UK Admitting "Offensive Cyber" Against ISIS/Daesh

I think this might be the first time it has been openly acknowledged:

Sir Michael Fallon, the defence secretary, has said Britain is using cyber warfare in the bid to retake Mosul from Islamic State. Speaking at an international conference on waging war through advanced technology, Fallon made it clear Britain was unleashing its cyber capability on IS, also known as Daesh. Asked if the UK was launching cyber attacks in the bid to take the northern Iraqi city from IS, he replied:

I'm not going into operational specifics, but yes, you know we are conducting military operations against Daesh as part of the international coalition, and I can confirm that we are using offensive cyber for the first time in this campaign.

Posted on October 24, 2016 at 2:12 PM • 38 Comments

Comments

rOctober 24, 2016 2:45 PM

Yeah sure, after they kill thousands and thousands of people right?

DDoS doesn't bring innocent civilians back.

Ross SniderOctober 24, 2016 3:16 PM

An interesting acknowledgement, however late it is coming.

Much of the cyberwarfare work against the Islamic State Group and the Government of Syria have been propaganda/messaging campaigns, launched to control narrative and widespread understanding of legitimacy. It would be interesting to see inner workings of information campaigns from Qatar, Saudi Arabia, Turkey and other countries that have sought to magnify extremist Sunni Salafists including the Islamic State Group.

There's other aspects to shutting down particular arenas of conversation: digital and telecommunications infrastructure used by the Islamic State Group to organize can be disrupted in what to disrupt the decision cycle - in an attempt to paralyze the operations of the adversary.

As the group has taken Mosul it's also likely that some critical and civilian infrastructure in the city are running connected to the grid, and disruption of this infrastructure can deny the defensive operations options and make defending the city (without water, power, etc) less attractive - a kind of attrition warfare.

These are the kinds of 'operational details' that would be incredibly interesting to hear more about both because it informs what kinds of capabilities are available and effective when performing an invasion and to understand what ratios between operation types lead to effective outcomes when facing insurgent groups claiming to be freedom fighters against local oppression and foreign intervention. As a group that has had massive success exploiting the vacuum in the proxy war, Mosul may be one of the first and best case studies in hybrid warfare against this kind of militarized rebellion force.

Rodrigo RamosOctober 24, 2016 4:41 PM

We are leaving in the endless cyberwar era. Nobody knows when it begun or when it will end. It's even hard to know who is fighting for who there.

Upper-class Twit of the Year October 24, 2016 5:19 PM

Looked at the headline, thought, What kind of shithead mouths the mortifying bafflegab 'cyber' as a noun?

Ah. Who but Fallon, crooked as the day is long, knows nothing about defense except where to pick the bags of money up. A perfect puppet for NATO. Telling, that Britain's elite keyboard commandos are going over the top from the safety of their cubicles. The Brits are one step above Togo in the motley coalitions nowadays, and any attempt to pretend otherwise threatens to dislodge Scotland. Why do these feckless pedo snools still have the veto? They can't play with their Trident rubberduckies without Washington's permission, and they can't even torture helpless captives right.

Sancho_POctober 24, 2016 5:38 PM

Offensive cyber for the first time, that will change everything !!! Hope !!!

Islamic “State”, militarized rebells - a couple of barbaric illiterates, supported by an endless stream of western logistic, weaponry and ammunition.
How many years are we already keeping that fire burning?

Why?
Because we, the western allies, have to burn the incredible debt we’ve accumulated in exchange for the black gold.
Look at Libya. Gaddafi dead, debt dead. Hillary for President.

Offensive cyber will stop the “war”, for sure.

BillyOctober 24, 2016 10:21 PM

There's not much cyber in Mosul to attack. ISIS has shut down all the cellular networks in Mosul. They even make residents turn in their satellite dishes so they can't watch TV.

I also read that if people want to leave Mosul, ISIS makes them leave a family member behind as a hostage and if you don't return to the city in 10 days they will kill that person.

I don't see how the US lead coalition plans on evacuating 1 million civilians out of Mosul when those people have no access to the internet or TV. Not to mention that ISIS won't let them leave the city even if they wanted to.

The attack on Mosul is looking like Aleppo version 2.0 . Only this time it's USA doing the bombing instead of Russia. So I doubt we'll see western media splash pictures of children being pulled out of the rubble in Mosul like we saw in Aleppo.

Clive RobinsonOctober 25, 2016 12:36 AM

@ Hate,

Hate the word "cyber" so very much. It's cringe incarnate.

Yup you are not the only one even Bruce made comment on it at one point.

However we've lost the war on this, just as we did on the missuse of "Hacker" by the "know nothing" --except how to manipulate-- jornos and politicos...

It's actually got to the point where to say you are "an old school hacker" can and will be used against you in a court of law....

Such is the power of the "know nothings" to pervert society.

Clive RobinsonOctober 25, 2016 12:40 AM

@ Bruce,

I think this might be the first time it has been openly acknowledged

What about the "fairy cake" recipies?

ab praeceptisOctober 25, 2016 1:20 AM

Clive Robinson

@ Hate,

Hate the word "cyber" so very much. It's cringe incarnate.

Yup you are not the only one even Bruce made comment on it at one point.

Let's CYBERhate that word!!!

Eliot LearOctober 25, 2016 1:40 AM

Bruce, we have an active battle going on and I hope that nobody would be surprised that both sides are going to use whatever tools they have at their disposal to win. In fact one wonders if either side has ever seen Star Trek II. A more interesting case is where there is no such active battle or any sort of declared conflict. One example is Stuxnet, where one could argue it actually saved IRANIAN lives by averting a bombing.

marcOctober 25, 2016 1:44 AM

What did the Brits attack? Toyotas? I can not think of any ISIS infrastructure that is worth an attack.

fajensenOctober 25, 2016 3:55 AM

Sure, "offensive" twittering stern warnings for months ahead and letting ISIS run off into Syria will be "Another Milestone in The War on Terrorism".

Notice how these goons alway and for ever confuse Effort and Input with Results? Because that's their game, burning through vast ressources and never, ever, fix the problem that giveth the Funding. Rather, their actions (and inactions) will compound and expand the problem, this provides Growth in the Funding.

The UK is back to training "Freedom Fighters" (to fight Freedom in Syria, of course). Because no serious politician today can just leave a big, fat, fiasco alone; No, it absolutely must be compounded and doubled-down on.

Is it still a wonder why a vote for the un-serious politician is considered the less effective evil, the moral choice!?

The Rt Hon Jim HackerOctober 25, 2016 6:35 AM

Clive,

"It's actually got to the point where to say you are "an old school hacker" can and will be used against you in a court of law...."

link (especially whether this is just the good old prosecutor's dishonesty, or more) ?

Clive RobinsonOctober 25, 2016 9:06 AM

@ Jim Hacker,

It was mentioned, it was included with the court paperwork in broadcasts on the arrest of Cardiff man Samata Ullah. Who was most newsworthy in the tech press for the "USB Cufflinks" from August this year. Apparently as part of his website and corespondance he claimed to be an old school hacker type system administrator, and this was considered noteworthy in court documents as part of evidence of being a terrorist.

The thing is in the UK we now have "thought crime" --brought in by Theresa May-- where you can be charged for doing something perfectly legal and done by many people if those prosecuting a case can say "must be for terrorism" loudly enough, wave their arms enough etc etc...

Take for instance he stands accused of deliberatly concealing a USB memory device in cufflinks. The prosecution forgot to mention in the paperwork that in fact he had purchased them off of a well known Internet Retailer, as you can if you wish to...

Further he is accused of installing an OS on the legaly purchased USB device that could be used for terrorist purposes, just as many people who read this blog do. Likewise he is accused of encrypting part of his website, just as our host has. Further of also publishing "training" information on how to access the site, as our host has done.

At no point in their public statments have the prosecution said what the OS is nor what the supposed encryption is nor the training information... Thus it has been assumed by many to be TAILS, https and Tor guides.

Thus I'm waiting for the Met Police to also claim in court documents he had access to a kitchen sink. Into which he poured grease from a cooking pot and therefore he must be planning in his head a WMD terrorist attack on Cardiff...

CrunchrOctober 25, 2016 11:23 AM

@Clive

"Old-School Hacker". ROTFLMAO! Can't wait to be the first poor schmuck arrested for writing a "weaponized bookmarklet". (The "probable cause" will be because I didn't need some bloathog "library" like jQuery just to slap the DOM around).

Sure, I can try explaining to a jury raised on Win-DOHs and CNN that I merely used tPVD() for a function name because it represents the Phantom Variable's Dog -- which, after running, disappears up its own ass in a puff of smoke. Or r2PS() for Rowdy Roddy Piper's Sunglasses (trust me, the judge'll be dropping the hammer on my ass before I even get to explain that one).

On the bright side, maybe I'll be immortalized as The Lightbox Killer.

WarpOctober 25, 2016 12:11 PM

@Clive Robinson

It can be used against you in a court of law to say you're an old-school hacker? Do you have a source on this? I occasionally talk with D.C. types that are trying to appeal to the hacker communities, so this would be a useful talking point to bring up in those kinds of conversations.

WarpOctober 25, 2016 12:12 PM

@Clive Robinson

Scratch that. I see you already responded with that info in another post.

albertOctober 25, 2016 1:48 PM


"Cyber this, and cyber that, cyber everything, just ain't where it's at..."

Apologies to Boz Scaggs (of the iconic "Lowdown").

. .. . .. --- ....

CallMeLateForSupperOctober 25, 2016 1:52 PM


"...I can confirm that we are using offensive cyber for the first time in this campaign."

Maybe the "cyber" is the same ol' same ol', but crafted to be morally and/or religiously *offensive* to the targets. For example, mass Tweets to ISIS that "Abu Bakr al-Baghdadi admits he is gay" or injecting a turbaned May into ISIS-friendly web pages.
"A lot of people are saying this. I don't know."[C] 2016

albertOctober 25, 2016 3:06 PM

@Ross,

The 'hearts and minds" approach by the West (actually, the US. EU countries are merely lapdogs) was and is, a lost cause. Propaganda is seldom effective when presented by the invading force. Whom do you believe, the video on your computer or smartphone, or the ISIL guy with a gun to your head?

Everyone but Fallon seems to think that Mosul has no "cyber" infrastructure to attack, so little will be learned. Infrastructure attacks are simply a slower way to kill civilians. Any talk about test cases is BS.

Thinking about Russia in Afghanistan, they ran home with their tails between their legs, assisted in no small way by US support. How long have -we- been there? How many Muslim countries in the ME have achieved anything since Western military involvement?

This, I believe, is the endgame: Total, continuous instability in the ME, applied to all countries who don't play ball with us. Oil producers who don't will move to the top of the shit-list. Iran is next. Syrian oil might be of some benefit, but wearing down Russia is probably the goal there. Don't be fooled by the military; the State Dept. may be full of psychopaths but they're there to take the heat. The corporatocracy pulls the strings.

I think it's time to rename the Dept of Defense to the more appropriate Dept. of War.

. .. . .. --- ....


Clive RobinsonOctober 25, 2016 4:11 PM

@ albert,

I think it's time to rename the Dept of Defense to the more appropriate Dept. of War.

Do you actually mean "change it back" not rename it?

We used to be more honest with ourselves a century or so ago... I guess when you lie to yourself lying to others is second nature, hence the mess we are in.

chris sOctober 25, 2016 4:58 PM

@warp, I think the reference is to Section 58 of the Terrorism Act of 2000:

"A person commits an offence if—

(a) he collects or makes a record of information of a kind likely to be useful to a person committing or preparing an act of terrorism, or

(b) he possesses a document or record containing information of that kind."

This was the section under which the individual is currently charged. Section 57 goes even further:

"(1)A person commits an offence if he possesses an article in circumstances which give rise to a reasonable suspicion that his possession is for a purpose connected with the commission, preparation or instigation of an act of terrorism.

(2)It is a defence for a person charged with an offence under this section to prove that his possession of the article was not for a purpose connected with the commission, preparation or instigation of an act of terrorism."

You will notice that the 2nd clause effectively reverses the burden of proof.

[FWIW, the USB cufflink is not just available online, but also in middle-brow high street retailers such as marks and spencer].


Rodney DangerfieldOctober 25, 2016 5:24 PM

@chris s, warp

The link escapes me, bit it goes further than that. It's actually counter productive for a person to lay claim to the name itself as that specifically is reason enough to search points property. Happened a couple of years ago and made it to popular sites (/.). Could be sensationalism I'm sure but w/e.

Couple that with the "reverse engineering is punishable by death" and my state's soon to be passed (and past) "life sentence for hacking a vehicle" I'm sure I'll be retroactively prosecuted for reverse engineering the rx7 ecu. w/e

kiwanoOctober 25, 2016 9:39 PM

@Clive

One of my hunting friends was arrested back in 2010 on charges that he was trying to terr'ism the G20 summit that was going on at the time. What he'd mainly done was publish vulnerabilities he'd found in the security perimeter for the summit, make some unflattering remarks about the police, and have a few experiments lingering in his basement and garage.

I mention this because your remark about the kitchen sink reminds me very strongly of his case. Medicine cabinets and TATP production indeed...

At the end of the day (or 2 years, as the case may be), he got acquitted, and he only had to rack up $750k in legal bills to do it...

BOctober 26, 2016 3:52 AM

The comments section has gone downhill recently. It's full of conspiracy nutjobs and talentless rhetoricians.

Michael Fallon is a bit of a joke in my country. When he says cyber, one can be sure that the word represents the full extent of his knowledge on the matter.

Clive RobinsonOctober 26, 2016 5:53 AM

@ B,

Michael Fallon is a bit of a joke in my country. When he says cyber, one can be sure that the word represents the full extent of his knowledge on the matter.

His full extent... It's the new inword for most of the politicals to utter as their speech writters and advisors tell them... So 'the full extent of their knowledge on the matter' is more appropriate in the "land of the blind leading the blind" the UK has become.

I repose in the UK, and when ever the Fallon or other members of the "Cluster SNAFU" clique stand up and talk I look for the ventriloquist's hand ramed up the back.

albertOctober 26, 2016 3:01 PM

@Clive,

'Change it back' indeed. We all had Depts of War at one time. I don't know how it is across the pond, but we waste USD20,000,000 PER DAY* on military spending. Is that not mind-boggling?

Perhaps "Department of International Police Action" would be more acceptable.

How about "Department of Regime Change"?

Or "Department of 'Leaning On'** Countries That Don't Do What We Say"?

-------------
* $231.48 per second.
23 cents per millisecond
0.023 cents per microsecond doesn't sound too bad...

** An old Mafia euphemism

. .. . .. --- ....

Clive RobinsonOctober 26, 2016 9:01 PM

@ Albert,

Or "Department of 'Leaning On'** Countries That Don't Do What We Say"?

You forgot to go that extra inch to,

"Department of Political Folly", where the "leaned on" countries become sink holes of money, lives, morality and political standing.

For example Iraq, Afghanistan, Libia, to name just a few of the more recent ones, with I guess Syria and Iran being the contendors for the next round of "Where's the war profit today boys and girls?".

HermanOctober 27, 2016 5:18 AM

The problem with Daesh is that they have reverted to the stone age - any attack against them just make the stones bounce again.

HermanOctober 27, 2016 5:29 AM


@marc • October 25, 2016 1:44 AM

"What did the Brits attack? Toyotas? I can not think of any ISIS infrastructure that is worth an attack."

That is why hospitals are bombed - there isn't anything else left that is worth bombing.

AnonOctober 30, 2016 1:11 AM

The use of the word/name "Daesh" is itself politicized - we were "told" via the MSM to use it.

What is the difference between "Daesh", "ISIS", "ISIL", and "IS", "moderate rebels", "extremists" and "opposition forces"??

Nothing, except who backs them.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.