HACKING ISIS: HOW TO DESTROY THE CYBER JIHAD
By Malcolm Nance and Chris Sampson
Skyhorse Publishing, $27.99, 320 pages
Terrorists and their extremist adherents are adept at utilizing the internet, particularly social media platforms, which have become widely accessible globally, and in multiple languages. These cyberspace platforms are used to spread their extremist ideologies, raise funding, communicate with one another, penetrate across borders into foreign countries that would not permit them to enter physically at their border crossings, and gain new recruits whose only initial contact with them may be via their personal computers.
For counterterrorism agencies, while the primary activity remains to militarily defeat terrorist groups and their operatives in “physical space,” these online terrorist-related social media platforms are an important secondary arena to use cyberwarfare tools to counter the terrorist organizations and their activist supporters who manage and operate such sites, including countering the extremist propaganda they propagate.
The veteran al Qaeda (and its regional affiliates) terrorist group and the relative newcomer Islamic State (known as ISIS) — which has become the latest “superstar” of Salafi jihadi terrorism (although it is also nowadays in sharp retreat as a result of the American-led military coalition campaign against it in Iraq and Syria) are the leading exploiters and beneficiaries of the Internet’s dissemination capabilities.
Since it is fairly straightforward to employ military forces — and specially trained counterterrorism forces — to defeat such terrorist groups, what are effective countermeasures against them in cyberspace, where specialized cyberwarfare tools must be used against them? In answering this question, Malcolm Nance and Chris Sampson’s “Hacking ISIS: How to Destroy the Cyber Jihad” is an important, well-researched and detailed reference resource about how al Qaeda, and now, more prominently, ISIS, operate in cyberspace and the measures required to counter and defeat what the authors term as “cyber jihad.”
The book’s chapters cover pertinent cyberwarfare topics such as the history of the cyber jihad to how it operates in the current period (with the current period characterized by the way ISIS manages its cyberoperations from its bases in Iraq and Syria); ISIS’ cyber caliphate’s “spy chain of command” (such as its media council managing the operations run by its media propaganda teams); the extent of ISIS’ cyber battlespace (e.g., ranging from the open source surface web to the difficult-to-penetrate deep web and dark web) and the specific, popular social media websites they exploit such as Telegram, Twitter, Facebook, Tumblr and others.
The book also identifies the software they use to communicate with one another, such as end-to-end encrypted messaging apps, WhatsApp, and others; their official and “wannabe” cyberwarrior units, such as online jihadi groups (with many of them operated by their Western activists), and what is known as the Islamic State Hacking Division.
Further, it details jihadi groups’ video media structure and the themes they propagate in their videos and online magazines, such as Dabiq; the involvement of female activists in the cyber jihad in radicalizing potential female supporters; and the appeal of the cyber jihad to susceptible Muslim individuals, especially in Western countries, who become self-radicalized while sitting at their home computers and become lone wolf terrorists (such as Omar Mateen, the Orlando nightclub mass murderer, and others).
The final chapters discuss the counter-ISIS cyberwarfare campaigns being waged by the U.S. government and its allies, which have mobilized many of the social media corporations, such as Facebook and Twitter, to control the exploitation of their freely available websites by terrorist groups and their sympathizers. The authors also discuss a counter-ISIS campaign by the Anonymous hacker community, which is strongly anti-ISIS — although its online countermeasures to take down ISIS websites have been meager, at best.
Also covered are the intelligence cybertools that are used to counter the appeal and operation of ISIS’ websites, such as formulating counternarratives to expose their hypocrisy and distortion of reality, as well as infecting terrorist websites with various malware viruses.
In the concluding chapter, the authors insightfully point out that “the destruction of ISIS will be a historic achievement, but the by-product will be a less centralized terror group that will rely much more on inspiring terror attacks rather than planning them and deploying cells.” With ISIS’ primary organization in Iraq and Syria being gradually dismantled by the U.S.-led military coalition in those countries (and elsewhere), the authors foresee a rise in attacks by ISIS-inspired lone wolves in Western countries, “who dream up a plan and then execute it without saying a word or leaving a deep digital footprint, [which is] extremely difficult to detect.”
It is such insights and an encyclopedic listing of entries on ISIS’ terrorist-related operations in cyberspace that make this book an indispensable reference resource for analyzing the latest trends in cyber Salafi jihad and how to counter them at the governmental and private-sector levels. Both authors are veteran terrorism and counterterrorism experts and executive leaders of the research institute TAPSTRI — Terror Asymmetrics Project on Strategy, Tactics, and Radical Ideologies — in the New York City region.
• Joshua Sinai is a senior analyst at Kiernan Group Holdings in Alexandria, Virginia.