The GCHQ, in partnership with the Ministry of Defence, has conducted a major offensive cyber-campaign against Daesh, aka the Islamic State/ISIS terror group. This marks the first time the UK has systematically and persistently attacked an adversary’s online efforts as part of a wider military campaign, according to the new GCHQ director, Jeremy Fleming.
“These operations have made a significant contribution to coalition efforts to suppress Daesh propaganda, hindered their ability to coordinate attacks, and protected coalition forces on the battlefield,” the former MI5 agent said, speaking at a UK cybersecurity showcase, CYBERUK2018. “The outcomes of these operations are wide-ranging. We may look to deny service, disrupt a specific online activity, deter an individual or a group or perhaps even destroy equipment and networks.”
He said that the operation was hugely successful, noting that in 2017 there were times when Daesh members found it “almost impossible to spread their hate online, to use their normal channels to spread their rhetoric or trust their publications.”
The campaign, which shows how targeted and effective offensive cyber-attacks can be, is part of a wider effort that also includes the efforts by service providers to remove Daesh material from their sites.
Offensive cyber-capabilities have been controversial, both in the UK and across the globe, with detractors noting that should these weapons fall into the wrong hands, as was the case with NSA hacking tools like EternalBlue, the damage could be catastrophic.
“We know that these capabilities are very powerful,” said Fleming. “The international doctrine governing their use is still evolving. And as with all of our work we only use them in line with domestic and international law, when our tests of necessity and proportionality have been satisfied, and with all the usual oversight in place.”