Pentagon weighs cybercampaign against Islamic State
The Pentagon is considering increasing the pace and scope of cyberattacks against Islamic State, arguing that more aggressive efforts to disable the extremist group’s computers, servers and cellphones could help curtail its appeal and disrupt potential terrorist attacks.
Military hackers and coders at Cyber Command, based at Fort Meade, Md., have developed an array of malware that could be used to sabotage the militants’ propaganda and recruitment capabilities, said U.S. officials, who were not authorized to speak publicly on internal discussions.
But closing off the extremists’ communications faces resistance from the FBI and intelligence officials. They warn that too sweeping an effort to constrict Internet, social media and cellphone access in Syria and Iraq would shut a critical window into the militants’ locations, leadership and intentions.
Moreover, a shutdown of communication nodes could affect humanitarian aid organizations, opposition groups, U.S.-backed rebels and others caught up in the Syrian civil war. A virus could spread to computers outside the country.
Defense Secretary Ashton Carter will meet with his cybercommanders this week at the Pentagon to examine a menu of digital options, including jamming and viruses, that could be used to target the Sunni Muslim group’s communications, according to the officials.
The White House directed senior Pentagon officials to prepare options for a stepped-up cyberoffensive after evidence indicated the husband-and-wife shooters who killed 14 people in San Bernardino on Dec. 2 had become self-radicalized on the Internet and had pledged fealty to Islamic State on Facebook, said the officials.
Those in the White House “want to see options” for cyberattacks, said one official. “That doesn’t mean they are all in play. It just means they want to look at what ways we can pressure” Islamic State.
For now, the White House is leaning toward more targeted cyberattacks when intelligence can pinpoint specific phones, computers or other digital devices used by the Web-savvy militants.
“If you do see something that is in service of an active operation, you may want to take some action to disrupt that operation,” Ben Rhodes, the deputy national security advisor, said in an interview.
But there are apparently limits to U.S. cybercapabilities. Speaking to reporters Dec. 9, Rep. Michael McCaul (R-Texas), chairman of the House Homeland Security Committee, said Islamic State hackers “have developed an encrypted app and can communicate anywhere in the world from an iPhone without any ability for us to pick up those communications. … They have mastered this dark space.”
The issue has erupted in the 2016 presidential campaign. In response to a question at the Republican candidates’ debate Tuesday, front-runner Donald Trump sparked a heated exchange when he said he was “open to closing [the Internet in] areas where we are at war with somebody.”
U.S. officials have long criticized China, Cuba, North Korea and other authoritarian states for limiting or barring public access to the Internet and social media.
Cyber Command, which is responsible for U.S. offensive operations in cyberspace, has targeted some computer networks and social media accounts since President Obama authorized airstrikes and other operations against Islamic State in August 2014, officials said.
But some Pentagon officials privately argue more can be done. They say computer viruses, so-called “Trojan horse” attachments, denial of service attacks and other digital assaults should be used to take down Islamic State communications.
Experts warn a blackout probably wouldn’t last — and could backfire. The militants could send messages and videos through thumb drives, satellite phones, or other devices or platforms. Encryption, already widely used by the militants, would make tracking them more difficult.
“The more we go after them and take them down, the more we push them into secure areas online,” said Jeff Bardin, a computer security consultant and former Air Force linguist who reads Arabic and tracks radical Islamic groups online.
After Twitter began shutting Islamic State’s official accounts in 2014, for example, the group encouraged its operatives and followers to use encrypted social apps such as Telegram, or to use stronger privacy settings that made them harder to monitor.
Trying to chase and close the volume of traffic on social media may be impossible.
Extremists send about 90,000 Twitter messages a day, according to the Counter Extremism Project, a New York-based nonprofit that tracks militants’ messages online and pressures social media companies to identify and disable accounts that promote extremist groups.
Moreover, intelligence officials say Islamic State has become more adept at changing computers, cellphones and messaging apps when one is compromised.
When its websites are shut down or recruiters are blocked, they often switch to other sites or accounts and the communication gets out.
“Sitting there trying to play whack-a-mole to knock these communications platforms off can be so complicated and so resource intensive and only marginally effective,” said John D. Cohen, a former senior Homeland Security counter-terrorism official who now teaches at Rutgers University.
The Obama administration has opted for a middle course so far, shutting the most egregious Islamic State website and accounts — and using others to track and slay recruiters and operatives.
In August, a U.S. drone strike near Raqqah, Syria, killed Junaid Hussain, a British-born hacker who had posted the names, addresses and photos of about 1,300 U.S. military and other officials online and urged followers to attack them.
Officials said Hussain also had been in contact with one of the two armed men who sought to attack a Prophet Mohammed cartoon contest last May in Garland, Texas. Police there shot and killed the two assailants.
FBI Director James Comey told the Senate Judiciary Committee this month that one of the men had exchanged 109 messages “with an overseas terrorist” on the morning of the attempted attack.
“We have no idea what he said because those messages were encrypted,” said Comey.
A month later, the U.S. fired missiles into a building in Syria after a militant published several posts on social media that were embedded with his precise geolocation coordinates.
The arrest Thursday of Jalil Ibn Ameer Aziz, a 19-year-old resident of Harrisburg, Pa., on terrorism charges highlighted the dilemma for federal authorities investigating potential terrorism cases in the United States.
Aziz created at least 57 Twitter accounts on which he posted propaganda for Islamic State, including photos of grisly executions and exhortations to launch violent attacks, according to charging documents. But prosecutors relied on those same Twitter accounts to build their case against him.
In 2014, according to court records, Aziz used Twitter to pledge his allegiance to Islamic State leader Abu Bakr Baghdadi. In January, he tweeted, “Know O Obama that we are coming to America and know that we will sever your head in the White House,” prosecutors charged.
Twitter repeatedly suspended Aziz’s accounts because of their violent content, but he quickly set up others under the pseudonym “Colonal Shami” that allowed followers to reestablish contact. Last summer he exchanged dozens of messages with other Twitter users about going to Syria and Iraq to fight with Islamic State.
Aziz made an initial appearance in U.S. District Court in Harrisburg after his arrest. He did not enter a plea.
Times staff writers Lisa Mascaro and Christi Parsons in Washington contributed to this report.
Must-read stories from the L.A. Times
Get the day's top news with our Today's Headlines newsletter, sent every weekday morning.
You may occasionally receive promotional content from the Los Angeles Times.