Cyber Defense Review

ISIS: The Sound and Fury

By CPT Brent Chapman | April 28, 2015

Recently, a group claiming association with ISIS called the “Cyber Caliphate” began a campaign of online vandalism by announcing that they hacked several government accounts, seized sensitive documents and was actively monitoring U.S. troop movement.[1]   But does their recent attention mean that an ISIS-sponsored cyber-attack is imminent?  No – far more likely is these account managers fell victim to less technical attacks such as phishing emails, or perhaps had a password in the 25 most popular passwords list.  The most noteworthy episode occurred with the hijacking of the U.S. Central Command’s (CENTCOM) Twitter account.  Purporting that they had ‘hacked’ CENTCOM, ISIS sympathizers changed the military organization’s banner to that of a masked ISIS member. This comic is pointing out the difference between what an average citizen and computer experts hear when seeing a story like this. Some misunderstand the CIA website to be connected to its internal network, and thus conclude that hackers have breached their very secure systems. Computer experts, on the other hand, may compare a website to a company’s poster being vandalized – the only damage done being cosmetic.


They then sent out a series of tweets espousing their technical achievements, asserting that they had gained access to “confidential data.”[2]  This claim was a fiction; in fact, many of the documents they presented as evidence were already public. Unfortunately, these types of attacks on social media platforms like Twitter are unsettlingly common.  Just this week, Tesla Motors promised free vehicles to anyone who called a certain phone number.   In 2013, Burger King changed its banner in apparent support of its perennial rival McDonald’s.  Even the Twitter CFO was subject to a humiliating account hack during which his account released a flurry of spam messages. Embarrassing?  Sure.  However these attacks amount to nothing more than a temporary seizure of the public spotlight.  There is no evidence that corporate secrets were revealed, or – in the case of CENTCOM – any command and control networks were compromised.

I’m not questioning the validity of the breaches themselves, but hijacking Twitter and YouTube accounts and releasing already publically available documents does not rise to the level of a state-sponsored cyber threat.  Craig Guiliano, senior threat specialist at security firm TSC Advantage and a former counterterrorism officer with the Department of Defense, highlights, “I don’t think anyone has any proof that there’s an imminent attack or that ISIS has acquired the manpower or the resources to launch an attack on the infrastructure of the United States.” Although these attacks lack the sophistication required for serious concern, they are certainly effective as a commentary on the lack of vigilance on the part of the account holders.  Usually claims of these types of ‘hacks’ are accompanied with a fair degree of skepticism, but ISIS has enjoyed a brighter spotlight over the last few years which, unfortunately, earned them some extra seconds of consideration.

ISIS has been astonishingly effective in spreading its message of hatred as the extremist group seeks to bring about the return of a caliphate.  They managed to get ahead of critics that labeled it primitive and savage by taking advantage of the same social media networks that average citizens are so well tied into.  Using platforms such as YouTube, Facebook and Twitter, ISIS spread its vile message with jarring images and intensely violent language.  Frequent and consistent, ISIS’s messaging garnered increased attention.  ISIS prominence has been fueled in part by the media in a strange cobra effect, where continual news coverage and attempts to uncover the evils of the terror organization had in fact empowered them.  J.M. Berger, Brookings Institute Fellow and author of ISIS: The State of Terror, in describing an al-Qaeda sponsored magazine noted, “Inspire would never have reached so many people as it did if not for the constant and overwhelming inflation of its value in the Western media, an inflation that was often based on inaccurate information.”[3]  Just like al-Qaeda, ISIS relied heavily on coverage to “to further enhance its credentials and assuring further commentary from writers who were pleased as punch to see their names cited in its pages.”

This isn’t a foreign phenomenon; marketing firms have had dedicated “experts” in viral promotion for years.  Perhaps the most surprising aspect is that ISIS had formulated a plans for comprehensive digital documentation of their physical attacks.  Videos of gruesome immolations and destruction of priceless antiquities quickly dominated headlines and, in a form of social media judo, ISIS successfully shifted this negative press to further enhance its own standing in the world stage.  Ah, yes – and ISIS had practiced its judo well; it initiated a deluge of similar videos in 2014 and 2015, elevating itself from regional nuisance to worldwide movement.  ISIS maintained this momentum and in August 2014, during the Eid al Fatr, the feast marking the end of Ramadan, they released a video featuring several muhajireen, the Arabic word for “emigrants”.  Reports followed of 20,000 – 30,000 fighters joining the movement, with some of them pledging allegiance from the UK, Finland, South Africa, Morocco and Belgium.[4]

There are lessons to be learned from watching the ISIS growth and I don’t mean to write off the ISIS capabilities completely.  They have been able to leverage social media in a way that seems contradictory to their previous characterization as barbarians.  They marketed well – convincing foreign fighters to join in their perverse mission, while also maintaining a constant position in the Western media.  However, there is little substance to their contention of being a significant cyber threat to the United States.  Attacks on the financial or energy infrastructure require significant resources and a long-term campaign to infiltrate large numbers of computer systems within these respective sectors.  The level of technical expertise to create the specialized software to perform these attacks require large, skilled teams of cyber professionals working together from a facility with significant technological infrastructure.  Terrorist groups like ISIS haven’t demonstrated the capacity to do this.  In their estimation, their technical prowess knows no limit and their ability to bring destruction to nonbelievers is an irresistible juggernaut.  But in reality, these claims have been nothing more than a tale – full of sound and fury, signifying nothing.