How The U.S. Military Will Fight The Islamic State On The Dark Web; Islamic State Cyber Threat To The U.S./West — Growing
Patrick Tucker, writing on the DefenseOne website, has an article with the title above, discussing how the U.S. military plans to counter the Islamic State on the digital battlefield. I have written quite extensively on the Dark Web, on my blog — a digital wild, wild, west, where almost anything goes — for a price — paid for with Bitcoins, anonymously, through Internet cafes, third-party cutouts, and a maze of routers that make cyber forensic tracking nearly impossible. And, for the clever adversary — the Dark Web provides enough encryption and denial/deception, that entities like the Islamic State are drawn to it — because of its labyrinth of digital ‘tunnels’ that facilitate anonymous transactions. The Dark Web is really becoming a venue for cyber terrorism, cyber crime, and other malicious activities that is growing exponentially — and, empowering a new kind of cyber warrior/malcontent.
Mr. Tucker writes that “new evidence suggests that the Islamic State, or ISIS, or at least ISIS supporting groups, are seeking the Dark Web’s anonymity for operations beyond simple propaganda. Thus yet,’ he writes, “another challenge for law enforcement and the military: to track users on the Dark Web, in a way that’s effective against ISIS….but, that doesn’t violate privacy.”
U.S. Cyber Commander, and National Security Agency (NSA) Director, ADM. Mike Rogers, eluded to NSA’s focus on the Islamic State and their utilization of the Dark Web, when speaking at a Washington D.C. conference on Monday, “Cyber Security For A New America.” ADM. Rogers said “that groups like ISIS raising money on the Dark Web, was clearly a concern. It’s something that we’re paying attention to.” Without explicitly addressing how NSA goes about the task of paying attention,” Mr. Tucker writes,”ADM. Rogers simply added, “We spend a lot of time tracking people that can’r be found.”
“A new report from The Chertoff Group, illustrates some of the ways that the national security community will be keeping tabs on those who have taken steps to make themselves untraceable online,” Mr. Tucker notes. “First,” Mr. Tucker observes, “while the Dark Web is incredibly valuable as a tool for dissident action, it also has some real dark spots. Ido Wulkan, the Senior Analyst at S2T, a Singapore-based technology company that develops Dark Web harvesting technologies, recently revealed to the Israeli newspaper, Haaretz, that his company had found a number of websites raising funds for ISIS…through Bitcoin donations.” I wrote an article at the time that is on my Fortunas Corner blog that can be accessed in the cyber war, cyber security categories, if you so desire,
“Though researchers and journalists have reported on some indications of Bitcoin use by ISIS, and supporting groups” Mr, Tucker writes, “this is the first, actual, documented case.” Mr. Wulkan told Defense One, “This specific website was found in several online communities, which share information concerning the Dark Web.” Mr. Tucker writes that he “first came across it on a closed Turkish forum used by hackers.”
“Some Dark Web content is accessible, only via special software like Tor,” Mr. Tucker notes, “a package that encrypts a user’s IP address, and routes Internet traffic through a series [maze] of volunteer servers around the world (so-called, onion routing]. Like the Internet itself, Tor was a product of the military, originally designed by the Office of Naval Research…to give sailors a secure means of communication.”
“Today,” Mr. Tucker contends, “an explosion of Tor usage in a specific place, or among a certain group is one indicator of increased, secret communication activity. That could mean different things, in different places. In June 2014, when the Government of Iraq blocked Twitter and FaceBook as part of its response to the growing ISIS situation. Tor usage in that country exploded, according to Tor metrics data. Usage has since calmed down in Iraq significantly,” Mr. Tucker writes. But, in the aftermath of the Edward Snowden leaks, usage of the Tor network, as well as encryption, have both substantially increased across the World Wide Web.
One note of warning, “ISIS activity on the Dark Web is growing particularly on Tor sites,” said Wulkon, again, no doubt in large part due to the Edward Snowden leaks; and, ISIS’s attempts to evade U.S. and Western intelligence surveillance. Another ‘gift,’ that keeps on giving from Mr. Snowden.
“For years now,” Mr. Tucker notes, “Jihadists have been sharing information concerning Tor,and its usage, indicating clearly that [Tor] is used by many of them. However, up till now, I [Mr. Tucker], have not come across specific websites used for jihadi purposes. I [Mr. Tucker], therefore assumes many of them use Tor in the same way the general population does…through black markets, and general forums where they can achieve material and information….and, remain anonymous. Moreover, since the Dark Web is far less indexed; and, far harder to come across than regular websites are, there is the possibility that there are Websites used by ISIS, of which we do not know yet.”
“This [observation] does not mean that people aren’t looking,” Mr. Tucker notes. “Last year, an investigation of the source code in one NSA program called XKeyscore, (revealed by the Edward Snowden leaks) showed that any user simply attempting to download Tor was automatically fingwerprinted, essentially enabling NSA to know the identity of millions of Tor users. But, there’s a difference between finding people who are on the Dark Web, and revealing the nature of their interest and behaviors within it.”
Mr. Tucker note that the Chertoff Group recently published a paper, ‘Impact Of The Dark Web On Internet Governance And The Dark Web,” which included recommendations that law enforcement authorities “map the hidden service directory, customer data monitoring, social site monitoring, hidden service monitoring, and market service profiling.”
“It’s becoming easier to find people on Tor,” DefenseOne notes, “as well as discover the sites they’re visiting. Recently Dan Kaufman, Director of Information Innovation Office at the Defense Advanced Research Projects Agency (DARPA), appeared on the television program, 60 Minutes, to discuss the agency’s Memex Project, which some have called a search engine for the Dark Web. Memex, according to Kaufman has played a role in 20 different investigations.” “But, you don’t have to be DARPA, or the NSA to search the unsearchable,” Mr. Tucker observes, A new service called, Onion City, (named after the Tor’s routing structure) claims to offer “search and global access to Tor’s onion sites.”
Mr. Tucker concludes, “as the Dark Web evolves, people will begin to organize within it…in order to make it more useful. That’s inevitable. As any organism grows, it becomes [more] complex; and as it becomes complex, it seeks organization as a means to grow efficiently, and minimize cost. It is in that organization that the hidden Web is revealing itself — both to individuals who would seek to give funds to groups like ISIS; and, to spies who would seek out those people.”
ISIS Main Effort To Date In Cyberspace Has Focused On Psychological Warfare, Recruitment, Training, Disseminating Information
Tai Koren, and Gabi Siboni, writing in the September 4, 2014 edition of The Institute for National Security Studies (INSS) Insight, No. 601, contend that “ISIS’s main effort to date in cyberspace has focused on psychological warfare by generating fear through flooding the internet with video clips portraying the brutal acts of beheading and mass executions, as well as victory parades, as part of developing deterrence and creating an illusion of force in excess of the organization’s actual strength. The essence of its online activity, however, is broader. It enables its supporters to obtain operational information, including training in preparing explosives and car bombs, and religious rulings legitimizing massacres in regions under ISIS control. In tandem, it distributes indoctrination materials, such as a maagzine called Dabiq: The Return of Khilafah, which focuses mainly on topics relating to formation of the new Islamic state headed by ISIS leader Abu Bakr al-Baghdadi. However, ISIS’s technological expertise is not the only factor. Perhaps the public, which is revolted by the organization’s deeds but closely follows these clips and photos as a kind of reality show, is contributing a great deal to the organization’s popularity.”
The INSS authors write that “while not much is known about ISIS offensive cyber activities, several indicators suggest that the organization has advanced capabilities in this field. First of all, ISIS, which several months ago split off from its former affiliate al-Qaeda, is led by a group of radical young leaders aware of the cyber capabilities and experience accumulated by al-Qaeda (e.g., transmission of encoded messages, religious rulings, instruction for preparation of explosives and car bombs), but with a greater understanding of technology. Second, as discussed in a special report that was published in London in 2012, leaking of advanced technological information from Iran and its ally North Korea to terrorist organizations is possible. Third, ISIS has an estimated $2 billion in assets from sales of oil, gas, and plunder (the bank in Mosul), enabling it to finance cyber terrorism while establishing links with international terrorist organizations. Fourth, a few months ago, groups affiliated with ISIS took control of the Twitter account of Anonymous using techniques similar to those used by hackers from the Syrian Electronic Army (SEA), an organization affiliated with the Assad regime, thereby demonstrating their high level of sophistication. Fifth, analyses published last month by IntelCrawler, a US intelligence company, indicate a dramatic rise in the use of malicious code (njRAT) around four main cities – Baghdad, Erbil, Basra, and Mosul – apparently related to ISIS. Sixth, parties linked to the ISIS Electronic Army have made statements about carrying out a cybernetic jihad.”
“There is a cat and mouse dynamic on the internet comprising countries and activist international parties (such as Anonymous) aimed at inflicting direct damage on ISIS and its ability to raise online donations and disseminate its propaganda. Accounts of ISIS supporters are being suspended or closed. For their part, ISIS members are trying to evade such measures by activating existing accounts or opening new ones in place of those that were closed. Some of its activity has been moved to a different social network, Diaspora. Parties identified with Anonymous are also planning to attack countries they believe are financing ISIS (Qatar, Saudi Arabia, and Turkey) as part of a campaign (NO2ISIS), explaining, “We are unable to target ISIS because they predominately fight on the ground, but we can go after the people or states who fund them.” Iran, which also has proven advanced cyber capabilities, will likely try to attack these countries, and there will presumably be more attacks such as the attack on the computers of the Saudi Arabian oil company Aramco.”
ISIS Cyber Threat To U.S., West Growing
When reading ISIS’s online material, it is clear that the group desires to “conduct a highly disruptive attack on America’s infrastructure and/or financial system,” reported FOX News’s Jamie Dettmer earlier this month. Indeed, she writes that “Islamic militants brag online that it is only a matter of time to pull off some highly disruptive cyber attack here in the American homeland.
And, thanks in no small part to Edward Snowden, “the jihadists are investing a lot in encryption technologies; and, they have developed their own software to protect their communications — and, when Western [intelligence] agencies work out how to crack them — they adapt quickly,” said Steve Stalinsky, Executive Director of the Middle East Institute, a Washington D.C.-based, non-profit that tracks jihadist Internet activity. “They are forward-thinking, and are experimenting with hacking.” At some point in the future, “the jihadist cyber army’s activities will become a daily reality,” he said.
According to Ms. Dettmer, “the Islamic State’s [cyber] efforts, are spearheaded by a British hacker known as Abu Hussain Al Britani, whose real name is Junaid Hussein. He fled his hometown of Birmingham, England, for Syria a year ago to join the group;” and, has since become one of their primary recruiters. Ms. Dettmet adds that ” Al Britani once led a group of teenage British hackers called Team Poison, and now actively calls for computer-literate jihadists to come to Iraq and Syria.”
“You can sit at home and play call of duty (a video game), or you can come here and respond to the real call of duty…the choice is yours,” Al Britani recently tweeted.
Another reason that we must eradicate ISIS. V/R, RCP