29 March 2019

Australia Shares Secrets of Its Offensive Cyberwar Against ISIS to Entice New Hacker Troops

Matt Novak

Australia has revealed for the first time that the country conducted a remote cyberattack against ISIS commanders in the Middle East to disrupt communications, all coordinated with Coalition fighters on the ground.

Offensive cyber operations are typically the kind of thing that governments around the world keep pretty quiet. But Mike Burgess, Director-General of the Australian Signals Directorate (ASD), delivered a speech today that boasted of Australia’s fight against ISIS from almost 7,000 miles away. The ASD is roughly equivalent to the National Security Agency (NSA) in the U.S.

“Just as the Coalition forces were preparing to attack the terrorists’ position, our offensive cyber operators were at their keyboards in Australia–firing highly targeted bits and bytes into cyberspace,” Burgess said at the Lowy Institute think tank in Sydney according to audio released by the group.


“[ISIS] communications were degraded within seconds. Terrorist commanders couldn’t connect to the internet and were unable to communicate with each other. The terrorists were in disarray and driven from their position—in part because of the young men and women at their keyboards some 11,000 kilometers or so from the battle.”

According to Burgess, the cyber components of the mission took weeks of planning, but everything was successful and it was the “first time” that an offensive cyber operation was “closely synchronized with the movements of military personnel.”

“In my experience, when people think of offensive cyber—they focus on the high-end of the spectrum involving computer network attack operations to destroy an adversary’s communication device,” Burgess said. “Yes, this is something that ASD does, but in very specific circumstances, and within a strict legal framework.”

The specifics involved in the operation, including the exact number of ISIS fighters that had their communications disrupted, were not disclosed. But Burgess did tell another story about how Australian cyber specialists were able to catfish an alleged terrorist recruit from halfway around the world.

ASD tracked down and reached out to the man over the internet. Pretending to be a terrorist commander, our lead operator used a series of online conversations to gradually win her target’s trust.

Our operative typed in deliberately broken English and was so convincing, she was able to influence the man’s behavior.

To ensure he couldn’t be contacted by the real terrorists, she got him to change his modes and methods of communication.

Eventually, she convinced the aspiring terrorist to abandon his plan for jihad and move to another country where our partner agencies could ensure he was no longer a danger to others or himself.

I cannot stress how difficult, complicated and nuanced operations like this are.

In this case, a young operative sitting at a computer in Canberra successfully pretended to be a senior terrorist fighting in a faraway war zone.

Her online persona was the inverse of her real one: different gender, age, culture, religion, language, status and a radically different ideology.

One word or reference out of place and the whole thing could have fallen apart, potentially with grave consequences.

The work that our operators do is extraordinary. But talented operators like this come from fairly ordinary backgrounds.

Like many of us, she grew up in the suburbs of a major Australian city. She enjoys yoga, hiking and playing touch football. And when she was studying science at university, she would never have dreamed that one day she would be posing online as a terrorist, and helping to defend Australia from global threats.

We spotted she had the aptitude to do this work early when she joined ASD. She was imaginative, had great problem-solving skills and was a team player.

And after completing an intensive training program, she joined our team of covert online operators – a job title that remained secret until now.

Why is Australia publicizing this work now? The country wants to recruit more cyber specialists and seems painfully aware that the work can be seen as unglamorous because workers aren’t allowed to talk about it for national security reasons.

“By being more transparent about what the work really involves we hope that a wider range of people might consider a career in ASD’s offensive cyber mission,” Burgess said.

“And while a lot of staff have technical backgrounds, offensive cyber is not just for techies. And it’s not as male-dominated as the movies would have you believe. Our most experienced covert online operators are all women.”

No comments: