Examining the Islamic State’s cyber capabilities



    • The Islamic State will continue efforts to improve its capabilities in communication and offensive attacks in cyberspace.

    • The availability of cybercrime tools and services on underground criminal markets will allow the Islamic State to further bolster its existing abilities.

    • The geographic spread of the Islamic State’s online presence and its ability to tap into underground markets mean that efforts to counter the group’s online activities will occur in countries other than Iraq and Syria.

    • Regardless of offensive capabilities in cyberspace, the Islamic State’s online activities will continue to focus on disseminating propaganda in efforts to draw recruits and funding.

    First of two parts

    ON Nov. 13, armed militants killed 130 people in Paris. On Nov. 14, unarmed militants from the public relations branch of the Islamic State sat down at their computers, signed in to their social media accounts — accounts from which they could reach virtually anyone in the world — and claimed responsibility for the attacks.

    Propaganda is immensely important to the Islamic State. Part of its mission is to convince the world it is as dangerous as it claims to be, so it is little surprise that the group’s behavior on the Internet is every bit as theatrical as its behavior on the battlefield. Even some of the venues of the Paris attacks — a soccer stadium, a concert hall — are structures of performance meant to host large crowds. In that sense, the Islamic State achieved precisely what it intended to on Nov. 13: It commanded the attention of a global audience, which it can use to spread its message and recruit new members.

    Harnessing technology
    Islamic State’s first claim of responsibility for the Paris attacks was disseminated through a popular instant messaging service, Telegram, which allows end-to-end encrypted communication. A month earlier, the Islamic State’s media wing began encouraging its supporters to use the service. After the initial release of the message, the rest of the Islamic State’s social media network operators and supporters amplified it further. The initial call to use Telegram drew focus to the Islamic State’s technical capabilities in cyberspace, particularly when coupled with the group’s repeated claims that it has offensive online capabilities.

    Since the Islamic State’s online presence began to grow rapidly in 2014, culprits claiming affiliation with the group have carried out numerous unsophisticated online attacks, such as hijacking social media accounts and defacing poorly secured websites. Online harassment of individuals, organizations and whole populations is a tactic frequently used to foster fear without any actual threat of violence. The Islamic State’s online media machine has also made claims of hacking US government networks, on some occasions by posting names and personal details claimed to belong to government and military personnel. In addition to carrying out cyberattacks, whether real or fabricated, the Islamic State has more recently attempted to educate its supporters in rudimentary operational security measures when communicating over the Internet.

    The Islamic State has indeed given some attention to building up its technical online capabilities and will likely continue to do so. But these capabilities have largely focused on theatrics in online media in an attempt to maintain the group’s image as an expanding threat despite losing the momentum it had in 2014, rather than presenting any significant threat to public safety. These capabilities carry even less significance on the battlefields in Iraq or Syria. Nevertheless, the Islamic State likely will continue to incorporate the use of information technology and attempt to expand its technical capabilities in cyberspace.

    Social media
    For more than a decade, transnational jihadists have turned to the Internet to spread claims of terrorist attacks. However, the Islamic State has built up a particularly robust and effective online media machine that has placed its propaganda, and a glimpse into its recruitment efforts, on some of the most popular public mediums in the West, including Twitter and Facebook.

    No technical sophistication is required in broadcasting social media messages, and the Islamic State’s social media presence in terms of users is tiny. In March, the Brookings Institution released a paper estimating that there were only 46,000-90,000 Islamic State Twitter accounts between October and November 2014. This is a small number compared to the number of total Twitter users: 307 million. However, this number of accounts is evidently enough to routinely elevate the Islamic State’s propaganda efforts to the level of the international media. The Islamic State’s ability to sustain an effective social media presence shows a notable degree of organizational sophistication. Maintaining this kind of presence becomes even more challenging when the group’s activities are under relentless scrutiny by international law enforcement and intelligence efforts, social media service providers and anti-Islamic State activists.

    The Islamic State has leveraged this social media presence to portray itself as possessing exaggerated offensive capabilities in cyberspace. In March, the “Islamic State Hacking Division” posted a list of 100 names and personal information that the hackers claimed belonged to US military personnel. The hackers said they obtained the information by compromising government databases, but the list was more likely compiled through open source research. In January, someone claiming affiliation with the Islamic State hijacked the US Central Command’s Twitter account. However, social media users — particularly those sharing accounts — often take poor security measures in selecting account credentials; thus, hijacking or “hacking” accounts can often be accomplished with cheap tricks.

    The Islamic State intentionally misrepresents its online capabilities in its online propaganda efforts. This feeds into the principal reason for the group’s organizational focus on online activities: drawing recruits and funding. However, because the bulk of the Islamic State’s social media presence is highly decentralized, with a significant portion spread outside of Iraq and Syria, extensive online communication is required in order to organize its propaganda efforts. The Islamic State’s means of communication are diverse — a guard against the effects of any crackdown on social media accounts. As a result, the group has recently begun efforts to at least bolster the security awareness of its broader online audience, such as recommending tools like anonymous communication service “Tor” in hopes of concealing messages.

    The Islamic State has made additional efforts to educate its supporters on proper operational security, even circulating a manual on securing communications around more obscure online forums. The manual contains numerous best practices and suggestions, many of which were plagiarized from another manual. Although unlikely to ultimately thwart Western intelligence agencies’ targeted surveillance efforts, these practices could pose significant obstacles to law enforcement organizations. However, given the decentralized and dispersed nature of the Islamic State’s online presence, it is unlikely that most online supporters will heed all the advice listed in the manual.

    Islamic State hacking
    Despite names associated with the Islamic State that imply offensive online capabilities, such as the “Islamic State Hacking Division” or the “Cyber Caliphate,” there is no indication that the Islamic State has any organized branch capable of carrying out cyberattacks that could inflict physical harm on individuals or cause significant financial or physical damage. (Lead Analyst: Tristan Reed)


    (To be concluded tomorrow– with ISIS Recruitment of Skilled Individuals and Next Steps for ISIS)


    Please follow our commenting guidelines.

    Comments are closed.