The killing of two Islamic State in Iraq and Syria (ISIS) hackers is raising new questions about whether the Pentagon is targeting the group's tech-savvy members.
Focusing on digital leaders in ISIS could be an effective way to counteract the extremist group's online recruitment — an area where the U.S. has struggled — military and cyber experts say.
“You might impact the propaganda which is getting them a lot of attention, a lot of young members in Western countries who are being radicalized,” said Robert Lee, a former cyber officer in the Air Force and co-founder of Dragos Security, which helps secure critical infrastructure networks.
“The U.S. has to be very careful here,” Lee said.
“The fact that someone’s involved in hacking or cyber anything should never be the justification for the strike,” he added. “But if they’ve made the kill list, applying some sort of prioritization based on that [skill] absolutely could be a very good consideration.”
ISIS hacking groups have become a notable presence on the Internet, defacing media outlets’ websites, leaking U.S. military members’ personal details, taking over high-profile Twitter accounts, even stealing credit card data.
The unexpected digital achievements have given the extremist group a valuable propaganda outlet and a platform to encourage lone wolf attacks.
According to Steven Stalinsky, executive director of the Middle East Media Research Institute (MEMRI), this digital know-how is the product of an ISIS campaign to recruit computer engineers.
“That’s been a part of their message since they began,” he said.
Stalinsky is the co-author of a recent report on Islamic State hacking that identified 45 separate, successful ISIS cyberattacks in 2015, ranging from the defacement of a website for a horse riding company in Alabama to the release of military members’ personal details.
“It hasn’t been hugely sophisticated, but it’s more terrorizing people,” he said.
Most conspicuously, ISIS-affiliated hackers last January took over the U.S. Central Command (Centcom) Twitter and YouTube accounts. For 30 minutes, the digital assailants tweeted out pro-ISIS messages and spreadsheets with military officials’ information.
In August, a U.S. drone strike killed Junaid Hussain, who was tied to a number of ISIS hacking incidents over the past few years.
Hussain was believed to be the head of the so-called CyberCaliphate, one of several informal ISIS hacking groups, and was linked to the release of personal information on over 1,300 U.S. military and government employees.
More importantly, Hussain was known as a prominent online recruiter, encouraging western sympathizers to carry out lone-wolf attacks.
“He had significant technical skills, and he had expressed a strong desire to kill Americans, and recruit others to kill Americans,” Air Force Col. Patrick Ryder told reporters after the strike.
Two months later, Malaysian authorities arrested Ardit Ferizi, who had allegedly provided Hussain with the data on U.S. personnel. The Justice Department, which charged Ferizi and is trying to extradite him to the U.S., alleges he hacked an American company to steal the sensitive data.
“This case is a first of its kind,” assistant attorney general John Carlin said in a statement.
Then, in early December, another U.S. drone strike took out a lesser-known ISIS hacker, Siful Haque Sujan.
Army Col. Steve Warren, a spokesman for the military’s operation to eliminate ISIS, described Sujan as a British-educated computer systems engineer who worked on hacking efforts and anti-surveillance technology.
“Now that he's dead, ISIL has lost a key link between networks,” he said, using another acronym for the group.
Outside experts were hesitant to describe the three novel incidents as the result of a specific Pentagon strategy, but said they show the military’s desire to attack ISIS’s online recruitment.
“I think there is a campaign going on,” said Malcolm Nance, a counterterrorism and cryptology expert who is the executive director of The Terror Asymmetrics Project.
Since July, he said, there’s been a notable uptick in U.S. airstrikes taking out high-ranking ISIS members. The White House on Friday said coalition airstrikes in December had killed “dozens” of senior ISIS operatives.
“We are literally cutting through this organization’s senior management like a scythe,” Nance said.
He believes the military strikes have focused on digitally-savvy members.
“Degrading their system of propaganda and their ability to operate overtly, clandestinely in the dark Web is going to be one of our highest priorities,” said Nance, who authored an upcoming book, “Defeating ISIS,” which details strategies to counteract ISIS online.
Experts unanimously said the government has been ineffective at using its own digital propaganda to counter ISIS’s Internet recruitment.
“It’s hard for us to go tit for tat [on propaganda] with ISIS, which is very decentralized and is able to put up what they want,” explained Michael McNerney, a former cybersecurity policy advisor for the secretary of Defense who now runs anti-hacking firm Efflux Systems.
“We have no response for that, he added. “We certainly know how to drop missiles."
Experts believe a few well-placed missiles could significantly disrupt ISIS’s hacking efforts.
But others are more cautious and say ISIS can quickly fill its ranks.
“The mantle just gets passed and someone else steps in,” Stalinsky said.
When Hussain went down, his CyberCaliphate hacking group was greatly diminished, according to researchers. But other groups have popped up in its place, Stalinsky said.
Most are hesitant to believe a military campaign could significantly degrade ISIS’s broader online propaganda.
ISIS’s online recruitment efforts are deeply entrenched, explained Christopher Ahlberg, the head of Recorded Future, which analyzes online threats.
“These guys, over a long period of time, years, have build up this... online recruiting capability,” he said, warning that drone strikes alone won't eradicate that.
“They have a solid jihadist product.”