Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

ISIS Cyber Ops: Empty Threat or Reality?

The extremist militant group ISIS’s aggressive global use of social media is acknowledged as a strategic strength in its jihadist war of terror. Assessing ISIS’s potential to go further and do harm to the American homeland through deployment of offensive cyber operations, however, requires a broader perspective.

The extremist militant group ISIS’s aggressive global use of social media is acknowledged as a strategic strength in its jihadist war of terror. Assessing ISIS’s potential to go further and do harm to the American homeland through deployment of offensive cyber operations, however, requires a broader perspective.

While ISIS forces sweep across Iraq and Syria, claiming villages, cities, oil resources and swaths of land, their sophisticated global social media campaigns flash across the globe seeking to claim the hearts and minds of like-minded Muslims to join their fight.

Well-shot YouTube videos, professional-quality magazines, engaging Facebook and Twitter campaigns and orchestrated use of other social media platforms are deployed with the sophistication rivaling that of many U.S. corporations. Radicalization, recruitment, training, spreading fear and dissent, and fund raising headline their objectives, and the world their market.

ISIS FlagRadicalized jihadists in-place in America as well as ISIS followers with U.S. passports returning home with the objective of bringing the war front to America create a host of new dangers which must be dealt with.

But does an even more dangerous threat lie with ISIS’s possible use of cyber weapons against American critical infrastructure, financial system or other targets? Will such attacks be attempted and do the capabilities exist within ISIS to do so?

There are opinions to support each point of view.

The Will to Act

Advertisement. Scroll to continue reading.

One question is whether ISIS will be consumed with the protection and continued expansion of its immediate fighting fronts, i.e., the “near enemy,” or whether its scope of vision includes America’s homeland. The Economist advances a strong case that desire for such expansion not only exists but will be exercised: “With its ideological ferocity, platoons of Western passport holders, hatred of America and determination to become the leader of global jihadism, ISIS will surely turn, sooner or later, to the ‘far enemy’ of America and Europe.”

And perhaps any doubt the militant’s sights are on America was removed by ISIS leader Abu Bakr al-Baghdadi’s Sept. 22 call for jihadists to not wait for the order but to rise, take up arms, and “kill Americans and other infidels” wherever they are. Clearly the group is showing no hesitancy in its desire to strike the U.S. heartland on a personal scale.

Cyber Operations Capability?

As to whether ISIS will have the capability to mount cyber operations against the U.S., David DeWalt, head of cybersecurity firm FireEye, believes that ISIS will follow in the footsteps of the Syrian Electronic Army and the Iran-based Ajax Security Team to target the United States and other Western nations.

“We’ve begun to see signs that rebel terrorist organizations are attempting to gain access to cyber weaponry,” DeWalt stated recently. He added that booming underground markets dealing in malicious software make offensive cyber weapons just an “Internet transaction” away for groups such as ISIS.

Alternative opinions posit that ISIS’s adroit use of social media does not necessarily translate into a real cybersecurity threat for the United States. One such point of view comes from Craig Guiliano, a former counterterrorism officer with the Department of Defense, who pushes aside possibilities of ISIS acquiring cyber weaponry, stating, “I don’t think anyone has proof that ISIS has acquired the manpower or the resources to launch an attack on U.S. infrastructure.”

Jim Lewis of the Center for Strategic and International Studies agrees. “You need to have hardcore programmers. ISIS does not have those capabilities,” Lewis said.

Indeed, ISIS, al Qaeda or any of the militant extremists may not possess such capabilities, but with their financial resources may very well be able to acquire them on the markets of the dark web.

About this subject much is unknown. But one point is known for certain: The battle with militant extremists is coming to American soil. There is little reason not to believe that such attacks will, at some point, include a cyber dimension. There is thus every reason to prepare for and take preemptive measures to disrupt potential extremist cyber operations before those attacks come to us.

Tom Keane and Lee Hamilton, the authors of the 9/11 Commission Report, recently stated this: “One lesson of the 9/11 story is that, as a nation, we didn’t awaken to the gravity of the terrorist threat until it was too late. We must not repeat that mistake in the cyber realm.”

The speed at which geopolitical conditions are changing globally and with regard to ISIS and similar groups specifically means the U.S. will need canary-like sensitivity to such developing threats and act accordingly. Given the current inadequate state of U.S. national cyber defenses, let’s hope the canary lives.

RelatedSocial Media a Key Element for Terror Groups

Written By

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

James Phillips has been promoted to the role of Vice President, Cybersecurity Risk Management at AT&T.

Rafal Los has joined Binary Defense as Chief Strategy Officer.

Tracey Mustacchio has joined Everfox as Chief Marketing Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.