By
The Islamic State’s hacking army
doesn’t actually work for ISIS—It’s part of the secret Russian online espionage
effort against the West
For two
years the so-called Cyber Caliphate has been the online weapon brandished by
the Islamic State against its enemies. Its hacking offensive, including
aggressive use of social media, made front-page news around the world,
heralding a new front in that murderous group’s worldwide jihad against
“infidels.”
Pledging
support to ISIS, the Cyber Caliphate hacked and defaced U.S.
Government websites and social media feeds, including those of Central Command,
the Pentagon’s Middle East headquarters. Numerous smaller cyber-attacks
followed. They also hacked into Department of Defense databases and posted the
personal information of 1,400 American military affiliates online.
The
Cyber Caliphate has attacked targets in many countries, including allegedly accessing top
secret emails belonging to senior British government officials. The most public
of their attacks was the April 2015 hijacking of
several feeds belonging to the French channel TV5Monde, which included defacing
its website with the slogan “Je suis ISIS.” This assault, seen by millions of
people worldwide, gave the group the notoriety it craved.
The
American-led coalition against ISIS has taken the Cyber Caliphate threat
seriously, devoting significant intelligence resources to tracking and studying
the group. Western fears increased this April with the announcement that disparate
ISIS hackers were merging, creating a new United Cyber Caliphate, designed to
be a major expansion of the existing Cyber Caliphate. Drawing together jihadist
hackers from many countries, this would constitute a major online threat.
In
response, the Pentagon in late February announced the unleashing of real cyber-war against
ISIS, including attacks by U.S. Cyber Command against the Islamic state’s
communications, in an effort to disrupt their activities both kinetic and
online. Neither are the Pentagon’s efforts to shut down the Islamic State’s
online antics limited to the Internet. In August 2015, a drone-strike at Raqqa,
ISIS’s Syrian stronghold, killed Junaid Hussain, a
21-year-old British jihadist of Pakistani origin who was the group’s best-known
hacker.
However,
there have long been whispers that the Cyber Caliphate is not what it claims to
be. French intelligence examined the group closely after the TV5Monde attack
and concluded that the hackers involved actually had nothing to do with the Islamic State.
Rather, they were affiliates of a hacking collective known to be affiliated
with the Kremlin, in particular APT 28, a notorious group that’s a secret arm
of Moscow, according to Western security experts. In
other words, the Cyber Caliphate is a Russian intelligence operation working
through what spies term a cut-out.
U.S.
secret agencies, including the National Security Agency, which controls
American cyber-espionage and works closely with CYBERCOM, came to similar
conclusions. “APT 28 is Russian intelligence, it’s that simple,” explained an
NSA expert to me recently. Hence the mid-2015 State Department security report
that, while assessing the jihadist hackers as a formidable threat, nevertheless concluded,
“Although Cyber Caliphate declares to support [the Islamic State], there are no
indications—technical or otherwise—that the groups are tied.”
This
has become the consensus view among Western intelligence services that have
closely examined ISIS hacking efforts. From the newsmagazine Der Spiegel we now learn that
German spy services too have concluded that the Cyber Caliphate is really a
secret Russian operation. German intelligence assesses that the Kremlin has
some 4,000 hackers on the payroll of its security agencies, including the
General Staff’s Main Intelligence Directorate or GRU, the Foreign Intelligence
Service or SVR, and the Federal Security Service or FSB. Together, this is a
formidable offensive cyber force that operates through fronts and cut-outs to
attack Western interests.
In
other words, the Cyber Caliphate is a Russian false-flag operation. Although
that loaded term has been hijacked by tinfoil-hat wearers and fringe websites,
including lunatics who think horrific school shootings didn’t actually happen,
it’s a perfectly legitimate espionage method of venerable vintage. Spy agencies
routinely pose as third parties for operational purposes such as agent
recruitment and covert action. The nastier intelligence services will even masquerade as terrorists to
further their agenda.
Nobody
is more adept at this dodgy practice than the Russians, who have been using
false-flags in their spy work for more than a century. Indeed, for the Kremlin,
this commonplace practice constitutes a key element of what they term provocation (provokatsiya in
Russian), meaning the use of spies and their agents to cause secret political
effects that are helpful to Moscow and hurtful to Moscow’s enemies.
The idea
that Vladimir Putin authorized his intelligence agencies to go to cyber war
against the West under an ISIS cloak is anything but shocking to anybody
informed about longstanding Russian espionage tradecraft, what they tellingly
refer to askonspiratsiya (yes,
“conspiracy”). The only innovation here is the online aspect. Everything else
reflects a century of “lessons learned” in Kremlin spy work. These are the
sorts of clandestine things Putin was trained in and actually did as a KGB
officer. And “there are no ‘former’ intelligence officers,” as the Russian
president has stated.
This
has implications far beyond the Islamic State. News
this week that
Russian-affiliated hackers have pillaged Washington, DC, including raiding the
Democratic National Committee and Hillary Clinton’s campaign, ought not
surprise. Among the items pilfered from the DNC include
opposition research on
Donald Trump, the presumptive Republican presidential nominee.
Now we learn that
these Kremlin hacking efforts extend far beyond the DNC. Targets in recent
Russian cyber-attacks include numerous think-tanks, law firms, lobbyists, and
consultants. There were also almost 4,000 Google accounts targeted in a
“spear-phishing” campaign to steal personal and privileged information. It’s
clear that this coordinated offensive aimed at the heart of our nation’s
capital stole a great deal of inside knowledge about America’s political elite
that would be of high value to any foreign intelligence service.
Inside
information about how American politics actually works—including secret deals
between politicians, lobbyists, lawyers, and consultants—would definitely be
something Putin would want to know as his government seeks to understand and
influence our political elite, including whoever is elected our next president.
America
has neglected counterintelligence for so long that we
have allowed Russian intelligence into the heart of not just our security
services but of our democracy itself. Aided by top secret information stolen by
their guest Edward Snowden from NSA about how U.S. cybersecurity works, Kremlin
spies are now feasting on whatever they like in Washington.
I
previously explained in this column how
Hillary Clinton’s email shenanigans helped our enemies, including Russia, while
harming our national security. Now it’s evident that our political system has
been penetrated top-to-bottom by Russian spies. Whoever moves into the White
House in January will face digging out from a security debacle of unprecedented
proportions, with the Kremlin holding the upper hand across the board.
John Schindler is a security expert and former National Security Agency
analyst and counterintelligence officer. A specialist in espionage and
terrorism, he’s also been a Navy officer and a War College professor. He’s
published four books and is on Twitter at @20committee.
No comments:
Post a Comment