Paul Maley, in The Australian, 25 March 2019, where the title is “How Aussie Spies won Propaganda War against ISIS”
In late-2016, as coalition aircraft pounded Islamic State targets in Syria and Iraq, the Australian Defence Force’s Commander of Joint Operations, David Johnston, issued a secret order to the Australian Signals Directorate. For the first time, Defence wanted ASD to use its vast cyber capabilities not for intelligence gathering or targeting — the agency’s traditional missions — but to take down and destroy Islamic State’s propaganda machine. What followed was a two-year campaign in which a small team of offensive cyber operators working out of a squat, grey building in Canberra’s Russell Defence precinct, waged war on Islamic State’s information warriors.
Working in secret and through the night so as to align themselves with the northern time zone, the team hacked networks, destroyed websites, infiltrated chat rooms and stole, or “exfiltrated’’, thousands upon thousands of files.
By the time they were done, Islamic State’s propaganda output had shrunk from a roar to a squeak and the ability of the group’s operatives to produce and disseminate it had been all but destroyed.
The campaign — conducted under the auspices of Operation Okra, the code name for Australia’s military operations in Syria and Iraq — used a sophisticated offensive cyber capability developed in secret by the ADF and publicly acknowledged only three years ago.
In this new, highly sensitive mode of warfare, victory belongs to the side that can most quickly disable or control an enemy’s critical infrastructure — their power grid, their telco network, the centrifuges that separate their nuclear material or, in this case, the media machine that attracted thousands of young Muslims to the black banner of Islamic State.
The operation began in November 2016. The first step was to conduct a detailed intelligence assessment of Islamic State’s media unit as well as an evaluation of the risks involved in shutting it down. The “intelligence gain-loss’’ assessment, as it was known, calculated potentially unforeseen downsides to ripping apart the propaganda unit.
Officially this was the responsibility of the Chief of Joint Operations, although ASD contributed. Would the destruction of the Islamic State information machine deprive the intelligence community of valuable information on who was accessing it? Was it better to have Islamic State operating in plain sight rather than disrupt it and risk having its operation shift to darker corners of the web? The team’s next step was devising what ASD refers to as an “effects plan’’, essentially a description of the mission and how it was to be executed. DSD performs four main functions: supporting Australian Defence Force military operations on the ground, gathering foreign signals intelligence, and cyber security. The fourth is what ASD calls an “effects mission’’. This includes the agency’s offensive cyber capabilities.
Once the effects plan was approved, the team went to work. Between six and 10 operators began by probing Islamic State’s online infrastructure. They were looking for vulnerabilities and access points to its networks and servers. They were also building a picture on how the propaganda machine was structured. Who was running it? Who was producing the material? Where were they? What devices were they using?
One source briefed on the operation said this was where most of the heavy lifting was done. “The hard work is in the intel lead-up. They have specialists in the field who know how to do damage fast.’’
At all times, the team operated in secret. This may sound obvious, but as the source said: “With offensive cyber ops you can choose your level of attribution. They didn’t want them to know it was Australia.’’
A big part of the team’s work involved “deconflicting” with friendly intelligence agencies. The campaign against Islamic State’s digital caliphate was a collaboration with other countries, particularly the Five Eyes governments of the US, Britain, Canada and New Zealand. If the Americans had a particular capability tied up somewhere, the Canadians or the Australians might be asked to step up, assuming they had it and it wasn’t being used elsewhere. But sources close to the campaign said that at the time of the campaign ASD had unique capabilities that none of the agencies could bring to bear.
About 10 offensive cyber operators began by harvesting the passwords of known Islamic State members. They were supported by a team of counter-terrorism analysts who helped identify targets, software engineers, linguists, cultural specialists. A psychologist was on hand to help them predict the reactions of those targeted.
Lawyers were forever being consulted to ensure ASD did not exceed its mission mandate or breach the agency’s most sacred directive: no spying on Australian citizens.
Once they had the passwords, the team used them to gain access to the virtual private networks Islamic State used to communicate. A VPN encrypts and hides a user’s data before it hits the internet allowing them to operate anonymously. Once inside, the DSD team could take command of the network and do with it whatever it wanted. In this case, that meant wreak havoc. More than a dozen administration accounts were hacked, scores of virtual private servers and networks were disabled and about three terabytes of data was exfiltrated. That’s a lot. A single terabyte can hold about two million photos.
The team removed back-ups of Islamic State’s websites and propaganda material. They targeted technical staff and infiltrated dozens of VPNs and virtual private servers.
The BBC Monitoring Service would later report that in October 2017 Islamic State’s daily output dropped from 29 daily messages to just 10. The number of reports produced by its daily news service fell from 421 in September 2017 to 178 in September 2018.
In any other war, such an operation might have been tangential to the main fight. But propaganda was central to Islamic State’s power.
It was propaganda that conveyed the illusion the caliphate was a religious paradise rather than a dystopia that enslaved women and where a fighter’s lifespan was measured in months. It was propaganda that inspired the wave of violence that swept Western cities. And it was propaganda that gave Islamic State the edge over al-Qa’ida in the struggle for leadership of the global jihad. In Islamic State’s carefully crafted vision of itself, the caliphate declared by Abu Bakr al-Baghdadi had provided an answer to years of Muslim subjugation and a restoration of Sunni pride. In truth, that power was an illusion. Islamic State’s success reflected not the strength of its armies, but the weakness of its enemies.
But the illusion had been crucial to Islamic State’s success and it was that illusion ASD set out to destroy in the summer of 2016.
At its peak, Islamic State’s information machine produced tens of thousands of statements, info graphics and slickly shot videos that glamorised life in the caliphate. A second intelligence source who spoke to The Australianestimated that when it was running at full tilt, about 100 people were working in the media unit.
They were IT experts, software engineers, graphic designers and production editors. All were fair game. The group operated its own radio stations, produced its own magazine, which was published in 11 languages, and ran at least three production companies. It is unclear why Defence waited until 2016 to unleash ASD. The war had by then long passed its strategic tipping point. The caliphate was shrinking. Its fighters were dying in their thousands. The group’s propaganda arm had achieved its main goal of drawing radicalised Muslims to the caliphate. What began as a torrent of extremists quitting their homes for jihad had by late-2016 slowed to a trickle.
For years ASD had been gathering intelligence on Islamic State, which at its peak controlled an area of Syria and Iraq the size of Britain. Phone calls, emails, encrypted chats between operatives in Syria and the West, all of it had been hoovered up by ASD’s vast network of satellites and spy planes and funnelled through the agency’s super computers. The intelligence contributed to what by then had become a highly detailed picture of Islamic State, who was running it, how it was organised, and what its senior operatives were thinking and planning.
ASD has said little about its work in Syria “They have to make the enemy believe that what we’re doing is impossible,’’ one intelligence source familiar with ASD’s operations told The Australian.