Friday , 9 December 2016
cyber-attack

Fight Against ISIS Moves To The Cyber-Front

In an interesting twist the latest fight against terrorism and ISIS now must include critical updates of cyber-defense. ISIS has threatened to attack countries through their network infrastructure. Imagine an attack on a utilities grid causing widespread power outages, water loss, or public services such as transportation and even aviation communication.

It’s not just a war in the traditional sense with men and guns, but also with computers and hacking and recruiting via online message boards and social media.

The move to the cyber-front has countries such as the United Kingdom doubling its investments in cyber defense, totaling £1.9 billion (equivalent to $2.9 billion USD) over the next five years or so. It will cover things such as disarming the underground criminal marketplace (the so-called “dark net” or Tor systems where black markets reside and criminals tend to ply their trades in arms, drugs, and illicit merchandise such as counterfeit items), strengthening the National Cyber Crime Unit and installing more and stronger defenses to government and public systems. Britain has also stated that it will be open to sharing these improvements and the technology and systems behind it with France.

Britain is also interested in passing a new bill that will increase the government’s rights to access browsing histories and internet actions of citizens. In the wake of the Paris attacks some are interesting in trying to fast track the bill.

Of course these changes cause conflict to those who fight against the slow disintegration of personal privacy. It’s a balancing act between national security and the personal privacy of citizens.

Democratic presidential candidate Hillary Clinton is urging Silicon Valley to help in the defense against terrorism but stopped just short of demanding “weaker” encryption.  There is a debate surging over the pros and cons of high-end encryption, however the fact remains that it’s impossible for the intelligence community to monitor communications that are encrypted in certain ways, even if given the keys.  In the wake of widespread public terrorist attacks in Western nations such as France, however, public opinion could quickly turn in favor of more government security and less encryption.

The problem with the encryption debate is not that Silicon Valley is making stronger and stronger encryption and not giving the government access out of spite or some idealistic stance, but rather the fact that you can’t make encryption “weaker”  or include built in security flaws or backdoors in an effort to let just one party in—doing so would weaken the entire thing.  This quote sums it up nicely:

You can’t install backdoors for good guys without making communications vulnerable to innumerable bad guys, just like you can’t put a screen door on a submarine and hope that just certain tiny fish will get in but not the fatally smothering ocean.

Probably one of the most surprising developments in the fight against ISIS is the fact that Anonymous has dropped its hat into the ring. This may be the first time that a group of (literally) anonymous hackers has entered as an element in a global war. Anonymous has vowed to shut ISIS out of the internet and has apparently already crippled thousands of ISIS Twitter accounts.

Interestingly enough, despite the largely bombastic and public claims from the Anonymous hacking group, the group that’s actually doing the most work against ISIS on the cyber-front is GhostSecGroup, now known as Ghost Security Group. It’s a collective of hackers that had split off from Anonymous and now works closely with US government agencies in the cyber security department.

GhostSecGroup has told online news website MIC that the sudden interest of Anonymous could end up “costing innocent lives”. This is because they work in a more slow and methodical manner where the goal isn’t always to dismantle or cripple websites and accounts but rather to gather intelligence so that the pieces of the whole can be constructed and used in a more versatile way. Rather than cripple an ISIS forum, for example, they will silently lurk and gather intelligence about whether or not there are any attack plans or coordination. Taking down the message board would only erase that sensitive and perhaps useful information and not necessarily prevent an attack.

Another rather interesting fact is the fact that ISIS even has its own helpdesk to assist members in their missions.

Counterterrorism analysts affiliated with the U.S. Army tell NBC News that the ISIS help desk, manned by a half-dozen senior operatives around the clock, was established with the express purpose of helping would-be jihadists use encryption and other secure communications in order to evade detection by law enforcement and intelligence authorities….

At a congressional hearing in October, FBI Director James Comey said the FBI is extremely concerned about ISIS’ increasing ability to “go dark.” Comey told the House Judiciary Committee that the U.S. is ” confronting the explosion of terrorist propaganda and training on the Internet.”

If that’s not a reason for government access to encrypted data, I don’t know what is.  Until groups such as ISIS are stamped out, there seems to definitely be a need for covert monitoring of these channels.

The future truly is now, with wars being waged not only in the physical world but in the binary world as well, where soldiers are just as deadly when armed with a keyboard as with a rifle.

About Bill Gordon

Bill Gordon has been writing on tech and malware subjects for 6 years and has been working in the internet and tech industry for over 15 years. He currently lives in Southern California.

Leave a Reply

Your email address will not be published. Required fields are marked *