31 May 2016

Spectre of ISIS Cyber Jihad Pandemic

By Maj Gen AK Chadha
29 May , 2016

The cyber domain is becoming a key part of offensive operations for any group, be it a government, criminal organisation or terrorist group. The cyber domain provides the group with a low-cost means of harassing their enemies and publicising their cause. It has also proven to be attractive to ‘tech savvy’ youngsters. The Cyber Caliphate whose exact roots and origins are unclear but the devastating impact it is making is only matched by the brutality of ground operations of ISIS.

“The ISLAMIC State (ISIS) is planning to unleash an army of ‘tens of millions’ of extremist Muslim hackers on the West who will cause carnage worse than a Nuclear War.”1 —Computer Expert and US Presidential hopeful John McAfee

America is stuck in the Middle East for its lure of petro dollars…

ISIS-Inspired Wolverine

Australia, 23 September 2014: An 18-year-old ISIS sympathiser was shot dead after stabbing two counter-terrorism officers outside a Melbourne police station.

Canada, 22 October 2014: An Islamic convert killed a soldier at the National War Memorial in Ottawa, stormed Canada’s Parliament and fired multiple times before being killed.

USA, 23 October 2014: A hatchet-wielding ISIS man charged at four police officers in Queens.

Australia, 15 December 2014: A lone gunman, identified with ISIS, Man Haron Monis, held hostage ten customers and eight employees of a café in Sydney. Two hostages and Monis were killed.

France, 07 January 2015: Two brothers, Saïd and Chérif Kouachi, ISIS-motivated, forced into the offices of French newspaper Charlie Hebdo in Paris. 17 people were killed and 22 injured.

Denmark, 15 February 2015: A Danish-born gunman, ISIS-inspired, went on a violent rampage in Copenhagen, killing two strangers and wounding five police officers.

Tunisia, 18 March 2015: ISIS claimed responsibility for an attack on a museum that killed 22 people, almost all European tourists.

The cyber domain provides the group with a low-cost means of harassing their enemies and publicising their cause…

Tunisia, 26 June 2015: One ISIS-inspired gunman attacked a resort, killing 38 people on a beachfront – most of them British tourists.

France, 13 November 2015: ISIS suicide bombers struck at three locations in Paris. The attackers killed 130 people and injured 368. Seven attackers were shot dead.

USA, 02 December 2015: An ISIS-inspired married couple killed 14 people in a shootout at San Bernardino, California.

ISIS Cybernetic Slingers

France, January 2015: The Associated Press’ Twitter stream, AFP photo department’s Twitter account, the BBC, Al Jazeera, the Financial Times and the Guardian were hacked by the Cyber Caliphate. ISIS posted their propaganda.

USA, January 2015: The Cyber Caliphate hacked into US CENTCOM Twitter and You Tube account, defacing them with pro-ISIS messages. US suspended operation of both these accounts.

USA, February 2015: ISIS hacked into Newsweek and Taylor Swift’s Twitter account, defacing both with pro-ISIS messages and sending threatening messages to President Obama.

USA, March 2015: ISIS Hacking Division published a list of photos, names, addresses and branch of US service personnel, claiming to be taken from US military data servers. Accompanying the message, “We have decided to leak 100 addresses so that our brothers in America can deal with you…Kill them in their own lands, behead them in their own homes, stab them to death as they walk their streets thinking that they are safe.”

America will never change the Middle East, but the Middle East will change America…

France, April 2015: An attack on TV5Monde, an international Francophone network, knocked the station’s 12 channels off the air for 18 hours on 08 April. ISIS’ Cyber Caliphate replaced broadcast with jihadist propaganda messages on the station’s website, Facebook and Twitter accounts.

Looming ISIS Cybernetic Jihad Trends

USA, September 2016: Lifts in major corporate multi-storeyed buildings in Chicago, New York, Los Angeles, Boston and Detroit collapse, malfunction and become unserviceable for no apparent reason. Hundreds are killed, thousands injured with commercial activity coming to a halt. The ISIS claims responsibility.

UK, France and India, October 2016: Underground, metro rail and subway trains collide killing thousands and stranding millions of daily commuters and shoppers. Traffic lights malfunction during peak hours resulting in gridlock across major cities. The ISIS claims responsibility.

November 2016: PANAM, Air France, Lufthansa, Air India, Aeroflot, British Airways and Turkish Airlines passenger aircraft crash on take-off or landing at multiple locations around the globe for no apparent reason killing thousands of passengers. The ISIS claims responsibility.

The cyber domain is becoming a key part of offensive operations for any group, be it a government, criminal organisation or terrorist group…

Andorra, Bahamas, Belize, Bermuda, British Virgin Islands, the Cayman Islands, Cook Islands, Hong Kong, the Isle of Man, Mauritius, Lichtenstein, Monaco, Panama, Switzerland, St. Kitts and Nevis, January 2017: Though unreported, billions of dollars are surreptitiously transferred to accounts controlled by ISIS affiliates through online cyber fraud. This sets off panic buttons in major world political, business, industrial, underworld, crime syndicates and corporate establishments. Major stock exchanges across the globe crash. ISIS suspect.

ISIS Seeding and Feeding

America is stuck in the Middle East for its lure of petro dollars. The more America tries to extricate, the more rooted it gets. America has become a country of the Middle East. America will never change the Middle East, but the Middle East will change America. Witness how Muslims block the street in New York at Madison Avenue every Friday afternoon during rush hour traffic to offer prayers and no American authority dare challenge this.

Abu Musab al-Zarqawi, who once worked in a video store, had visions of an empire bigger than Ottoman, and thus founded ISIS/ISIL in 2002. Zarqawi made his name challenging the grandees of al-Qaeda: Osama bin Laden and Ayman al-Zawahiri. Whereas al-Qaeda’s core leadership planned meticulous, top-down operations, Zarqawi strove instead to emulate the romantic, Crusader-conquering Nur al-Din Zengi, who drove Westerners from Syria. Zarqawi’s enthusiasm for medieval barbarity was matched by an equally fervent embrace of modern technology. Zarqawi knew that an accomplished cyber expert behind his laptop, is as intimidating to some of their distant enemies as the gunmen terrorising people on the ground. Zarqawi set about to raise “Lone Wolves” around the globe using cyber space.

US airstrikes killed Zarqawi in June 2006, but his renegade followers nevertheless went on to declare the Islamic State of Iraq, in October 2006, without consulting al-Qaeda leaders. By 2009, the movement Zarqawi had created was all but dead. A few embers of Zarqawi’s soul re-ignited at US prison Camp Bucca and the nucleus of the movement was reborn. Prison breaks, marauding, looting, rape, assassinations, beheadings, kidnapping for ransom, smuggling of rare artefacts dug from captured territories and such barbaric acts became ISIS staple. ISIS documented their beheadings, shootings and point-blank assassinations in a video called, “The Clanging of the Swords” and went online on Twitter and You Tube. The ISIS seized Mosul in May 2014, and then there was no looking back. Abu Bakr al-Baghdadi is the current leader of ISIS.

The ISIS runs a 24-hour help desk to instruct its members in mastering encryption and to provide updates on technology…

Middle East Kaleidoscope

The ISIS is spreading like multi-headed Hydra. America is actively joined by Russia, Iran, Iraqi splinter groups, Assad of Syria, Syrian rebel groups, UK, France and Turkey among others to contain and stop ISIS march. There is interplay and mutations of the good, the bad and the ugly players in the kaleidoscope of the Middle East. The Gulf Cooperation Council countries are making appropriate noises on the sidelines of the raging conflict.

Many countries are keenly watching how the game gets played out and trying not to burn their fingers. As the game will play out, the way it is being shaped by Cyber Caliphate alongside ISIS ground territorial offensive, no country will remain insulated. Some countries will get subsumed, some consumed and others bruised in many shades in quagmire spread by Cyber Caliphate.

ISIS Cyber Caliphate

The cyber domain is becoming a key part of offensive operations for any group, be it a government, criminal organisation or terrorist group. The cyber domain provides the group with a low-cost means of harassing their enemies and publicising their cause. It has also proven to be attractive to ‘tech savvy’ youngsters. The Cyber Caliphate whose exact roots and origins are unclear but the devastating impact it is making is only matched by the brutality of ground operations of ISIS.

In June 2014, the Islamic State of Iraq and Syria (ISIS) declared the territory that it captured in Iraq and Syria to be an Islamic state or Caliphate. Junaid Hussain, a British ISIS fighter who was killed in a drone strike in Syria, is believed to have been a key player in the so-called Cyber Caliphate waging online war against the West. Since his death in August, his group appears to have re-merged under the name Islamic State Hackers.

The ISIS makes extensive use of Twitter, Facebook, Tumblr, and Instagram…

ISIS Exploitation of Cyber Knowledge Domain

The ISIS has shrewdly turned cyber jihad into a vital winning factor of terrorist operations. Cyberspace enables them to circumvent the barriers of various state institutions and security organisations and disseminate their message without interruption, faster and more easily than ever before.

The ISIS has adopted an operational security manual for its members. Salient instructions are:
Provide links to dozens of privacy and security applications and services including the Tor browser, the Tails operating system; Cryptocat, Wickr and Telegram encrypted chat tools; Hushmail and ProtonMail for email and RedPhone and Signal for encrypted phone communications.
Use strong passwords and avoid clicking on suspicious links, to prevent intelligence agencies and everyday hackers from breaching their systems.
It coaches to set up private Wi-Fi network or use apps like FireChat to share photos and text short distances without needing internet access.
Use of VPN online to encrypt data and prevent ISPs and spy agencies from reading their communication.
Use encrypted chat tools Telegram and Sicher.
Use false credentials to open Gmail account then use it with Tor or a virtual private network.
Android and iOS platforms are only secure when communications are routed through Tor.
Disable the GPS tagging feature on mobile phones to avoid leaking location data. Alternatively use the Mappr app to falsify location data and throw intelligence agencies off the trail.
Not to use Dropbox and Instagram because its parent company, Facebook, has a poor track record on privacy. It advises members to use encrypted phones like Cryptophone or BlackPhone instead.

The ISIS runs a 24-hour help desk to instruct its members in mastering encryption and to provide updates on technology. But there is a difference between telling somebody how to do it and then doing it right. ISIS members, affiliates and “Lone Wolves” have erred in the past including Paris attackers. Law enforcement agencies then catch up with them.

ISIS Cyber Philosophy

Use online social networks such as Facebook, Twitter, YouTube, and Tumblr as communication on social media is fundamentally different from the internet which is hierarchical in nature and based on fixed sites and closed forums.

The ISIS had begun a psychological social media campaign nearly a year before the conquest of Mosul…

Innovative use of cyber domain in such a manner that it transforms ISIS from yet another Islamic fundamentalist terrorist organisation into a global brand name. In doing so, develop such cyber tools and applications which allow ISIS to attract and manipulate minds of potential recruits by remote control through the use of social media for Islamic jihad activities.

Exploit cyber capabilities to enhance its image as a powerful and unstoppable force, much beyond the actual number of fighters that are at its disposal thereby overwhelming the opposition with awe and shock.

Raise foreign fighters and “Lone Wolf” Terrorists through social media to conduct physical and cyber attacks independently or on cue.

Polarise Western society into Muslim believers and non-believers thereby creating a sharp divide of suspicion and hatred. This would enable mushrooming of Muslim ghettos Wolverine in nature and substance, in many European cities such as Paris, where law enforcement agencies dread to enter.

ISIS Cyber Strategy

Use social media to manipulate online networks such as the ‘Dawn of Glad Tidings’ application thereby generating high volume activity which serves as a force multiplier. Projecting a much larger picture than the organisation’s true dimensions and thereby creating an effective medium of psychological warfare.

Perpetrating terrorist attacks and attacking Western symbols in their countries constitutes a worthy alternative and has ISIS official sanction…

Combine the high noise levels in social media with images and video clips of atrocities thereby creating a deterring and frightening effect, debilitating the morale of the adversaries of the ISIS. For example, prior to the ISIS takeover of Mosul wherein ISIS fighters defeated Iraqi soldiers armed with American weapons and equipment defending Mosul, at a ratio of 1:15.

Use of the social media as a marketing tool, and for this purpose, implement a strategy tailored to individual target groups.

Encourage and facilitate travel of jihadi recruits to the ISIS state for military operations. To this end, an e-book titled Hijrah (migration/journey, in Arabic) to the Islamic State has been published which details how to reach the Caliphate territories and what the prospective traveller should pack.

Develop a Cybernetic mechanism to raise “Lone Wolf” voluntary terrorists in perpetuity across the globe while living as normal citizens. Thereafter, to conduct physical and cyber attacks guided or on cue or independently. Various estimates put the figure of “Lone Wolves” currently to more than 20,000, of whom some 4,000 are Western volunteers.

ISIS Cyber Tactics

As part of its efforts to influence the Middle East and global public opinion and brand itself, the ISIS disseminates propaganda materials using a well-designed online English magazine called Dabiq and produces high quality movies that are disseminated on YouTube, Twitter and various websites affiliated with the organisation.

It is cheaper and easier to mount a cyber-attack than to defend against one…

The ISIS makes extensive use of Twitter, Facebook, Tumblr, and Instagram and according to senior American officials, operatives and supporters of the organization produce up to 90,000 tweets every day2. A recent extensive study found that ISIS supporters operate at least 46,000 independent Twitter accounts, with 200-500 of these accounts active all day. The ISIS has developed an application for mobile devices called “Dawn of Glad Tidings” which enabled its supporters to follow the organisation’s activities in real time. Downloading the application allowed the ISIS to take temporary control of the Twitter account of the said user and publish messages in his/her name. In this way, the ISIS managed to generate a significant volume of activity on Twitter and exploited the accounts of the application users to raise the online profile of the organisation in a coordinated campaign.

Launch of digital ghazwa (attacks/raid in Arabic) e.g. cyber attacks on US Central Command and 19,000 French websites after attack on Charlie Hebdo in Paris. The ISIS had begun a psychological social media campaign nearly a year before the conquest of Mosul “in order to show how brutally they kill people and even take their children and kill them mercilessly”. The ISIS “sews” different marketing suits, depending on the target audience, male or female, Muslim or Western, and communicates with a global audience using social media. It generates activity on social media to raise “Lone Wolves” spread across the globe for Wolverine jihadi activities. For instance, the terrorist attacks in Sydney, Paris and Copenhagen were perpetrated by individuals who were influenced by the ISIS and used its flag but were not formally affiliated with the organisation.

Inspire the Muslims in the West that even if they cannot immigrate to the territory of the Islamic State and join its ranks, perpetrating terrorist attacks and attacking Western symbols in their countries constitutes a worthy alternative and has ISIS official sanction. A clear example of this is the case of Mehdi Masroor Biswas, an Indian hi-tech executive who operated the popular Twitter account @ShamiWitness with more than 17,000 followers.

The terrorist group that attacked Mumbai in 2008 got $2 million from a gang of hackers in the Philippines, routed through intermediaries in the Gulf…

Undertake kidnapping for ransom and execution. Kidnapping generated $25 million for the ISIS last year. Horrendously brutal execution of kidnapped victims for propaganda effect through display of barbaric power viz Western journalists Steven Sotloff and James Foley among others.3 Also, undertaking smuggling of rare artefacts recovered from captured territories is another method of raising funds for operations.

ISIS Cyber Jihad Looming Trends

It is cheaper and easier to mount a cyber-attack than to defend against one. But the dangers posed by ISIS may be more acute because of its embrace of modern technology, mastery of the difficult art of online propaganda and its appeal to young, computer-literate foreigners including known hackers.

Hacking attacks on our basic infrastructure may seem the stuff of sci-fi nightmare, interconnected cities held hostage by an evil genius. But it is already a reality, security expert Marc Goodman argues in his book “Future Crimes”, where he details a string of such attacks. A Brazilian power station shuttered by mafia hackers after their demands for protection money were not met, a Polish tram derailed by a bored teenager and in Australia, the sluice gates of a sewage station opened to pour waste over fields and parks – all masterminded by people behind screens.

The ISIS cyber Caliphate sleuths have mastered and demonstrated the art of Distributed Denial of Service (DDoS) in real time. “Lone Wolves” with insider access skilled at manipulating Supervisory Control and Data Acquisition System (SCADA) will make the scenario painted by Marc Goodman come alive. Lone Wolves masquerading as Syrian refugees or as normal citizens are like delivery vehicles in the form of human Trojans. These human Trojans could do cybernetic intrusions, have proximity or insider access and manipulate SCADA of critical infrastructure to wreak havoc in cities worldwide without even firing a single shot.

To contain the impact of ISIS online, it is necessary to block online access…

Databases on internet provide tips on how to exploit everything from Air Traffic Control, power plants to wind turbines. These are searchable by country, company or device, providing detailed how-to and greatly lowering the technical bar and knowledge for any ISIS-inspired individual to launch attacks on critical infrastructures.

The ISIS coffers from loot, ransoms and smuggling are fast depleting. They are looking for funds through online frauds and siphoning of black money stashed away in tax havens. There is a template for using online robbery to fund real-world attacks. Mobile phone fraud funded the 2004 Madrid train bombings and the terrorist group that attacked Mumbai in 2008 got $2 million from a gang of hackers in the Philippines, routed through intermediaries in the Gulf. The black money can be extremely hard to trace, once it has been skimmed from bank accounts, phones or other online transactions. Even for supporters based outside ISIS territory, the risks are remote. The ISIS beheadings have become an object of awful fascination for Internet users – eschewed by broadcast news networks but eagerly viewed by millions in cyberspace4 thereby increasing ISIS’ online popularity.

ISIS Containment and Neutralisation

In order to contend with the challenge of cyber jihad, different countries opt for one of two principal approaches: a technological battle against the online presence of ISIS, and the use of social media to disseminate counter propaganda.

Databases on internet provide tips on how to exploit everything from Air Traffic Control, power plants to wind turbines…

To contain the impact of ISIS online, it is necessary to block online access: close their Twitter and Facebook accounts, block users affiliated with them and thereby deny ISIS the online outreach. Even in dictatorial regimes, total denial of cyber space is not feasible. Even if censorship on social media is enforced, censorship takes place only after the contents have been uploaded onto the various websites and social media accounts and in many cases their removal occurs after hundreds of thousands of people have already viewed them. Therefore, this measure has an important but limited effect. Moreover, for every account that is closed, a number of new accounts are immediately opened in its place, so that it is impossible to completely prevent users from using social media for purposes of terrorism over time unlike forums and websites, which can be easily closed and disabled.

Another approach seeks to exploit cyber activity against the ISIS, with the aim of influencing potential supporters of the organisations who are exposed to its content on social media. A prominent example of this approach is the US State Department’s social media campaign, “ThinkAgainTurnAway.” The campaign’s content includes images of ISIS atrocities and testimonies of operatives who were active in the organisation and were disillusioned by its extremism and brutal activities. The campaign thus attempts to counter the narrative that ISIS and other organisations promote online and by that, turn social media against them.

There is an effort made by Ghost Security Group, a hacking collective similar to Anonymous that focuses its efforts solely upon counter-terrorism. The group claims to have “terminated over 100,000 extremist social media accounts” used by militant groups to recruit members and send threats.5 An anonymous group has launched the NO2ISIS campaign. In the days to come, intensive social, cultural and religious belief profiling would need to be adopted by all countries to identify, deter or neutralise any “Lone Wolf”, human Trojan or sleeper cell cyber threat.

In the days to come, intensive social, cultural and religious belief profiling would need to be adopted by all countries to identify, deter or neutralise any “Lone Wolf”, human Trojan or sleeper cell cyber threat…

Conclusion

It is clear that the extensive and potent use that ISIS makes of cyberspace requires a widespread and targeted confrontation with the challenge, comprising an ideological response to its messages and a struggle to reduce its massive outreach. Timely action by all states would prevent formation of Islamic inspired ghettos or un-administrable spaces in cities or cyber ghettos in cyber space. Australian PM Malcolm Turnbull’s stern warning, “Leave our country if our values are unpalatable” may be a role model for other countries to follow.

Will the collective efforts of the world foil the ISIS cyber jihad pandemic? Only time will tell. Till then, the Wolverine Spectre looms large in the neighbourhood.

Notes
Nick Gutteridge, 17 Dec 2015, http://www.express.co.uk/news/world/627486/Islamic-State-ISIS-jihadis-hackers-cyber-war-US-Britain-president-hopeful-John-McAfee.
Eric Schmitt, “U.S. Intensifies Effort to Blunt ISIS’ Message,” New York Times, February 16, 2015.
07 Jan 2016, http://www.bbc.com/news/magazine-34312450
Jarno Limnell, 03 Jan 2016, http://www.ibtimes.co.uk/isis-propaganda-war-front-line-cyberspace-1465459
Don Reisinger, 26 December 2015, http://fortune.com/2015/12/10/isis-smartphone-app/
© Copyright 2016 Indian Defence Review

No comments: