While Defense Department officials said that the US began dropping "cyberbombs" on Islamic State last month, the online threat posed by the terrorists deserves an even more profound response: a global, coordinated assault on their entire digital apparatus.
The US and its allies have been reluctant to talk publicly about offensive operations in cyberspace, but now is the time to put the West's collective technical superiority to work in an all-out cyberwar against the Islamic State.
That effort shouldn't just be limited to targeting the outfit's central command. It should include identifying and exposing the transnational network of pro-IS hacking groups, their leaders, their alliances, and how they are working in concert with Islamic State leadership.
This kind of effort would have to include hacking their computers and smartphones, implanting viruses and malware to pull out intelligence data on the organization, disrupting their ability to communicate with one another, and for those who are outside of Iraq and Syria, unmasking their profiles and publicizing their identities.
That may seem like an outsized response to the emerging threat. But if the US and its allies don't act now, the Islamic State could quickly beef up its hacking chops and become impossible to uproot from the open Internet.
It's well known that the terrorists and their allies use social media to distribute propaganda, recruit fighters, and plan attacks, but recent evidence indicates they are also upping their game to carry out disruptive activities against the computer systems and networks of national governments, security agencies, and businesses.
Adm. Michael Rogers, director of the National Security Agency and the head of US Cyber Command, recently warned Congress about the jihadist group’s intentions to conduct cyberattacks against the country. He said that in 2014 militants affiliated with IS had already attempted to do damage through hacking attacks, publishing the personal details of 100 American military servicemen and calling for their assassination.
Whether this is was a data breach or a data dump of carefully compiled open-source information, new evidence supports the validity of Admiral Rogers' claims. Hundreds of Islamic State supporters use the Telegram messenger app to share hacking instructions and guidelines. It appears to be working.
In March, the Caliphate Cyber Army, the terrorists' supposed main hacking unit, publicized the home addresses of police officers in Minnesota and New Jersey. A month later, the group's supporters made public the personal information of 43 US government employees linked to the State Department and other agencies and a couple of days after they published the names and addresses of 3,600 New Yorkers. In all these cases, they call for supporters to carry out "lone wolf" attacks against those they have put on their "kill lists."
The US, however, is not the only target. In April 2015, Islamic State supporters took over the French public service television network TV5Monde. In the fall of last year, malicious hackers associated with IS intercepted e-mails from senior British ministers.
Although there has not been a successful cyberattack linked to physical damage or death, the threat is fast evolving.
"They want to keep moving towards greater destructive attacks or cyberenabled attacks that cause loss of life," Sean Newell, deputy chief for Cyber, Counterintelligence, and Export Control Section at the US Justice Department, said at an event hosted by the Atlantic Council, a Washington think tank.
In response to the growing menace, Defense Secretary Ashton Carter confirmed the US military is engaging in cyberwarfare against the group to interrupt their command and control abilities, their abilities to plan attacks, their finances, and their propaganda machine. The offensive actions include the deployment of a tactical aircraft that can jam any radar and communication devices from Islamic State held territory.
Other governments have joined the effort. The British Government announced last November an investment of nearly 2 billion pounds to create the country’s first “cyberforce” to combat online threats from states and terrorist groups. Similarly, earlier this year the French government declared its plan to hire 500 cybersecurity experts to help in the fight against terrorism.
But the fact is that democracies in the West are playing catch up while Islamic State has enjoyed the freedom to advance its cybercapacities. The international community should not wait until those capabilities are fully developed. It's time to escalate the digital offensive now.
Kyle Matthews is the founder of the Digital Mass Atrocity Prevention Lab at Concordia University. Chantalle Gonzalez is a communications and research officer at the lab.