US cyberweapons, effective against N Korea, fail to muzzle IS

Jihadists use social media, computers not to develop weapons but to recruit, coordinate attacks

America’s fast-growing ranks of secret cyberwarriors have in recent years blown up nuclear centrifuges in Iran and turned to computer code and electronic warfare to sabotage North Korea’s missile launches, with mixed results.

But since they began training their arsenal of cyberweapons on a more elusive target, internet use by the Islamic State (IS), the results have been a consistent disappointment, American officials say. The effectiveness of the nation’s arsenal of cyberweapons hit its limits, they have discovered, against an enemy that exploits the internet largely to recruit, spread propaganda and use encrypted communications, all of which can be quickly reconstituted after American “mission teams” freeze their computers or manipulate their data.

It has been more than a year since the Pentagon announced that it was opening a new line of combat against the IS, directing Cyber Command, then six years old, to mount computer-network attacks. The mission was clear: Disrupt the ability of the IS to spread its message, attract new adherents, pay fighters and circulate orders from commanders.

But in the aftermath of the recent attacks in Britain and Iran claimed by the IS, it has become clear that recruitment efforts and communications hubs reappear almost as quickly as they are torn down. This is prompting officials to rethink how cyberwarfare techniques, first designed for fixed targets like nuclear facilities, must be refashioned to fight terrorist groups that are becoming more adept at turning the web into a weapon.

“In general, there was some sense of disappointment in the overall ability for cyberoperations to land a major blow against ISIS,” or the IS, said Joshua Geltzer, who was the senior director for counterterrorism at the National Security Council until March. “This is just much harder in practice than people think. It’s almost never as cool as getting into a system and thinking you’ll see things disappear for good.”

Even one of the rare successes against the IS belongs at least in part to Israel, which was America’s partner in the attacks against Iran’s nuclear facilities. Top Israeli cyberoperators penetrated a small cell of extremist bombmakers in Syria months ago, the officials said. That was how the United States learned that the terrorist group was working to make explosives that fooled airport X-ray machines and other screening by looking exactly like batteries for laptop computers. The intelligence was so exquisite that it enabled the United States to understand how the weapons could be detonated, according to two American officials familiar with the operation. The information helped prompt a ban in March on large electronic devices in carry-on luggage on flights from 10 airports in eight Muslim-majority countries to the United States and Britain.

It was also part of the classified intelligence that President Trump is accused of revealing when he met in the Oval Office with the Russian Foreign Minister, Sergey V Lavrov, and the ambassador to the United States, Sergey I Kislyak. His disclosure infuriated Israeli officials.

The Islamic State’s agenda and tactics make it a particularly tough foe for cyberwarfare. The jihadists use computers and social media not to develop or launch weapons systems but to recruit, raise money and coordinate future attacks.

Such activity is not tied to a single place, as Iran’s centrifuges were, and the militants can take advantage of remarkably advanced, low-cost encryption technologies. The IS, officials said, has made tremendous use of Telegram, an encrypted messaging system developed largely in Germany.

The most sophisticated offensive cyberoperation the United States has conducted against the IS sought to sabotage the group’s online videos and propaganda beginning in November, according to American officials. In the endeavour, called Operation Glowing Symphony, the National Security Agency and its military cousin, United States Cyber Command, obtained the passwords of several IS administrator accounts and used them to block out fighters and delete content. It was initially deemed a success because battlefield videos disappeared.

But the results were only temporary. American officials later discovered that the material had been either restored or moved to other servers. That setback was first reported by The Washington Post. The experience did not surprise veteran cyberoperators, who have learned that cyberweapons buy time but rarely are a permanent solution. 

The attacks on North Korea’s missile programme, which President Barack Obama accelerated in 2014, were followed by a remarkable series of missile failures that Trump noted in a conversation with the president of the Philippines. But recent evidence suggests that the North, using a different kind of missile, has overcome at least some of the problems.

The Obama administration’s frustration with the lack of success against the IS was one factor in its effort to oust Admiral Michael S Rogers, the director of the NSA and the commander of Cyber Command, according to former administration officials. They complained that the organisations were too focused on traditional espionage and highly sophisticated efforts to use networks to blow up or incapacitate adversary facilities, like those in Iran and North Korea.

©2017 The New York Times News Service