An offensive cyber campaign carried out by GCHQ last year ensured that ISIS hackers were unable to carry out cyber attacks or to spread malicious propaganda, the head of the British Government’s Communications Headquarters (GCHQ) has revealed.
GCHQ’s cover cyber-action was successful in defeating the ISIS’ online propaganda efforts and in ensuring that the group could not coordinate cyber attacks, said Jeremy Fleming at the CyberUK18 conference in Manchester Central.
“These operations have made a significant contribution to coalition efforts to suppress Daesh propaganda, hindered their ability to coordinate attacks, and protected coalition forces on the battlefield.
“In 2017 there were times when Daesh found it almost impossible to spread their hate online, to use their normal channels to spread their rhetoric, or trust their publications.
“Of course, the job is never done – they will continue to evade and re-invent. But this campaign shows how targeted and effective offensive cyber can be,” he said.
ISIS hackers’ poor cyber skills
GCHQ’s success in defeating Islamic State hackers in the cyber battlefield may have been aided by the latters’ lack of coding skills and their use of hopeless encryption tools. In September last year, Kyle Wilhoit, senior security researcher at DomainTools, revealed a long list of ISIS hackers’ digital failings, including their failure to hide their activities from their foes, inability to create bug-free malware, and their inability to protect their own servers from their enemies.
“ISIS is really really bad at the development of encryption software and malware. The apps are sh*t to be honest, they have several vulnerabilities in each system that renders them useless,” he told The Register.
“As it stands ISIS are not hugely operationally capable online. There’s a lack of expertise in pretty much everything,” he added.
Hacking tools available on the Dark Web
However, Conrad Prince, the UK’s Cyber Security Ambassador and former Head of Operations for GCHQ, said in February that while ISIS hackers lacked the capacity to deliver seriously destructive attacks, they were willing to use hacking tools available on the Dark Web to launch destructive cyber attacks on the West.
“The tools needed for cyber attacks are being increasingly commoditised – available for purchase or hire on the dark web from criminals happy to provide their services to the highest bidder. Terrorists are as capable as anyone of purchasing these capabilities.
“So the ability to deliver destructive cyber attacks, particularly at the cruder end of the spectrum, will increasingly be within reach of those with the ability to pay. And even crude attacks have the potential to create real world impact.
“Furthermore, terrorists may be able to exploit sophisticated tools and techniques developed by nation states, should they become available on the open market as a result of an unauthorised disclosure,” he added.
Mr Price also spoke about how the Islamic State can leverage industry insiders to carry out crippling attacks on critical organisations. For example, a British Airways IT worker named Rajib Khan was jailed for 30 years in 2011 after he tried to blow up an aircraft and crash BA’s IT systems.
“A well-placed insider can go a long way to simplifying the work involved in delivering a destructive cyber attack,” he warned.