Cyber Defense Review

ISIS: The Sound and Fury

By CPT Brent Chapman | April 28, 2015

Recently, a group claiming association with ISIS called the “Cyber Caliphate” began a campaign of online vandalism by announcing that they hacked several government accounts, seized sensitive documents and was actively monitoring U.S. troop movement.[1]   But does their recent attention mean that an ISIS-sponsored cyber-attack is imminent?  No – far more likely is these account managers fell victim to less technical attacks such as phishing emails, or perhaps had a password in the 25 most popular passwords list.  The most noteworthy episode occurred with the hijacking of the U.S. Central Command’s (CENTCOM) Twitter account.  Purporting that they had ‘hacked’ CENTCOM, ISIS sympathizers changed the military organization’s banner to that of a masked ISIS member.

http://xkcd.com/932/: This comic is pointing out the difference between what an average citizen and computer experts hear when seeing a story like this. Some misunderstand the CIA website to be connected to its internal network, and thus conclude that hackers have breached their very secure systems. Computer experts, on the other hand, may compare a website to a company’s poster being vandalized – the only damage done being cosmetic.

 

They then sent out a series of tweets espousing their technical achievements, asserting that they had gained access to “confidential data.”[2]  This claim was a fiction; in fact, many of the documents they presented as evidence were already public. Unfortunately, these types of attacks on social media platforms like Twitter are unsettlingly common.  Just this week, Tesla Motors promised free vehicles to anyone who called a certain phone number.   In 2013, Burger King changed its banner in apparent support of its perennial rival McDonald’s.  Even the Twitter CFO was subject to a humiliating account hack during which his account released a flurry of spam messages. Embarrassing?  Sure.  However these attacks amount to nothing more than a temporary seizure of the public spotlight.  There is no evidence that corporate secrets were revealed, or – in the case of CENTCOM – any command and control networks were compromised.

I’m not questioning the validity of the breaches themselves, but hijacking Twitter and YouTube accounts and releasing already publically available documents does not rise to the level of a state-sponsored cyber threat.  Craig Guiliano, senior threat specialist at security firm TSC Advantage and a former counterterrorism officer with the Department of Defense, highlights, “I don’t think anyone has any proof that there’s an imminent attack or that ISIS has acquired the manpower or the resources to launch an attack on the infrastructure of the United States.” Although these attacks lack the sophistication required for serious concern, they are certainly effective as a commentary on the lack of vigilance on the part of the account holders.  Usually claims of these types of ‘hacks’ are accompanied with a fair degree of skepticism, but ISIS has enjoyed a brighter spotlight over the last few years which, unfortunately, earned them some extra seconds of consideration.

ISIS has been astonishingly effective in spreading its message of hatred as the extremist group seeks to bring about the return of a caliphate.  They managed to get ahead of critics that labeled it primitive and savage by taking advantage of the same social media networks that average citizens are so well tied into.  Using platforms such as YouTube, Facebook and Twitter, ISIS spread its vile message with jarring images and intensely violent language.  Frequent and consistent, ISIS’s messaging garnered increased attention.  ISIS prominence has been fueled in part by the media in a strange cobra effect, where continual news coverage and attempts to uncover the evils of the terror organization had in fact empowered them.  J.M. Berger, Brookings Institute Fellow and author of ISIS: The State of Terror, in describing an al-Qaeda sponsored magazine noted, “Inspire would never have reached so many people as it did if not for the constant and overwhelming inflation of its value in the Western media, an inflation that was often based on inaccurate information.”[3]  Just like al-Qaeda, ISIS relied heavily on coverage to “to further enhance its credentials and assuring further commentary from writers who were pleased as punch to see their names cited in its pages.”

This isn’t a foreign phenomenon; marketing firms have had dedicated “experts” in viral promotion for years.  Perhaps the most surprising aspect is that ISIS had formulated a plans for comprehensive digital documentation of their physical attacks.  Videos of gruesome immolations and destruction of priceless antiquities quickly dominated headlines and, in a form of social media judo, ISIS successfully shifted this negative press to further enhance its own standing in the world stage.  Ah, yes – and ISIS had practiced its judo well; it initiated a deluge of similar videos in 2014 and 2015, elevating itself from regional nuisance to worldwide movement.  ISIS maintained this momentum and in August 2014, during the Eid al Fatr, the feast marking the end of Ramadan, they released a video featuring several muhajireen, the Arabic word for “emigrants”.  Reports followed of 20,000 – 30,000 fighters joining the movement, with some of them pledging allegiance from the UK, Finland, South Africa, Morocco and Belgium.[4]

There are lessons to be learned from watching the ISIS growth and I don’t mean to write off the ISIS capabilities completely.  They have been able to leverage social media in a way that seems contradictory to their previous characterization as barbarians.  They marketed well – convincing foreign fighters to join in their perverse mission, while also maintaining a constant position in the Western media.  However, there is little substance to their contention of being a significant cyber threat to the United States.  Attacks on the financial or energy infrastructure require significant resources and a long-term campaign to infiltrate large numbers of computer systems within these respective sectors.  The level of technical expertise to create the specialized software to perform these attacks require large, skilled teams of cyber professionals working together from a facility with significant technological infrastructure.  Terrorist groups like ISIS haven’t demonstrated the capacity to do this.  In their estimation, their technical prowess knows no limit and their ability to bring destruction to nonbelievers is an irresistible juggernaut.  But in reality, these claims have been nothing more than a tale – full of sound and fury, signifying nothing.



US Army Comments Policy
If you wish to comment, use the text box below. Army reserves the right to modify this policy at any time.

This is a moderated forum. That means all comments will be reviewed before posting. In addition, we expect that participants will treat each other, as well as our agency and our employees, with respect. We will not post comments that contain abusive or vulgar language, spam, hate speech, personal attacks, violate EEO policy, are offensive to other or similar content. We will not post comments that are spam, are clearly "off topic", promote services or products, infringe copyright protected material, or contain any links that don't contribute to the discussion. Comments that make unsupported accusations will also not be posted. The Army and the Army alone will make a determination as to which comments will be posted. Any references to commercial entities, products, services, or other non-governmental organizations or individuals that remain on the site are provided solely for the information of individuals using this page. These references are not intended to reflect the opinion of the Army, DoD, the United States, or its officers or employees concerning the significance, priority, or importance to be given the referenced entity, product, service, or organization. Such references are not an official or personal endorsement of any product, person, or service, and may not be quoted or reproduced for the purpose of stating or implying Army endorsement or approval of any product, person, or service.

Any comments that report criminal activity including: suicidal behaviour or sexual assault will be reported to appropriate authorities including OSI. This forum is not:

  • This forum is not to be used to report criminal activity. If you have information for law enforcement, please contact OSI or your local police agency.
  • Do not submit unsolicited proposals, or other business ideas or inquiries to this forum. This site is not to be used for contracting or commercial business.
  • This forum may not be used for the submission of any claim, demand, informal or formal complaint, or any other form of legal and/or administrative notice or process, or for the exhaustion of any legal and/or administrative remedy.

Army does not guarantee or warrant that any information posted by individuals on this forum is correct, and disclaims any liability for any loss or damage resulting from reliance on any such information. Army may not be able to verify, does not warrant or guarantee, and assumes no liability for anything posted on this website by any other person. Army does not endorse, support or otherwise promote any private or commercial entity or the information, products or services contained on those websites that may be reached through links on our website.

Members of the media are asked to send questions to the public affairs through their normal channels and to refrain from submitting questions here as comments. Reporter questions will not be posted. We recognize that the Web is a 24/7 medium, and your comments are welcome at any time. However, given the need to manage federal resources, moderating and posting of comments will occur during regular business hours Monday through Friday. Comments submitted after hours or on weekends will be read and posted as early as possible; in most cases, this means the next business day.

For the benefit of robust discussion, we ask that comments remain "on-topic." This means that comments will be posted only as it relates to the topic that is being discussed within the blog post. The views expressed on the site by non-federal commentators do not necessarily reflect the official views of the Army or the Federal Government.

To protect your own privacy and the privacy of others, please do not include personally identifiable information, such as name, Social Security number, DoD ID number, OSI Case number, phone numbers or email addresses in the body of your comment. If you do voluntarily include personally identifiable information in your comment, such as your name, that comment may or may not be posted on the page. If your comment is posted, your name will not be redacted or removed. In no circumstances will comments be posted that contain Social Security numbers, DoD ID numbers, OSI case numbers, addresses, email address or phone numbers. The default for the posting of comments is "anonymous", but if you opt not to, any information, including your login name, may be displayed on our site.

Thank you for taking the time to read this comment policy. We encourage your participation in our discussion and look forward to an active exchange of ideas.