Into the Grey Zone: The 'offensive cyber' used to confuse Islamic State militants and prevent drone attacks

·6-min read

The UK has revealed new details about a secret cyber operation against Islamic State that targeted the group's ability to fly drones, meddled with its phones and hit its propaganda.

The mission gives a sense of the kind of hacks and other covert attacks Britain is able to conduct against countries, criminals and terrorists in the grey zone of cyberspace.

Jeremy Fleming, director of GCHQ, and General Sir Patrick Sanders, commander of Strategic Command, spoke to Sky News in their first joint interview about the IS offensive - most active in 2016 into 2017 - and the work of a new National Cyber Force.

:: Subscribe to Into The Grey Zone on Apple Podcasts, Spotify, Spreaker

"We need to be able to compete with our adversaries. We need to be able to contest in cyberspace," Mr Fleming said.

With IS, this meant deploying cyber capabilities on the battlefield in Iraq and Syria to attack the devices the militants were using to communicate.

It also meant going after a highly-effective online information campaign by the extremists, who exploited the internet to reach into the minds of people around the world, sharing posts and videos aimed at attracting new recruits and amplifying acts of terror.

The cyber fight against Islamic State

General Sanders said the terrorist group had been using "cyber technology as a strength".

"What we wanted to do was to turn that strength, that dependence that they had on cyber, into a vulnerability and also to undermine the credibility of their information campaign and of their ideology," he said.

The goal was to make IS "go dark", according to an officer who was involved.

Mr Fleming and General Sanders were speaking on a Sky News podcast that explores how countries, criminals and terrorists fight each other in a grey zone between war and peace. Cyber plays a key role.

IS shocked the world in 2014 when it declared the creation of a caliphate after seizing swathes of Iraq and Syria.

The militants viewed anyone who did not believe their warped interpretation of Islam as an enemy.

The UK first thought about using cyber weapons against the group that same year.

The idea was developed over the following 12 months and fully under way - with much of the covert effort carried out by spies at GCHQ's headquarters in Cheltenham - by 2016 into 2017 as part of a far more visible US-led military campaign.

Britain has previously acknowledged it used "offensive cyber" tactics against IS, but this is the first time anyone has spoken publicly in such detail about what happened.

Preventing Islamic State drone attacks

One element of the mission was to disrupt attempts by IS to launch attacks from the air with drones. That involved GCHQ officers and British special forces, who were deployed in the region in support of the Iraqi military and Syrian democratic fighters.

"We piloted some really early technologies to disrupt Daesh's (Islamic State's) use of some pretty basic drone technology, but which was causing us a problem," Mr Fleming said.

The GCHQ director declined to further describe how this happened other than to say: "We used cyber techniques to affect how a drone operated."

Confusing militants by disrupting phones

The UK also targeted the devices, such as mobile phones and laptops, that IS extremists were using to communicate with each other on the ground.

It is thought the operation stopped commanders from being able to send instructions to their foot soldiers or altered the content of these messages, meaning individuals might be tricked into heading in the wrong direction and getting killed.

There is also evidence some fighters, no longer able to send or receive messages, felt so cut off and isolated that they simply dumped their weapons and left the battlefield, Sky News understands.

"We wanted to ensure that when they tried to co-ordinate attacks on our forces, their devices didn't work, that they couldn't trust the orders that were coming to them from their seniors," General Sanders said.

"We wanted to deceive them and to misdirect them, to make them less effective, less cohesive and sap their morale.

"But you can't just do that in cyberspace. You have to co-ordinate and integrate that with activities that are going on on the ground, whether it's from our own forces, special forces and others."

Disrupting Islamic State's online propaganda

The other, much broader, dimension to the cyber mission was an effort to takedown or degrade IS online propaganda and its ability to use social media and online chat rooms to groom new recruits.

This involved conversations between governments and the big technology companies like Facebook and Twitter to remove harmful content from their platforms.

But, for material that remained out of reach British cyber spies launched malware against computer servers in different countries around the world to lock IS out of their accounts, delete and distort information on their files and remove online posts and videos.

US cyber operators were also involved in the effort.

Mr Fleming said: "We prevented their propaganda, both through physical actions on the battlefield, but also remotely getting to their servers, getting to the places that they stored their material."

Creation of the National Cyber Force and using 'offensive cyber'

The need to be able to use cyber tactics to cause harm against adversaries and to disrupt or deter attacks prompted the UK to establish the National Cyber Force in a partnership between GCHQ and the military.

The Secret Intelligence Service, MI6, and the defence laboratory at Porton Down are also involved. The force was officially avowed in November 2020, though it had been operating since April of that year.

General Sanders explained what is meant by offensive cyber.

"It's a combination of technology, really clever technology and people," he said.

This includes the use of malware to cause physical damage, from encrypting files on a laptop to shutting down a power station.

But far more fundamentally, offensive cyber is about influencing people such as by posting false information on social media, hacking and leaking data online, or distorting the content of an email or text message to fool an opponent.

"In some respects, the most important, the most relevant use of cyberspace is that the real power is in influence and not in sabotage," General Sanders said.

Using offensive cyber in other arenas

The propaganda campaign by IS is one example, but so too are alleged attempts by hostile nations like Russia to use disinformation against the UK and its allies. The Kremlin has denied such allegations.

Asked whether defending democratic events like elections from a disinformation operation is something the cyber force could be used for, General Sanders said: "Yes.

"What you're seeing are our adversaries, our rivals, exploiting the tools that are meant to make for a more utopian society - so things like social media - against us, fuelling conspiracy theories and really sowing division and tearing the fabric of society apart.

"You could go so far and describe it as almost fuelling a civil war inside some of these societies.

"So when it comes to promoting the cohesion of society and to protecting our democratic processes and countering the sort of hack and leak examples that you describe there, that, yes, offensive cyber is unquestionably one of the tools that is available to governments and we don't do this alone."

You can hear much more from these interviews as well as from a woman who was once described by a national newspaper as the UK's top offensive cyber spy in the latest episode of the Into The Grey Zone podcast.