WASHINGTON—The U.S. military has launched a newly aggressive campaign of cyberattacks against Islamic State (ISIS) extremists, targeting the group’s abilities to use social media and the Internet to recruit fighters and inspire followers, U.S. officials told The Associated Press.
The surge of computer-based military operations by U.S. Cyber Command began shortly after Defense Secretary Ash Carter prodded commanders at Fort Meade, Maryland, last month to ramp up the fight against ISIS on the cyber front.
U.S. officials confirmed that operations launched out of Fort Meade have focused on disrupting the group’s online activities. The officials said the effort is getting under way as operators try a range of attacks to see what works and what doesn’t. They declined to discuss details, other than to say that the attacks include efforts to prevent the group from distributing propaganda, videos, or other types of recruiting and messaging on social media sites such as Twitter, and across the Internet in general.
Other attacks could include attempts to stop insurgents from conducting financial or logistical transactions online.
Several U.S. officials spoke about the cyber campaign on condition of anonymity because they were not authorized to discuss it publicly. Much of the effort is classified.
Carter mentioned the operations briefly Thursday, telling a House Appropriations subcommittee only that Cyber Command is beginning to conduct operations against ISIS. He declined to say more in a public setting.
The more aggressive attacks come after months of pressure from Carter, who has been frustrated with the belief that the Pentagon—and particularly Cyber Command—was losing the war in the cyber domain.
Late last year Carter met with commanders, telling them they had 30 days to bring him options for how the military could use its cyberwarfare capabilities against the group’s deadly insurgency across Iraq and Syria, and spreading to Libya and Afghanistan. Officials said he told commanders that beefing up cyberwarfare against ISIS was a test for them, and that they should have both the capability and the will to wage the online war.
But the military cyber fight is limited by concerns within the intelligence agencies that blocking the group’s Internet access could hurt intelligence gathering.
Officials said Carter told commanders that he wanted creative options that would allow the U.S. to impact ISIS without diminishing the indications or warnings intelligence officers can glean about what the group is doing.
On Jan. 27, Carter and Marine Gen. Joseph Dunford, chairman of the Joint Chiefs of Staff, went to Fort Meade for an update.
Officials familiar with Carter’s meetings said the secretary was frustrated that as Cyber Command has grown and developed over the past several years, it was still focused on the cyberthreats from nations, such as Iran, Russia and China, rather than building a force to block the communications and propaganda campaigns of Internet-savvy insurgents.
“He was right to say they could be more forward leaning about what they could possibly do against ISIS,” said James Lewis, a cybersecurity expert at the Center for Strategic and International Studies. “You could disrupt their support networks, their business networks, their propaganda and recruitment networks.”
However, Lewis added, the U.S. needs to be careful about disrupting the Internet to insure that attacks don’t also affect civilian networks or systems needed for critical infrastructure and other public necessities.
U.S. officials have long been stymied by militants’ ability to use the Internet as a vehicle for inspiring so-called lone wolf attackers in Western nations, radicalized after reading propaganda easily available online.
“Why should they be able to communicate? Why should they be using the Internet?” Carter said during testimony before the defense appropriations subcommittee. “The Internet shouldn’t be used for that purpose.”
He added that the U.S. can conduct cyber operations under the legal authorities associated with the ongoing war against ISIS.
The U.S. has also struggled to defeat high-tech encryption techniques used by ISIS and other groups to communicate. Experts have been working to find ways to defeat those programs.
Cyber Command is relatively new. Created in 2009, it did not begin operating until October 2010.
Early on, its key focus was on defending military networks, which are probed and attacked millions of times a day. But defense leaders also argued at length over the emerging issues surrounding cyberwarfare and how it should be incorporated.
The Pentagon is building 133 cyber teams by 2018, including 27 that are designed for combat and will work with regional commands to support warfighting operations. There will be 68 teams assigned to defend Defense Department networks and systems, 13 that would respond to major cyberattacks against the U.S., and 25 support teams.