6,000 Miles or 1 Click? ISIS Aren’t as Far Away as You Think

Posted on January 14, 2015 by


Washington hasn’t quite figured out the Islamic State (ISIS) yet. The Obama administration’s favourite approach, hands-free intervention using fighter jets and training Iraqi and Kurdish forces, isn’t working. The naïve belief that ISIS (or most enemies for that matter) can be defeated without boots on the ground stems from their belief that ISIS are too far away to launch a large scale attack on American soil. This is dangerous.

The White House may well be 6,000 miles away from Ar-Raqqa, the city ISIS has claimed as its capital, but that distance is a whole lot less meaningful online.

The Sony hack made headlines for a number of reasons, but the most important takeaway was the precedent it set. Hackers managed to use sensitive data obtained in a breach to extort and threaten Sony into changing course.

The key thing is that the Sony hack caused no physical damage whatsoever, and neither has almost any other cyber breach. Indeed, a recent infiltration of a German steel mill, detailed in a report released before Christmas, was only the second time this had ever happened. Control systems at the mill were manipulated in such a way that a blast furnace could not be shut down properly, causing a vast amount of damage.

Nuclear Reactor

Decommissioned nuclear reactor at Dounreay, Scotland.

While the motivations behind the hacking of the steel mill might be unclear, it has already been demonstrated that such tactics can be used for political purposes. Discovered in 2010, the Stuxnet worm caused problems at Iran’s Natanz facility. It worked by exploiting zero-day flaws in specific control systems. The virus caused the centrifuges involved with the enrichment of uranium to increase and decrease significantly in speed in order to cause irrevocable damage. The ramifications of a failure in critical infrastructure at a nuclear plant have been detailed by both history and Hollywood. Disaster. The Stuxnet attack opened the eyes of many to the real damage cyber weapons could inflict. A new facet of warfare had been revealed.

It is widely believed, however, that two governments had already grasped the potential of a computer virus as an act of war, and indeed that it was they who created Stuxnet. Their motivation was to disrupt the controversial Iranian nuclear programme, and the evidence points to the US and Israeli administrations.

Even able to infect computers not connected to the internet, Frank Rieger of German hacker organisation Chaos Computer Club described Stuxnet as “a digital bunker buster” (der Spiegel). The virus would install itself from an infected USB drive and attempt to circumvent any anti-virus software it encountered, uninstalling itself if it could not in order to avoid detection. Der Spiegel reported that a European Intelligence Agency had analysed the computer worm and concluded that, due to its sheer complexity, “non-governmental actors” could be “virtually ruled out”. Stuxnet could only be the work of a nation state.

This opens up a whole new set of possibilities, which we can loosely split into two categories. Not all cyber warfare strategies will be open to all actors. A weapon as complex as Stuxnet requires serious capital to bring about, but other attacks (DDoS for example) do not. So while the creation of a Stuxnet MK.II may only be an option for wealthy governments of technologically advanced nations, the ability to conduct acts of war over cyberspace will certainly not be out of the reach of terrorist groups. The potential for terrorist cells to either pay for or carry out rudimentary (but still effective) cyber-attacks is certainly there.

Representative Michael McCaul (R-Texas), chairman of the House Committee on Homeland Security, argued that “assaults from cyber-jihadists will become more common unless the [US] administration develops a strategy for appropriately responding to these cyberattacks”. (Foreign Policy)

The reality is that the world is changing. As the development, possession, and use of cyber weaponry among developed nations proliferates over the next few years, so too will the efforts of radicals and terrorists to obtain similar devices. It is difficult to estimate how much damage a single attack could cause, but it is worth noting that with crucial national infrastructure (power, water, transport, etc.) so often connected to the internet, the possibilities are essentially endless and the potential effects are grave.

In cyberspace, the newest frontier, assailants are difficult to trace and identify, and it is often impossible to determine their allegiances. It would not be a stretch to imagine that, even now, the defences of Western nations are being tested by groups who in years gone by would have sought to use more conventional means of inflicting terror. Nations must view cyber security as equally important as securing their geographical borders.

CC Images Courtesy of Yuri Samollov and Paul Stevenson