US Military Fighting ISIS In Cyberspace

No terrorist group has capitalised on networked technology more than ISIS, both for recruitment messaging and commanding their fighters on the ground.

The Internet is their response to asymmetric disadvantage. Where they lack in infrastructure and resources of a state, they use the web to plan attacks, solicit money and reach out to potential members.

Meanwhile, however, US Cyber Command has mustered an array of cyber capabilities intended to undermine ISIS’s operations and messaging on the web. Cyber Command’s campaign against ISIS, and groups that will eventually follow, continues to test their capabilities against terrorists turning to digital technology to advance their own agendas.

Much like the US strategy of denying physical safe-haven to terrorists, the US and its allies are trying to deny virtual safe-haven for the spread of terrorist ideology and operational know-how.

On the battlefield, physical has merged with digital. ISIS commanders in Iraq and Syria have maneuvered their ranks through urban combat in cities such as Mosul or Raqqa, giving orders and sharing intelligence using networked-devices like phones, tablets, laptops, and small commercial drones. They use disposable Twitter accounts to distribute timely operational commands to fighters following specific hashtags, and create Facebook groups or Telegram channels to relay crude combat intelligence in real time.

While US-backed Syrian Democratic Forces inch their way through ISIS’s self-proclaimed capital Raqqa, which has featured heavily in recruitment messaging since it became the group’s center of gravity in the fall of 2013, another, far less visible force is at work.

From its headquarters in Fort Meade, US Cyber Command has become an integral part of the fight against the terrorist organisation. Forward-deployed cyber operators embedded in ground teams, or relaying from links to ISIS infrastructure through drones, aircraft or naval vessels, can access ISIS systems where internet or satellite links cannot.

The recently elevated combatant command first cut its teeth in February 2016 by launching targeted denial of service attacks and other cyber counter-measures to jam ISIS communications during the strategic recapturing of the town Shaddada in Syria.

In October 2016, British defense secretary Michael Fallon said the UK had for the first time joined the offensive cyber campaign against ISIS during the battle for Mosul in Iraq.

Since then, coalition military hackers have sought, with mixed results, to subtly disrupt the terrorist organisation’s ability to govern, pay its fighters, disseminate orders from commanders, and spread its narrative and know-how to attract those around the world to take part in its cause.

ISIS is vulnerable to cyber warfare and the campaign presents an opportunity for military hackers to hone their trade by testing doctrine, tactics, and integration with other domains of war. Without external nation-state support, ISIS relies on existing and improvised telecommunications infrastructure, equipment is outdated and therefore insecure.

The UK and US have an in-depth knowledge of the electro-magnetic spectrum in the region going back to the 2003 invasion of Iraq. Much of the networking gear that the terrorist organization relies on was captured from the retreating Iraqi forces during the fall of Mosul in the summer of 2014, much of which was likely provided by the United States.

Such offensive cyber operations have, however, been shrouded in secrecy, and for good reason. Cyber intrusion tools used to gain entry into ISIS networks are limited and perishable, and should they be discovered, ISIS members will take precautions to negate them, either by turning to new technology or new behavior.

Already ISIS leadership practices online operational security to remain hidden. Tech-savvy jihadists distribute how-to-manuals designed to help recruits mask their IP addresses and communications by using anonymizing technology such as Tor and end-to-end encryption platforms as WhatsApp and Telegram.
 
These countermeasures make the group’s communications at times unreadable, difficult to track and target, and therefore resilient against US collection and disruption efforts.

While some offensive cyber capabilities, such as jamming through denial of service, are “loud,” they can be rationalised away by ISIS fighters as simple technical problems. But complete destruction of ISIS digital infrastructure, or just blatant interference, could cut off crucial intelligence collection avenues that are the foundation of the US-led coalition’s air war over Iraq and Syria.

“NSA penetrations are stealthy and subtle – difficult, if not impossible, to detect,” says Ned Carmody, a former CIA Case Officer. “NSA cyber operators have the ability to extract large volumes of data from adversary networks without the enemy ever knowing it happened. On the other hand, when Cyber Command loudly kicks in the door of an ISIS computer, the secrecy is lost and intelligence avenues are blown.”

Similar to traditional electronic warfare methods used since World War II, cyber disruption of ISIS command and control networks is unlikely to simply jam their communications, but also spoof or manipulate their content for cognitive effects.

Military cyber operators can turn ISIS command and control infrastructure against itself, distributing false orders or locations to lead members into traps. But again, the operational security of such efforts is integral, as ISIS knowledge of such intrusions would inform them to ignore spoofed communications.

Over time, such manipulation could have a psychological impact on ISIS fighters, perhaps even straining trust between leadership and ground forces or driving them to turn to alternative means of command and control that are either less effective or less secure.

“The substitution of commands or location information does not only have the immediate effect of that false data, but can also undermine confidence in command, control, and information systems, impacting on decision making and potentially channeling the adversary on to alternate means where they can be more easily targeted,” said Ewan Lawson, a Senior Research Fellow for Military Influence at the Royal United Services Institute in London.

As ISIS loses its footing in Syria, it will turn its focus further to global outreach, recruiting those vulnerable to its messaging and inspiring them to violence. The group has already proved itself deft at influencing the hearts and minds of many.

They render audiences awed by their gruesome displays of violence, drawn to their slickly edited videos and primed by their mass dissemination through social media platforms. The world is flattening and the terrorist organisation is increasingly capable of crowd-sourcing headline-catching violence from afar.

Recruitment content is centralised through its media umbrella Al-Furqan Media, yet dissemination is decentralised and leverages some 50,000 ISIS Twitter accounts at any given time, as well as temporary “throwaway” accounts on Facebook, YouTube, Telegram and other communication platforms.

Digital amplifiers such as bots unendingly propel the group’s narrative directly to the mobile devices of individuals on every continent susceptible to extremist messaging.

The group has proven resilient against tech companies deleting accounts for breaches of their terms of service and traditional warfare techniques of jamming and interception have left cyber operators in an unending game of Whac-A-Mole.

Even Cyber Command’s operation codenamed Glowing Symphony, where military hackers breached ISIS administrator accounts, blocked out members, and deleted content such as battlefield videos displaying ISIS victories, wound up turning into a disappointment as the results were temporary. Content later reemerged on other servers.

But while progress in countering such a resilient messaging campaign is slow and disheartening, it is achievable. Repeatedly hitting the central nodes of ISIS influence, similar to a terrorist decapitation strategy, can undermine the production of content and slow their audience growth.

Contesting these key sites forces ISIS to expend time, resources, infrastructure, and expertise to bring them back online elsewhere and if they become inconvenient or risky to access, audiences will slowly wane.

“The Internet has allowed rapid and global dissemination of the extremist narrative,” says Zamawan Almemar, a senior consultant for the US Department of Defense.

“Thus, an effective counter-radicalization effort must confront all the components of the radicalisation process, including disabling online interactions between extremist supporters radicalised by online propaganda, who are geographically separated and motivated to take action against the West.”

There are, however, a number of legal considerations when removing ISIS content and disrupting their data. The terrorist organisation relies on commercial software and their content often resides in servers housed in third party countries.

The US coercively disrupting data in countries around the world remains a contentious issue and exploiting rather than reporting vulnerabilities in commercial software is what underpins much of the government’s anti-ISIS hacking efforts.

Furthermore, the removal of political and religious-based recruitment messaging brings up First Amendment censorship concerns. The clear line of what amounts to incitement of violence is not always crystal clear in all ISIS content.

How the US and its allies navigate this challenge will have a lasting impact on discussions regarding freedom of expression in the future.

The Cipher Brief:

You Might Also Read:

How Dangerous Is ISIS In The Cyber Domain?:

Learning About ISIS Intentions Using Open Source Intelligence:

 

« New AI Claims To Determine If You Are Gay Or Straight.
Disastrous Equifax Breach Exposes 44% Of The US Population »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Raz-Lee Security

Raz-Lee Security

Raz-Lee Security is the leading security solution provider for IBM Power i, otherwise known as iSeries or AS/400 servers.

Synack

Synack

Synack provides a hacker-powered intelligence platform that uncovers security vulnerabilities that often remain undetected by traditional pen testers and scanners.

Wüpper Management Consulting (WMC)

Wüpper Management Consulting (WMC)

Specialized in compliance, risk management and holistic information security WMC GmbH has longtime implementation experience in global projects.

Network Integrated Business Solutions (NIBS)

Network Integrated Business Solutions (NIBS)

NIBS is an IT services provider offering a range of services with the aim of simplifying and securing technology.

ITonlinelearning

ITonlinelearning

ITonlinelearning specialises in providing professional certification courses to help aspiring and seasoned IT professionals develop their careers.

Blackbird.AI

Blackbird.AI

Blackbird.AI provides an intelligence and early-warning system to help users detect disinformation and take action against threats.

Internet 2.0

Internet 2.0

Internet 2.0 is a Cyber Security technology company with a core focus on developing affordable but sophisticated cyber security solutions.

Turnkey Consulting

Turnkey Consulting

Turnkey Consulting is a leading provider of Integrated Risk Management (IRM), Identity Access Management (IAM), and Cyber and Application Security.

European Center for CyberSecurity in Aviation (ECCSA)

European Center for CyberSecurity in Aviation (ECCSA)

ECCSA is a cooperative partnership within the aviation community to better understand emerging cybersecurity risks in aviation and provide collective support in dealing with cybersecurity incidents.

Phished

Phished

Phished is an AI-driven platform that focuses on the human side of cybersecurity. By combining fully automated training software with personalised, realistic simulations of cyberattacks.

Polygraph

Polygraph

Polygraph monitors the activities of click fraud gangs, including how they operate, who they target, the techniques they use, and how to detect their fraud.

Buchanan Technologies

Buchanan Technologies

Buchanan Technologies is a leading IT consulting and outsourcing services firm. Our methodology transforms everyday technology investments into streamlined, secure and scalable solutions.

Avalon Cyber

Avalon Cyber

Arm your organization in the fight against cyberattacks by partnering with the experts at Avalon Cyber.

Dion Training Solutions

Dion Training Solutions

Dion Training Solutions offer comprehensive training in areas such as project management, cybersecurity, agile methodologies, and IT service management.

HashiCorp

HashiCorp

At HashiCorp, we believe infrastructure enables innovation, and we are helping organizations to operate that infrastructure in the cloud.

Cyber Guru

Cyber Guru

Cyber Guru is an effective cybersecurity awareness training platform, enabling organisations to increase their resistance to cyber-attacks by changing employee behaviour.