for supplying 5G network equipment coming later this month in a significant victory for the controversial Chinese telecom Huawei, Helene Foquet and Natalia Drozdiak at Bloomberg News report
The recommendations come as China has threatened the E.U. with trade consequences if it blocks Huawei while the United States has threatened to revoke intelligence sharing from European allies if it doesn't. European Digital Commissioner Thierry Breton told reporters yesterday the guidelines will be “naturally strict and vigilant.” 
The E.U. can’t force member nations to abide by its 5G recommendations, but most nations have generally followed them. 
Huawei chief Ren Zhengfei, meanwhile, said his company is prepared for any further U.S. "attacks," during an appearance at the World Economic Forum in Davos, Switzerland Tuesday but said he believes the U.S.-Huawei spat won’t produce a complete bifurcation of Chinese and Western technology.
"Whether [the] world will be split in two systems, I don’t think so," Ren said, according to Axios. "Science is about truth. There is only one truth. It is unique."
In Germany, Chancellor Angela Merkel has asked lawmakers to delay a decision on Huawei until after a March E.U. summit, Andreas Rinke at Reuters reports. So far Poland is the only E.U. member to ban Huawei from its 5G networks at the urging of U.S. officials who claim the company could assist Chinese spying. Huawei has steadfastly denied playing any role in Chinese espionage.

An Amazon Ring indoor camera device is displayed during an unveiling event at the company's headquarters in Seattle in September. (Chloe Collyer/Bloomberg News)
PWNED: Scammers are capitalizing on a spate of reports about hacked Internet-connected cameras to extort victims by claiming they have illicit recordings of them, Kate Fazzini at CNBC reports. The number of “sextortion” scams mentioning Google Nest and Amazon Ring topped 1,600 between Jan. 2 and Jan. 3, researchers at Mimecast found. (Amazon CEO Jeff Bezos owns The Washington Post.)
The scam is related to a broader category of digital crime called sextortion in which criminals try to convince victims they have illicit photos or videos of them and demand a ransom in exchange for not releasing the material. In the majority of cases, the hackers are bluffing, and don't actually have embarrassing materials though, in some cases, they do. In this version, criminals send victims generic-looking surveillance footage to convince them they have access to their cameras — even though they don’t. 


A question in a training booklet. (Charlie Neibergall/AP)
— Democratic Party officials in Iowa are training staffers to combat disinformation operations ahead of next month's caucus, my colleague Isaac Stanley-Becker reports. Caucuses are less vulnerable to traditional hacking than regular elections because there are no voting machines to hack. But they can be highly vulnerable to rumors and disinformation.
In 2016, Russian operatives preyed on that vulnerability by using social media to spread rumors that Hillary Clinton had committed voter fraud, according to a federal indictment of multiple Russians filed in 2018. Now, Iowans want to prevent a repeat in 2020. 
Both Democratic and Republican Party leaders in Iowa brought in Harvard's Defending Digital Democracy Project to conduct a simulation of caucus night in November. They also developed plans to address hypothetical scenarios, such as malicious tweets advertising the wrong caucus time or reports that apps that convey caucus results had malfunctioned. The contingency plans involved bringing in the Department of Homeland Security and contacting executives at Twitter. 
Iowa Democrats also worry President Trump may amplify erroneous rumors online and contribute to doubts about the caucus results, they tell Isaac.
“Disinformation is something new we saw last election cycle, but people didn’t know it was happening at the time,” said Troy Price, the chairman of the Iowa Democratic Party. “Here, we know it’s going on, and we’ve had time to prepare for it.”
— More cybersecurity news from the public sector:

Two of the first three states to vote in the Democratic presidential race will use new mobile apps to gather results from thousands of caucus sites
Ryan J. Foley and Christina A. Cassidy | AP

Pressure is growing on Prime Minister Justin Trudeau to take a harder line against Beijing; Washington has been little help.
Amanda Coletta

U.S. authorities have shuttered a website claiming users could scour more than 12 billion records compiled from some 10,000 data breaches to purchase usernames, passwords and other personal data meant to facilitate identity theft.


— Cybersecurity news from the private sector:

Mitsubishi Electric says hackers did not obtain sensitive information about defense contracts.

Earlier reports said Huawei was building its own map platform
The Verge

IoT is a security hellscape. One cryptography company has a plan to make it a little bit less so.


— Cybersecurity news from abroad:

Over 160,000 notifications reported across European Economic Area since GDPR began
The Irish Times

Turk Telekom has restored internet access after a cyber attack caused connectivity problems, the company said on Monday, adding that it was working to limit any ongoing impact of the issue on users.


Popular posts from this blog

Analysis | The Cybersecurity 202: How the shutdown could make it harder for the government to retain cybersecurity talent

By Joseph Marks 13-17 minutes THE KEY President Trump delivers an address about border security amid a partial government shutdown on Jan. 8. (Carolyn Kaster/AP) The partial government shutdown that's now in its 18th day is putting key cyber policy priorities on hold and leaving vital operations to a bare bones staff. But the far greater long-term danger may be the blow to government cyber defenders' morale, former officials warn. With the prospect of better pay and greater job security in the private sector, more government cyber operators are likely to decamp to industry, those former officials tell me, and the smartest cybersecurity graduates will look to industry rather than government to hone their skills. That’s especially dangerous, they say, considering the government’s struggle to recruit and retain skilled workers amid a nationwide shortage of cybersecurity talent. About 20 percent of staffers are furloughed at the De

Democrats call for investigation into Trump’s iPhone use after a report that China is listening:Analysis | The Daily 202 I The Washington Post. By James Hohmann _________________________________________________________________________________ President Trump and Chinese President Xi Jinping visit the Great Hall of the People in Beijing last November. (Andrew Harnik/AP) With Breanne Deppisch and Joanie Greve THE BIG IDEA: If Democrats win the House in two weeks, it’s a safe bet that one of the oversight hearings they schedule for early next year would focus on President Trump’s use of unsecured cellphones. The matter would not likely be pursued with anywhere near the gusto that congressional Republicans investigated Hillary Clinton’s use of a private email server during her time as secretary of state. Leaders of the minority party have higher priorities . But Democratic lawmakers made clear Thursday morning that they will not ignore a New York Times report that Trump has refused to stop using iPhones in the White House, despite repeated warnings from U.S. intelligence offici

RTTNews: Morning Market Briefing.-Weekly Jobless Claims Edge Down To 444,000. May 13th 2010

Morning Market Briefing Thu May 13 09:01 2010   Commentary May 13, 2010 Stocks Poised For Lackluster Open Amid Mixed Market Sentiment - U.S. Commentary Stocks are on pace for a mixed start to Thursday's session, as a mostly upbeat jobs report continued to relieve the markets while some consternation regarding the European debt crisis remained on traders' minds. The major index futures are little changed, with the Dow futures down by 4 points. Full Article Economic News May 13, 2010 Weekly Jobless Claims Edge Down To 444,000 First-time claims for unemployment benefits showed another modest decrease in the week ended May 8th, according to a report released by the Labor Department on Thursday, although the number of claims exceeded estimates due to an upward revision to the previous week's data. Full Article May 13, 2010 Malaysia's Decade High Growth Triggers Policy Tightening Malaysia's economy grew at the fastest pace in a decade in