A secret UK cyber operation to undermine Isis ideology and weaken its fighters on the battlefield involved disabling drones, jamming phones and targeting servers to block online propaganda, according to military and security chiefs.
The revelations from Jeremy Fleming, director of the signals intelligence agency GCHQ, and General Sir Patrick Sanders, head of UK Strategic Command, come just two months after prime minister Boris Johnson announced the creation of a “cyber force” run jointly by the military and spy agencies to tackle adversaries in the digital realm. The team, which is expected to grow from a few hundred personnel to 3,000 over the next decade, will bring together Britain’s offensive cyber capabilities within a combined unit.
Discussing their 2016-2017 Isis operation on a Sky News podcast, “Into the Grey Zone”, Fleming and Patrick said it became clear that Islamist militants relied on cyber technology for propaganda, command and control, and attack planning. At the time, Isis was recruiting fighters as it sought to establish a caliphate across large parts of Iraq and Syria.
“It was a very cheap and effective way of waging a terrorist warfare,” Sanders explained. “What we wanted to do was to turn that strength, that dependence that they had on the cyber into a vulnerability, and also to undermine the credibility of their information campaign and of their ideology.”
GCHQ first admitted three years ago that it had launched a big “offensive cyber campaign” against Isis, but has not previously given any details about the operation. While the UK and allies such as the US have acknowledged using offensive cyber, the specifics of their attack capabilities remain highly classified. Adversaries including Russia, China, North Korea and Iran have demonstrated their willingness to use these methods.
Fleming said the joint military and GCHQ team had “disrupted the communication of the Daesh [Isis] fighters on the battlefield” and piloted new technology to undermine Isis drone technology. He also said the UK had sought to stem the flow of extremist propaganda by “remotely getting to [Isis] servers, getting to the places that they stored their material”.
“We wanted to ensure that when they tried to co-ordinate attacks on our forces, their devices didn’t work, that they couldn’t trust the orders that were coming to them from their seniors,” Sanders added. “We wanted to deceive them and to misdirect them, to make them less effective, less cohesive and sap their morale.”
GCHQ’s cyber tactics were reinforced on the ground by separate military operations involving special forces, the Iraqi military and local resistance groups, although details of these have not been released.
While joint cyber operations are already a feature of modern warfare, some critics warn that such activities that fall below the threshold of formal conflict risk being shadowy and unaccountable. Emily Taylor, an expert in cyber and international security at the Chatham House think-tank, acknowledged that countries had to walk an “ethical tightrope” to ensure powerful cyber weapons were being used appropriately and with proper oversight, even on the most classified of operations.
“One of the biggest risks that I see is that [cyber operations] are a very technical area and we have a huge respect in this country for our intelligence services . . . so there can be either a deferential attitude from the people giving oversight or even worse, just an ignorance and inability to hold people to account,” she said.