by Diederik Perk and Peter Rietveld.
At first glance, cyber security seems far from a decisive factor among the violent brutalities happening in Syria and Iraq over the past two to three years. In fact, the offensive operations of Islamic State for Iraq and the Levant (ISIL) rely primarily on antedated communication technologies, without much of a central command structure in place. Perhaps counterintuitively, intercepting messages is harder to do when couriered in hardcopy by a donkey, than digitally sending it over optic fiber cables.
No armed conflict is truly local, however, and herein lies hidden the cyber component. Already, an Algerian hacking group going by the name of Team System DZ is defacing websites and taking over online stores posting pro-ISIL messages. Some involvement is claimed of an ISIL cyber army under leadership of British hacker Abu Hussain Al Britani, also known as Junaid Hussein. Going forward, the dissemination and consummation of online jihadi propaganda directed at radicalizing youth abroad has repercussions presenting the digital surveillance capabilities of western intelligence with a potential gold mine of data, and significantly hinder the ability of IS troops to fly under the radar.
Rounding up the Troops
One of the things facing the security services of western world is dealing with recruitment of radicalized Muslim youth among its population. Jihadi promotional material coupled with advances on the battlefield prove enticing to a sizeable pool of potential recruits- a group not as uniform as often implied. Not just the disenfranchised, lower strata descending from migrant communities are appealed to, as illustrated by many stories of well-educated youngsters turned militant, both male and female, from a wide array of ethnic backgrounds.
The consequences include an influx of foreign fighters to what essentially started as civil war, broad media attention, and a military intervention by an international coalition, while resentment and confusion spreads among the western populations.
There is, however, a silver lining. The coalition’s intervention may be assisted by the influx of their jihadi countrymen, by means of their possession of modern gadgets such as smart phones and tablets. The ISIL propaganda is infamous for their use of social media, and as such, bringing your device to the battlefield for heroic selfies and beheading videos are part of the job description.
As it turns out, BYOD is as much of a security issue for a given brutally militant armed group aiming to re-establish a caliphate as it is for the enterprise in the 21st century. Where the western-based jihadis visit webpages, frequent forums and tweet ideas dealing with the subject matter and area of the Islamic State, they can be identified and tracked by their digital footprints lighting up like gold.
Snooping on communications may take the form of obtaining locations through geotags on pictures, trace connectivity with Wireless access points, triangulating a GSM signal between cellular masts and mining suspect IP addresses. That enables secret agents to roll out tools to intercept calls and remotely owning a device. After that, deploying a mobile device as an eavesdropping bug is standard practice, all it takes is some tradecraft and sufficient commitment. Starting from the profiles that are identified as radicalizing and collecting their travel plans, trailing their subsequent movements in the field equals sweeping up breadcrumbs.
The Middle East experiences the highest mobile data traffic growth of any region in the world. ISIL in brutally victimizing conquered areas is likely to garner passive resistance through such media. Effectively, the digital crumbs and network analysis alongside other well established aerial surveillance methods (satellites, drones, etc.) enables a mapping of troop movement, training camps and probably even organizational leadership and hierarchy.
In the west arguments are raised against the open availability of propaganda resources. Governments should do more to suppress the accessibility of hateful and violent contents and win the online war, Jeff Bardin of cyber intelligence service Threadstone ’71 posits. To go after webservers and twitter accounts, while ignoring the reality on the ground would, however, be a strategy towards winning the wrong battle.
Given intelligence agencies’ proven ability to monitor online fringe groups, and their tendency to travel to a warzone to receive training and assignments within the hostile group the value of such source material is pivotal. More than that, it’s the lifeline our pressed intelligence agency understaffed for operations behind enemy lines holds onto. To the intelligence analyst it is a gift, particularly in the current situation where military actions are confined to airspace, without an on the ground presence to do close encounter reconnaissance.
Now, the implication of this is that what bolsters Islamic State’s numerical strength is actually where its prime weakness lies. With tactics like that, who needs enemies? In cybersecurity terms, the continued use of such exposed means is a key vulnerability for which a patch needs to be developed. Applying such a patch could likely be through tools derived from the hacktivist realm, the natural enemy of three (or four) letter agencies.
The recent publication of an ISIL manual training its soldiers to avoid surveillance of metadata in Twitter posts is recognition of this fact. Fittingly, the manual is entitled “How to Tweet Safely Without Giving out Your Location to NSA”. It doesn´t fail to mention geotags are also included in video, photo, word and pdf files. However, issuing a manual with limited scope is unlikely to increase its operational security significantly. As with the intelligence collection they try to avoid, it takes a bit of tradecraft.
Another method for ISIL to adopt is to introduce stringent use of cryptography, by routing over the TOR network, across its communication channels. Some investment into developing tools has been made already among fundamentalist circles. However, besides some quick wins in masking identity, this is not a clear cut approach. Due to its nature, encrypted data is easily detected on the wire therefore acting like the proverbial red flag to intelligence outfits. Even without successful decryption the data transfer may still expose network endpoints.