UK Launches Cyber Attack On Islamic State

The UK has conducted a "major offensive cyber-campaign" against the Islamic State group, the director of the intelligence agency GCHQ has revealed.

The operation hindered the group's ability to co-ordinate attacks and suppressed its propaganda, former MI5 agent Jeremy Fleming said.

It is the first time the UK has systematically degraded an adversary's online efforts in a military campaign.

Mr Fleming made the remarks in his first public speech as GCHQ director. "The outcomes of these operations are wide-ranging," he told the Cyber UK conference in Manchester.

"In 2017 there were times when Daesh [an alternative name for Islamic State] found it almost impossible to spread their hate online, to use their normal channels to spread their rhetoric, or trust their publications."

Mr Fleming said much of the cyber-operation was "too sensitive to talk about", but had disrupted the group's online activities and even destroyed equipment and networks. "This campaign shows how targeted and effective offensive cyber can be," he added.

But Mr Fleming said the fight against IS was not over, because the group continued to "seek to carry out or inspire further attacks in the UK" and find new "ungoverned spaces to base their operations".

'Blurring boundaries'

Mr Fleming also criticised Russia over what he called "unacceptable cyber-behaviour" that was a "growing threat" to the UK and its allies.

He recalled the NotPetya ransomware attack on Ukraine last year, which eventually spread across the world. The UK and US later said the Russian military were behind the attack, a claim that Moscow denied.

"They're not playing to the same rules," Mr Fleming said. "They're blurring the boundaries between criminal and state activity."

He said the use of a nerve agent on Sergei and Yulia Skripal in Salisbury was "stark and shocking", and demonstrated "how reckless Russia is prepared to be".

The UK has said Moscow was "culpable" for the attack, but Russia denies any involvement.

"The robust response from the UK and from the international community shows the Kremlin that illegal acts have consequences. And it looks like our expertise on Russia will be in increasing demand," he said.

Following the speech, the chief executive of the National Cyber Security Centre, Ciaran Martin, told the BBC the Notpetya case was also an example of the Russian recklessness mentioned by Mr Fleming.

Asked if the disclosures about offensive cyber-actions were a veiled warning to Russia, Mr Martin said sometimes the best form of defence is defence.

Mr Fleming went on to describe some of GCHQ's other goals, which include tracking down people who use the dark web to distribute child sex abuse images.

Cyber has created a new landscape for attackers and defenders, he said, and the challenges were "vast" but were being met by a strong and lawful GCHQ.

On Wednesday 11th April, Mr Fleming announced new GCHQ base is to open in Manchester hoping to draw "tech savvy recruits".

BBC

You Kight Also Read: 

Islamic State Likely To Switch To Cyber Warfare:

« Cyber Attacks Focus On Healthcare
Vigilante Hackers Attack Nation States »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

LogRhythm

LogRhythm

LogRhythm's security platform unifies SIEM, log management, network and endpoint monitoring, user behaviour analytics, security automation and advanced security analytics.

NetMotion Software

NetMotion Software

NetMotion Software specializes in mobile performance management solutions to manage, secure and support the mobile enterprise.

Atlantic Council Digital Forensic Research Lab (DFRLab)

Atlantic Council Digital Forensic Research Lab (DFRLab)

The Atlantic Council’s DFRLab has operationalized the study of disinformation by exposing falsehoods and fake news, documenting human rights abuses, and building digital resilience worldwide.

QuickLaunch

QuickLaunch

QuickLaunch transforms how cloud-savvy institutions and companies manage human and device authentication, authorization, access control and integration.

Texas A&M Cybersecurity Center

Texas A&M Cybersecurity Center

Texas A&M Cybersecurity Center is dedicated to combating adversaries who desire to harm our citizens, our government, and our industry through cyber-attacks.

JM Search

JM Search

JM Search’s Information Technology Executives Practice sources the most sought-after technology roles including CIO, CTO, CISO, CDO and other senior posts.

SOC.OS Cyber Security

SOC.OS Cyber Security

SOC.OS is an alert correlation and triage automation tool. It correlates and prioritises your alerts, boosting productivity, enhancing threat visibility and shortening mean time to respond.

Security Weaver

Security Weaver

Security Weaver is a leading provider of governance, risk and compliance management (GRCM) software.

Research Institute in Verified Trustworthy Software Systems (VeTSS)

Research Institute in Verified Trustworthy Software Systems (VeTSS)

The main purpose of VeTSS is to support program analysis, testing and verification, to achieve guarantees of software correctness, safety, and security.

Cyphere

Cyphere

Cyphere is a cyber security company that helps to secure most prized assets of a business. We provide technical risk assessment (pen testing/ethical hacking) and managed security services.

Securd

Securd

Securd takes opportunities away from your cyber adversaries. Cloud-delivered zero-trust DNS firewall and web filtering protection keep your business network and remote employees safe.

Code Intelligence

Code Intelligence

Code Intelligence offers a platform for automated software security testing to help developers make their software more robust and secure.

Cyber & Data Protection

Cyber & Data Protection

Cyber & Data Protection Limited supports Charities, Educational Trusts and Private Schools, Hospitality and Legal organisations by keeping their data secure and usable.

OpenAI

OpenAI

OpenAI is an AI research and deployment company dedicated to ensuring that general-purpose artificial intelligence benefits all of humanity.

Athena7

Athena7

Athena7 is a dedicated assessment practice committed to helping organizations understand how their infrastructure, backups, and security controls will withstand the latest threat actor tactics.

HardTarget

HardTarget

HardTarget is a cutting-edge cyber training company serving HWN (High-Net-Worth) Families and their trusted Advisors.