US unleashes cyber-attacks on ISIS

Sunday 22/05/2016
The National Security Agency (NSA) campus in Fort Meade, Maryland, where the US Cyber Command is located.

Beirut - The United States has de­clared cyberwar on the Is­lamic State (ISIS) in Syria and Iraq, the first known such attempt to cripple a military force in combat, ushering in a revolution in warfare that could transform the conflicts ripping the Middle East apart.
According to US Defense Secre­tary Ashton Carter and other mili­tary sources, the operations in Iraq being carried out by the US Cyber Command based at Fort Meade, Maryland, are focused on the Iraqi Army’s offensive to recapture Mo­sul. The Islamic State (ISIS) took over the northern city in June 2014 and it became the nerve centre of the Islamic caliphate ISIS pro­claimed soon after.
The Middle East, where some of man’s first recorded battles were fought with spears, swords and clubs more than three millennia ago, has become a laboratory for conflict by computer, in which a country or military force can be par­alysed without the other side firing a shot.
In this largely invisible conflict, military, industrial, financial, com­mercial and social infrastructure can be knocked out in seconds at the push of a computer key. In the­ory, crippling terrorist operations should not be a problem but ISIS has demonstrated considerable re­silience. No details of the cyber-op­erations have been disclosed, which makes them difficult to assess, but the US Cyber Command, created in 2009, has infinitely greater resourc­es than ISIS.
Carter, in his most explicit dis­closure concerning the workings of the US Cyber Command and its $6.8 billion annual budget, on April 5th declared: “I have given Cyber Com­mand its first wartime assignment.”
The objective is to disrupt and degrade ISIS’s command-and-con­trol infrastructure in Mosul and surrounding regions for advancing Iraqi state forces to exploit. The first phase of the offensive to recapture Mosul has only just begun and by all accounts, the reconstituted Iraqi Army — which collapsed under the stunning ISIS onslaught of 2014 — will need all the help it can get to succeed.
US sources said Fort Meade op­erations began in December follow­ing ISIS attacks in France and Cali­fornia. The cyber-operations, along with 85 US air strikes, played an important role in rebel forces seiz­ing the strategic northern Syrian town of Shaddadi and adjoining oil fields from ISIS in a four-day battle in February.
The US move appears to be part of an effort to intensify military and intelligence operations against ISIS, without having to commit large numbers of ground forces, despite the fact that the long-time US policy of minimising military involvement has allowed organisations such as ISIS to flourish.
But cyber-warfare, still largely in its infancy, could change the equa­tion. Similar US cyber-operations are being carried out against ISIS in neighbouring Syria, in conjunction with intensified operations by re­cently expanded US special opera­tions forces. The main target there is recapturing the city of Raqqa, de facto capital of the ISIS caliphate.
Carter has said the Syrian opera­tions are designed to “cause them to lose confidence in their networks, to overload their networks so they can’t function and to do all of these things that will interrupt their abil­ity to command and control forces there, control the population and the economy”.
There is another objective: To im­pede and possibly prevent threat­ened ISIS cyber-attacks on the West while the group is under mounting military pressure in Syria and Iraq.
John Carlin, the US assistant at­torney-general for national security, told a Washington cyber-security conference on March 31st that ISIS was moving closer to a capability to unleash “cyber-jihad” on the United States and presumably its allies as well.
With the carnage of the ISIS at­tacks in Brussels still producing shock waves, Carlin declared: “You need to prepare because it’s going to come… We’re in a race against time.”
Carlin acknowledged that ISIS was not yet believed to be capable of unleashing “sophisticated elec­tronic offensives” on a destructive scale against Western economic and military infrastructure. “If they had the capability, they’d use it,” he said.
But the United States says the ji­hadists are striving to acquire that capability and noted ISIS’s “strate­gic success” in using social media as a highly successful recruiting tool through “Madison Avenue-quality” propaganda.
Iran is also seen as a threat. In­deed, the opening digital salvo was unleashed at 4.31pm on June 22, 2009, by the United States and Is­rael against Tehran’s nuclear pro­gramme using a computer virus known as Stuxnet. It sabotaged cascades of centrifuges that enrich uranium, the core of the nuclear process, supposedly setting back the Iranian programme at least 18 months.
In April 2012, Iran’s National Oil Company was targeted with an even more virulent virus known as W32. Flame. On August 15th, Iran retaliat­ed by hitting Aramco, Saudi Arabia’s state oil monopoly and the world’s biggest oil company, with a virus known as Shamoon that knocked out 30,000 desktop computers.
There was a simultaneous attack on RasGas, a joint venture between ExxonMobil and state-owned Qatar Petroleum in the neighbouring gas-rich emirate of Qatar.
This exchange and attacks that followed demonstrated just how vulnerable the Middle East’s oil in­dustry was to potentially crippling cyber-attacks. The global effect of such an eventuality may have less­ened but the threat remains potent.
Iran is considered one of the main regional powers with cyberwar ca­pabilities. Tehran has reportedly invested in excess of $1 billion in cyber-infrastructure and technol­ogy and to have recruited 100,000 personnel for the effort.
In 2012, Iranian Supreme Leader Ayatollah Ali Khamenei established the Supreme Council on Cyberspace to accelerate the Islamic Republic’s cyberwar capabilities, using tech­nology obtained from China.
“Iran’s cyber-programme was de­signed from the outset to be offen­sive and proactive in nature,” said Iranian-American political scientist Majid Rafizadeh of Harvard. “But it is advancing at a pace that needs to be addressed adequately by region­al and global powers.
“From Khamenei’s perspec­tive, the future of Iran’s cyber-pro­gramme is a matter of national secu­rity. Iranian leaders can accomplish several objectives by advancing their cyber-warfare capabilities… Iran needs the advanced cyber-pro­gramme to protect its nuclear sites in case of foreign cyber-attacks.
“In the new age of globalisation, the Islamic Republic is adapting fast to the modern cyber-technology to complement its… military prowess in order to achieve its regional he­gemony and ideological ambitions,” Rafizadeh observed.

14