Nance - Hacking isis: the war to kill the cyber jihad

Copyright 2017 by Malcolm Nance and Chris Sampson

Foreword 2017 by Ali H. Soufan

All rights reserved. No part of this book may be reproduced in any manner without the express written consent of the publisher, except in the case of brief excerpts in critical reviews or articles. All inquiries should be addressed to Skyhorse Publishing, 307 West 36th Street, 11th Floor, New York, NY 10018.

Skyhorse Publishing books may be purchased in bulk at special discounts for sales promotion, corporate gifts, fund-raising, or educational purposes. Special editions can also be created to specifications. For details, contact the Special Sales Department, Skyhorse Publishing, 307 West 36th Street, 11th Floor, New York, NY 10018 or .

Skyhorse and Skyhorse Publishing are registered trademarks of Skyhorse Publishing, Inc., a Delaware corporation.

Visit our website at www.skyhorsepublishing.com.

10 9 8 7 6 5 4 3 2 1

Library of Congress Cataloging-in-Publication Data is available on file.

Cover design by Rain Saukas

Cover photo credit iStock

Print ISBN: 978-1-5107-1892-0

Ebook ISBN: 978-1-5107-1893-7

Printed in the United States of America

Contents

Foreword

by Ali H. Soufan

Hacking ISIS is a critical book on the dynamics of the cyber caliphate for all cyber warriors. It is a timely book, as ISIS is collapsing and its physical caliphate is passing into history. The potential for a new cyber-based world, a Ghost Caliphate, will definitely allow a physically defeated force to rise from the ashes as a cyber-warfare force.

Malcolm Nance, one of the worlds top terrorism intelligence professionals, and Chris Sampson, a terrorism cyber media expert who has studied ISIS and al-Qaeda for more than eleven years, have produced a brilliant resource to educate cybersecurity specialists, politicians, and the general public about the future risks of how ISISs ideology may spread further in the cyber world. Malcolm and his team have engaged and destroyed ISISs cyber warriors in direct and indirect cyber combat. Though the ISIS warriors are amateur and young, and generally limit their work to propagating their hateful ideology, they have the basic skills to expand from a general nuisance into a credible threat so long as we ignore their potential. As we continue to take this fight with this terrorist enemy to the electronic battlefield, this book will help our cyber warriors and decision-makers defeat them once and for all.

Chapter 1

The Keys to the Cyber Caliphate

When he woke for dawn prayers on 17 May, 2015, Caliph Ibrahim, a.k.a. Abu Bakr al-Baghdadi, the commander of the forces of the Islamic State of Iraq and the Levant al-Sham, a.k.a. ISIS, would be informed of a massacre that had occurred near Deir ez-Zor in eastern Syria. US Special Operations forces had completed a bold and daring direct action, penetrating directly into the heart of the territory occupied by the self-proclaimed ISIS. The Americans had not just carried out a raid but had flown hundreds of miles behind ISIS lines to capture a man named Abu Sayyaf. When the smoke cleared, the Delta troopers had killed every terrorist present including their intended target, but the mission was still considered a resounding success. The New York Times and the Wall Street Journal reported that even though Abu Sayyaf had not been taken alive, during the sensitive sites exploitation, the intelligence team collected four to seven terabytes of computer data that gave US intelligence a treasure trove of information about the financial workings of ISIS.

There was nothing routine about the mission to seize or kill Abu Sayyaf, whose real name was Fathi ben Awn ben Jildi Murad al-Tunisi. He was a Tunisian jihadi and keeper of the keys to the ISIS oil wealth. Abu Sayyaf worked out of the offices of the Euphrates Oil Company at al-Omar, the largest oilfield in Syria. As treasurer to ISIS, it was his job to produce, collect, and distribute hundreds of millions of dollars in profits throughout the caliphate from illicit oil, sale of antiquities and slaves, and levying taxes on Christians. He was a very high-value target, but the generals at the Pentagon would have been reluctant to risk the lives of the most elite soldiers America possessed, the National Mission Force, just to recover a pile of financial data. That could be electronically collected by NSA or purchased by gold or cash from CIA assets. No, there had to be something far more valuable and important in his possession that made the mission an imperative. Whatever it was would have to be a game changer.

The most critical indicator of the importance of the mission and its objective was the fact that the President was moved to sign the order. The intelligence community does not undertake these missions on a whim, and, even with solid intelligence, the payoff would have to exceed the risk by an order of magnitude. The amount of people, intelligence, and weapons dedicated to this type of mission is staggering.

To approve the al-Omar raid would require solid, triple-checked intelligence from multiple sources from inside ISIS itself. The sources would have to be considered extremely reliable and their information triple checked. Once confidence was high, the Director of National Intelligence, the CIA, and Pentagon would have to convince the President that the success-to-failure ratio exceeded ninety percent or more before he would sign the Go order to invade ISIS-controlled Syria.

Why would the notably cautious No-Drama Obama authorize such a momentous mission? He must have been convinced that it would result in something so damaging to ISIS that the risk would outweigh the potential for disaster. The objective could only be one thingthe intelligence keys to the caliphate: a softcopy database, not linked to the Internet, containing the personal data of every man, woman, child, and slave in and under the control of ISIS, as well as the communications and financial links to its affiliates worldwide.

T HE I NTERNAL S ECURITY D ATABASE

When Samir Abd Muhammad al-Khlifawi, whose nom de guerre was Haji Bakr, became the shadow commander of ISISs military wing and its Chief of Spies, he emphasized that ISIS should gather all possible information about every person in their society in order to control behavior, blackmail the influential, or eliminate resistance. He sketched out the design for a massive paper database detailing each members biographical, social, and psychological data.

Derived directly from his experience as a loyal spy under Saddam Hussein, he put together an organization identical to the Baathist intelligence apparatus, but one that could compile information with much more detail on the religious and family aspects of the ISIS communities. He wanted to create a hybrid al-Qaeda-Saddamist religious extremist police state impervious to foreign intelligence penetration and resistant to rebellion.

He was the right man for the job. To this end, he did a complete brain-dump of everything he had learned as a Baathist and implemented a new network for the religious terror nation. In this respect, Haji Bakr was pitch-perfect. Der Spiegel s discovery of his handwritten notes on how ISIS collects intelligence and databases the histories of all who fall under its control were found after he was ambushed and killed in 2014. He ordered his intelligence division Emirs (Princes) and subordinate cells to check and cross-reference information on all levels of ISIS society to ensure the trustworthiness and loyalty of its subjects.