Licence to hack: using a keyboard to fight Islamic State

Updated

Inside the secret hack that infiltrated, and then tore down, Islamic State's propaganda unit.

Her life at work is so secret, not even her family knows what it involves.

So when Sarah sat down with the ABC for an exclusive interview she couldn't use her real name.

"My family doesn't know what I do, so I would not let adversaries or terrorists know what I do," she said.

For the first time, the 30-something hacker has revealed her role in infiltrating — and then tearing down — Islamic State's propaganda unit.

It was seen as a critical assignment. Islamic State's ability to recruit online through its sophisticated videos and glossy magazines written in several languages allowed the group's hateful messaging to metastasise across the world.

It was turning susceptible citizens into menacing warriors of a demented ideology.

In this battle, Sarah's computer skills were as powerful and as consequential as an SAS soldier who eliminates enemies with lethal force on the ground.

Her staging post was a windowless room in Canberra at an undisclosed location. She led the Australian team on a top-secret operation alongside American operatives in 2016.

Operation Glowing Symphony was established to hack into Islamic State's online system. The mission was to isolate its network, lock out users and then obliterate its contents. By deleting everything, the group's ability to produce propaganda and spread misinformation was ruined.

Some details of this operation have now been declassified. They provide a rare insight into how professional hackers played a key role in weakening Islamic State's recruitment and ability to launch attacks.

Cameras and computers: weapons of choice

Sarah works for the Australian Signals Directorate (ASD), one of the nation's most secretive organisations.

It describes itself as operating "in the slim area between the difficult and impossible" and is responsible for foreign signals intelligence and cyber warfare.

In simple terms, it spies on people or groups offshore who are a threat to Australians and, when required, launches cyber-attacks to disrupt, control or destroy.

Ben Staughton is in charge of ASD's hacking division and has never spoken publicly about Australia's ability to hack and attack online.

In "spook" language, those skills are known as offensive cyber capabilities.

The ABC met Staughton at ASD's headquarters.

"It looks more like an office workplace than walking out into a field full of soldiers," he explains.

ASD officers don't wear uniforms, unless you count jeans and shirts, and their tool of trade is the humble keyboard, a powerful weapon on the modern battlefield.

As Australia and its allies fought Islamic State militants from the ground and air, it became clear its online propaganda division was a lethal threat.

At its peak, at least 100 people worked for the propaganda unit, including IT specialists, graphic designers and video producers.

"[It had] direct messaging for people around the world, [which was] 'come here and fight for us'," Staughton said.

Islamic State produced glossy digital magazines in multiple languages, instructing how and where to launch attacks. It beamed videos across the globe to entice recruits, targeting the disaffected, the marginalised and the resentful.

Staughton said Islamic State's messaging worked.

"It [the propaganda unit] was quite effective, there was a large number of people from across the world who were going to the Middle East to undertake the fight," he said.

Islamic State's propaganda division was proving to be as dangerous as its armed fighters and bomb makers.

"A lot of the individuals who worked on the virtual caliphate had the same salaries and titles as military commanders on the ground," said Lydia Khalil, a research fellow at the Lowy Institute, where she studies Islamic State's online activities closely.

"It gives you an indication of the level of importance that the Islamic State attached to those efforts."

Hacking into Islamic State's network

To counter Islamic State's technological sophistication, the United States, Australia and other allies launched what's been described as the largest offensive cyber operation in US military history.

"It was a very big, high-end operation," Staughton said.

The Australian Signals Directorate established a team of about 20 experts to join Operation Glowing Symphony.

They ranged from cultural specialists to linguists, counter-terrorism experts, intelligence analysts, offensive cyber operators (more commonly known as hackers) and IT technical specialists.

Aged between 24 and 38, many studied standard degrees at university, including science, maths, languages and marketing, before undergoing intensive training to prepare for cyber warfare.

The Australian team spent months planning for the operation. This included online reconnaissance to spy on members of the Islamic State propaganda unit.

"You need to know how they will respond when we conduct operations against them, to inform your tactics of how you will go back against them," Sarah said.

ASD wanted to learn as much as it could about Islamic State members to gain a competitive edge.

"We have an extensive team of experts on these targets including counter-terrorism experts, cultural experts and even behavioural analysts who provide input into how these targets operate," she said.

As the US and its allies continued to spy and poke around Islamic State's online network, they discovered it only had 10 entry points across the whole system.

"If we were to say that ISIL media networks were a house, these were the 10 doors that we found that we could get in, to then do the remainder of the actions to disrupt it," Sarah said, using an alternative acronym for Islamic State.

ASD won't disclose how it went about opening those doors.

But hacking methods can include finding weaknesses in a network, determining a person's username or password, or using phishing emails to gain access.

A footy team launched the attack

After four months of spying and war gaming, Australia was ready to work with its allies to bring down Islamic State's online propaganda unit.

It was November 2016 and the Australian Signals Directorate team assembled in an ultra-secure room lined with a long row of computers, the keyboards glowing red and blue.

"The Americans sent through the code word to kick off the operation," Sarah said.

The codeword was a football team, which Sarah wouldn't name.

It marked the beginning of a 12-hour day of typing and tactics.

As the lead offensive cyber operator, Sarah monitored and directed the ASD team that was split into smaller groups, working to attack multiple targets simultaneously.

"We had an extensive sheet of targets pinned against the wall that all the operators were looking at and tactically going in through that process of access the accounts, lock them out, steal the content and delete it all," Sarah said.

In simple terms, Australia's cyber experts broke down the door, pilfered everything in the room, and when they left put a huge padlock on the door so Islamic State couldn't get back in.

"Our targets that we were going after were essentially responsible for some of the really glossy publications that were being used for recruitment and photographs from the battlefield," Sarah said.

"We [were] going after the networks where they're hosting the material that's coming off the battlefields, where they are doing graphic design of that material coming off the battlefields, where they are storing it or projecting it out globally, to its websites."

The Australian team's initial 12-hour shift was followed up with further cyber assaults on Islamic State's network for another week.

The team scooped up three terabytes of data from Islamic State's network, including everything from photos to videos and documents.

The terror group's back-ups were also deleted so that it had no option but to rebuild from scratch.

Scorched Earth

After the raid, Ben Staughton said it would have been impossible for Islamic State members to log into the network.

"[It was] like scorched earth," he told the ABC.

"You no longer had access to email, to your virtual private networks, to your media production capabilities.

"So your suite of software that you would use to produce the types of things that you are doing, you would never get them back because we had destroyed them all."

Lydia Khalil from the Lowy Institute said while Operation Glowing Symphony interrupted Islamic State's propaganda efforts, the terrorist group did its best to rebuild.

"You did see a difference, but you didn't see a complete eradication of the Islamic State's online presence either," she said.

The ABC is aware that further cyber-attacks against Islamic State have been launched since Operation Glowing Symphony, but ASD has refused to comment.

Ms Khalil said those ongoing attacks are wearing Islamic State down.

"There would be a takedown, the Islamic State would recover slightly, but each time they were starting lower and lower on the ladder," she said.

Sarah's team is imaginative and disciplined and their workload is only set to grow as people wanting to cause harm choose the web as their weapon of choice.

"I know the people have the skills, they know their jobs," she said.

"We are ready."

Credits:

Reporter: Stephanie Borys

Illustrations: Emma Machan

Topics: government-and-politics, defence-and-national-security, unrest-conflict-and-war, terrorism, australia

First posted