Islamic State caught in a cyber-web of its own making

by Diederik Perk and Peter Rietveld.

At first glance, cyber security seems far from a decisive factor among the violent brutalities happening in Syria and Iraq over the past two to three years. In fact, the offensive operations of Islamic State for Iraq and the Levant (ISIL) rely primarily on antedated communication technologies, without much of a central command structure in place. Perhaps counterintuitively, intercepting messages is harder to do when couriered in hardcopy by a donkey, than digitally sending it over optic fiber cables.

No armed conflict is truly local, however, and herein lies hidden the cyber component. Already, an Algerian hacking group going by the name of Team System DZ is defacing websites and taking over online stores posting pro-ISIL messages.[1] Some involvement is claimed of an ISIL cyber army under leadership of British hacker Abu Hussain Al Britani, also known as Junaid Hussein.[2] Going forward, the dissemination and consummation of online jihadi propaganda directed at radicalizing youth abroad has repercussions presenting the digital surveillance capabilities of western intelligence with a potential gold mine of data, and significantly hinder the ability of IS troops to fly under the radar.

Rounding up the Troops

One of the things facing the security services of western world is dealing with recruitment of radicalized Muslim youth among its population. Jihadi promotional material coupled with advances on the battlefield prove enticing to a sizeable pool of potential recruits- a group not as uniform as often implied. Not just the disenfranchised, lower strata descending from migrant communities are appealed to, as illustrated by many stories of well-educated youngsters turned militant, both male and female, from a wide array of ethnic backgrounds.

The consequences include an influx of foreign fighters to what essentially started as civil war, broad media attention, and a military intervention by an international coalition, while resentment and confusion spreads among the western populations.

There is, however, a silver lining. The coalition’s intervention may be assisted by the influx of their jihadi countrymen, by means of their possession of modern gadgets such as smart phones and tablets. The ISIL propaganda is infamous for their use of social media, and as such, bringing your device to the battlefield for heroic selfies and beheading videos are part of the job description.[3]

Golden Footprints

As it turns out, BYOD is as much of a security issue for a given brutally militant armed group aiming to re-establish a caliphate as it is for the enterprise in the 21st century. Where the western-based jihadis visit webpages, frequent forums and tweet ideas dealing with the subject matter and area of the Islamic State, they can be identified and tracked by their digital footprints lighting up like gold.

Snooping on communications may take the form of obtaining locations through geotags on pictures, trace connectivity with Wireless access points, triangulating a GSM signal between cellular masts and mining suspect IP addresses. That enables secret agents to roll out tools to intercept calls and remotely owning a device. After that, deploying a mobile device as an eavesdropping bug is standard practice, all it takes is some tradecraft and sufficient commitment. Starting from the profiles that are identified as radicalizing and collecting their travel plans, trailing their subsequent movements in the field equals sweeping up breadcrumbs.

The Middle East experiences the highest mobile data traffic growth of any region in the world.[4] ISIL in brutally victimizing conquered areas is likely to garner passive resistance through such media. Effectively, the digital crumbs and network analysis alongside other well established aerial surveillance methods (satellites, drones, etc.) enables a mapping of troop movement, training camps and probably even organizational leadership and hierarchy.

In the west arguments are raised against the open availability of propaganda resources. Governments should do more to suppress the accessibility of hateful and violent contents and win the online war, Jeff Bardin of cyber intelligence service Threadstone ’71 posits.[5] To go after webservers and twitter accounts, while ignoring the reality on the ground would, however, be a strategy towards winning the wrong battle.

Given intelligence agencies’ proven ability to monitor online fringe groups, and their tendency to travel to a warzone to receive training and assignments within the hostile group the value of such source material is pivotal. More than that, it’s the lifeline our pressed intelligence agency understaffed for operations behind enemy lines holds onto. To the intelligence analyst it is a gift, particularly in the current situation where military actions are confined to airspace, without an on the ground presence to do close encounter reconnaissance.

Crypto-Caliphate

Now, the implication of this is that what bolsters Islamic State’s numerical strength is actually where its prime weakness lies. With tactics like that, who needs enemies? In cybersecurity terms, the continued use of such exposed means is a key vulnerability for which a patch needs to be developed. Applying such a patch could likely be through tools derived from the hacktivist realm, the natural enemy of three (or four) letter agencies.

The recent publication of an ISIL manual training its soldiers to avoid surveillance of metadata in Twitter posts is recognition of this fact.[6] Fittingly, the manual is entitled “How to Tweet Safely Without Giving out Your Location to NSA”. It doesn´t fail to mention geotags are also included in video, photo, word and pdf files. However, issuing a manual with limited scope is unlikely to increase its operational security significantly. As with the intelligence collection they try to avoid, it takes a bit of tradecraft.

Another method for ISIL to adopt is to introduce stringent use of cryptography, by routing over the TOR network, across its communication channels. Some investment into developing tools has been made already among fundamentalist circles.[7] However, besides some quick wins in masking identity, this is not a clear cut approach. Due to its nature, encrypted data is easily detected on the wire therefore acting like the proverbial red flag to intelligence outfits. Even without successful decryption the data transfer may still expose network endpoints.

Thus it is likely that the notion of steganography will resurface, although given the communication needs (which entails establishing secure communications with – at the onset – unknown and untrusted third parties) and the rather immature technology in stegano it offers not an easy, ready to use approach.

Bottom-line, dodging prying eyes once aware you are being watched is still tricky. To even the score card in terms of effort, making a lot of noise is a way forward. Hiding authentic communications among swarms of spoofed data- such as filling spooky but convincing looking forums with the Arabic equivalent of lorem ipsum placeholders- may exhaust some budgetary constrained spies. Then again, it may force your enemies into closer collaboration and form undesirable alliances.[8]

Power out

In asymmetric warfare, keeping up morale and maintaining the best information position are two of the main preconditions towards success. For some western countries’ in the wake of NSA’s Prism revelations the current scenario playing out will be perceived as a vindicating force: fighting the enemy far away, being enabled to following them on their way there, by having the hi-tech must-haves sold through stores back home. Translated to the facts on the ground demonstrates, indeed, the caliphate’s progress halted and even on the decline.[9]

On both sides of the equation, the approach to win the upper hand is trial-and-error, meaning we anticipate to see some more slip-ups taking place in public. Looking ahead, the two options for ISIL are to reconsider its security strategy or prepare to be bombed back to the Stone Age. Ironically enough, that latter option would also increase the group its stealth. On the wrecks of the states ISIL helped destroy recruiting from former employees of its secret services to build capability to continue to spread fear and intimidation.[10]

In weighing the pros and cons of taking down propaganda and actively countering hateful communication the visibility factor should be considered. Actionable intelligence is the fuel for victory. Still, monitoring dangerous individuals is one thing, ideas are not easily repressed, even if successfully made less visible. To counter that, introducing better ideas is far more effective than any censorship or weapon. That’s the long game, one that the coalition forces may not be prepared to play. In the short run, switch to live twitter feeds from the frontline to see the Islamic State being the victim of its own success.

[1] http://thecryptosphere.com/category/crews/team-system-dz/

[2] http://securityaffairs.co/wordpress/28300/cyber-crime/isis-cyber-caliphate.html

[3] http://news.nationalpost.com/2014/06/18/how-isis-iraqi-terror-group-is-twisting-twitter-and-selling-smartphone-apps-to-post-propaganda/

[4] http://www.arabiangazette.com/middle-east-smartphone-usage-trends-infographic-2013100/

[5] http://www.businessinsider.com/why-america-is-losing-the-online-war-with-isis-2014-10?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+businessinsider+%28Business+Insider%29

[6] http://securityaffairs.co/wordpress/29801/intelligence/isis-twitter-use-manual.html

[7] http://www.memri.org/report/en/0/0/0/0/0/0/7950.htm

[8] http://www.aljazeera.com/news/middleeast/2014/10/us-russia-share-intelligence-isil-2014101421390953313.html

[9] http://hosted2.ap.org/ORBEN/07e34bb59e064cedb7e2776e8db4b4f7/Article_2014-11-06-ML-Islamic-State/id-510ca148820f46f6ac89b996f0477cef

[10] http://www.usnews.com/news/articles/2014/10/29/isis-uses-intelligence-to-purge-opponents