Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime , Next-Generation Technologies & Secure Development

Documents Describe US Cyber Command's Campaign to Hack ISIS

Operation Faced a Number of Challenges, Including Data Storage
Documents Describe US Cyber Command's Campaign to Hack ISIS
U.S. Cyber Command (Photo: Department of Defense)

The U.S. Cyber Command's campaign to hack ISIS and disrupt its media operations faced some challenges, including a lack of data storage, but ultimately proved successful, according to government documents from 2016 that were made public Tuesday.

See Also: Malware Analysis Spotlight: Why Your EDR Let Pikabot Jump Through

The heavily-redacted documents published by the National Security Archive, a not-for-profit research organization, show that U.S. Cyber Command was not prepared to handle the amount of information it collected when it hacked ISIS. The command, which is part of the U.S. Defense Department and includes units from all military branches, also faced problems with interagency coordination and the lengthy process of vetting ISIS cyber targets.

The Cyber Command launched its most complex offensive cyber campaign, Operation Glowing Symphony, on Nov. 10, 2016, with the aim of targeting ISIS's media and cyberspace operations. To understand what happened at the time, the National Security Archives filed a Freedom of Information Act request to obtain the documents.

As part of the operation, Cyber Command obtained the passwords for several ISIS administrator accounts and used them to access the network, change the passwords and delete content, such as battlefield video. It also locked out the terrorist group's propaganda specialists from their accounts, the Washington Post reported, citing former officials familiar with the operation.

Operation Glowing Symphony, which was executed by Joint Task Force Ares, was able to successfully disrupt the terrorist organization's media network, according to the documents. While the documents do not indicate if the operation is ongoing, Joint Task Force Ares continues to operate, according to the National Security Archives report.

Storage Snags

When Cyber Command tried to disrupt ISIS's online presence by hacking into its servers, collecting data and bringing down the network, the military did not anticipate the amount of data that would be collected, the newly released documents show.

"The assessment reveals that a key challenge to exploitation was storage of the data itself, an indication of the operation’s scope relative to U.S. Cybercom’s capacity at the time," according to a summary provided the National Security Archives, which adds that the U.S. Cyber Command vowed to increase its network and infrastructure capacities for future operations.

Interagency Disputes

In addition, the documents show that interagency coordination was another challenge. Military personnel found that established government policies and processes were inadequate for the speed, scale and scope required for effective cyber operations, according to the documents.

For instance, Joint Task Force Ares needed to coordinate its efforts with Cyber Command, the FBI, the U.S. National Security Agency and other government agencies. This required a series of meetings to adjust plans for the operation before it started, according to the documents.

"This delay and change to the operation design had an impact on effectiveness, though the exact impact is redacted from the release," according to a summary provided by the National Security Archive on its website. "The amount of informal meetings, briefings and overall information sharing that occurred was extremely in-depth and time consuming for both U.S. Cybercom and JTF Ares staffs."

Joint Task Force Ares also faced issues trying to engage time-sensitive cyber targets, the documents show. Once the formal process for nominating a target was complete, the task force operators had to complete their own vetting process, which took additional time. This made "the target vetting process for [Operation Glowing Symphony] lengthy and difficult," the document said.

In another heavily redacted section of the document, the Cyber Command mentions an "opportunity" that ISIS may have exploited while the operation was being carried out. The briefing indicates that operators may have run the risk of impacting critical infrastructure or using a hacking capability that could have been discovered by ISIS members, according to a report by CyberScoop.

Measuring Success

While the documents showed that Cyber Command and Joint Task Force Ares had some difficulty in assessing whether the operation disrupted all of the ISIS propaganda and media operations, the efforts were deemed successful.

"Success in Operation Glowing Symphony was assessed according to task accomplishment (whether elements of the operation are completed) and operational effectiveness (whether the operation has the impact desired). Almost immediately, nearly all indicators of task accomplishment were evaluated as 'green,' or successful," according to the National Security Archives summary.

About the Author

Ishita Chigilli Palli

Ishita Chigilli Palli

Senior Correspondent, Global News Desk

As senior correspondent for Information Security Media Group's global news desk, Ishita covers news worldwide. She previously worked at Thomson Reuters, where she specialized in reporting breaking news stories on a variety of topics.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.