Assessing U.S Military Cyber Operational Capabilities to Counter Pro-ISIS Internet Infrastructure

Dancho Danchev
Oct 20 · 8 min read

In a modern C4I-powered and Network-Centric Warfare-enabled digital battlefield the U.S fighting with the Chinese and the Russians for a “battle of the heart” including the overall disinformation including offensive clandestine and covert ops launched by Chinese and Russian Intelligence Agencies it should be noted that a both proactive and reactive Offensive and Defensive Cyber Warfare strategy on behalf of the U.S Government and U.S Intelligence Community should act as a prompt response for ensuring the global safety and prosperity of a vast network of computers known as the Internet further steaming National Growth and prosperity including Free Speech and major Innovation and Economic Growth boost Worldwide.

In this article I’ll discuss some of the currently active U.S Cyber Command including NSA Offensive and Defensive Cyber Warfare Initiatives through the prism of Anti-ISIS Join Task Force ARES including its practical execution and implementation in the face of Operation Glowing Symphony and offer in-depth discussion on some of the current Cyber Jihad and Cyber Terrorism recruitment and propaganda including active funding campaigns and tactics including actual URLs for currently active Pro-ISIS Cyber Jihad Forums and Community and the associated Network Reconnaissance Based Data.

It appears that the U.S government including the U.S Intelligence Community and U.S CYBERCOM have been busy launching and legally authorizing offensive cyber warfare actions and clandestine and covert operations against ISIS for the purposing of disrupting the Group’s access to Internet communications including the spreading of teaching recruitment and propaganda material through the execution of Operation Glowing Symphony which aims to to track down and shut-down Pro-ISIS online content including the active outreach to NATO-Member Allies whose infrastructure might have been abused in the process.

Based on publicly obtained classified documents courtesy of the U.S Government and the U.S Intelligence Community it appears that the U.S Government including U.S CYBERCOM managed to establish and actually executed a structured and systematic approach in the form of an offensive and clandestine Cyber Warfare operation against ISIS for the purpose of disrupting and undermining their access to Internet-based Communications.

In a campaign entitled Operation “Glowing Symphony” the U.S Military including the U.S Government which authorized the campaign with the help of U.S CYBERCOM appear to have established the foundations for a successful and systematic approach to counter Pro-ISIS online propaganda and recruitment efforts with the help of NATO-Allies through the “restoration of a supposedly claimed Cyberspace region” which inevitably prompted the use of Offensive Cyber Warfare force and actual prosecution of the individuals behind the ISIS-Group and actual recruitment and propaganda campaign.

A Proposed “Civilian Sector” Crowd-Sourced Approach and Methodology for Responding to and Reacting to Online Cyber Jihad and Cyber Terrorism Threats Propaganda and Recruitment Materials:

In the overwhelming sea of information it’s becoming increasingly crucial to not only apply basic automated OSINT processing and enrichment methodologies but also actively introduce a manual based approach for tailored-based and a strategic and tactical based Technical Collection methodologies relying on public and proprietary tools for the purpose of collecting processing enriching and disseminating raw harvested and processed OSINT data for the purpose of presenting the bigger picture to a specific client or a general set of audiences.

In the section of the article I’ll walk you through the process of Technical Collection gathering including the processing enriching and dissemination of actionable raw OSINT data for the purpose of presenting a big picture including the actual presentation of the data to a diverse set of audience and will also present a case study on the Current and Future State of the Cybercrime Ecosystem in the form of OSINT analysis.

Among the key concepts that should be taken into consideration in the initial Technical Collection phase includes active use of passive and active OSINT-based methodologies for the purpose of establishing the foundations for a successful Technical Collection program. Possible raw OSINT sources of information include the popular Pastebin.com including several of the most popular public search engines online including Google. Here are a few examples of active raw OSINT content that needs to be discovered acquired and disseminated including a possible enrichment which I manage to locate on Pastebin.com in terms of building an initial Technical Collection initiative on ISIS.

hxxps://pastebin.com/Xg5K3pt1
hxxps://pastebin.com/x9050k8h
hxxps://pastebin.com/N9rPZ3Ar
hxxps://pastebin.com/PS6RJEgP
hxxps://pastebin.com/QuCGb0w3
hxxps://pastebin.com/2RHRgJwU
hxxps://pastebin.com/3Hs3tBRe
hxxps://pastebin.com/1dZWkDJs
hxxps://pastebin.com/r9Tz7tC9
hxxps://pastebin.com/XxDtwzsa
hxxps://pastebin.com/v4HFqddu
hxxps://pastebin.com/jfF7yfT5
hxxps://pastebin.com/YBmEewMK
hxxps://pastebin.com/DhcssPLn
hxxps://pastebin.com/dZr780T0
hxxps://pastebin.com/bV49SzUL
hxxps://pastebin.com/vYmW62eL
hxxps://pastebin.com/cfeyKCTH

Sample Tools and Public OSINT Services that I’ll discuss and use in this article including the associated Case Study include for the purpose of historical preservation of digital evidence namely the use of a basic Web Crawler to actually crawl and process a specific and newly launched Cyber Jihad and Cyberterrorism type of online community with the idea to historically and legally preserve a copy of the actual communication channel potentially reaching out to U.S Law Enforcement including the U.S Intelligence Community citing potential “new community discovery” and various other current and ongoing Cyber Threats posed by the Cyber Jihad and Cyberterrorism threats posed by the digitally preserved communication channel to be used for Historical OSINT purposes which is a basic Technical Collection principle that everyone that ever comes across to a newly discovered Cyber Jihad and Cyberterrorism type of Web site of community should take advantage of.

Web Crawler — hxxp://www.httrack.com/
Open Desktop Semantic Search — hxxps://www.opensemanticsearch.org
Carrot2 — Open Source Search Results Clustering Engine — hxxps://project.carrot2.org/
Apache Solr Powered Local Yacy Search Engine — hxxps://yacy.net

hxxp://ahlamontada.com
hxxp://al-aqsa.org
hxxp://al-mustaqbal.net
hxxp://al-nahda.com
hxxp://al-rashedeen.info
hxxp://al-waie.org
hxxp://albadil.edaama.org
hxxp://albayanislamac.com
hxxp://albusyro.info
hxxp://albuxoriy.com
hxxp://alemara1.org
hxxp://alfajrtaqni.net
hxxp://alfidaa.biz/vb/
hxxp://alfurq4n.org
hxxp://alintibana.net
hxxp://almaqreze.net
hxxp://almobshrat.net
hxxp://almubarakradio.com
hxxp://alokab.com
hxxp://alqassam.ps
hxxp://alsomod-iea.info
hxxp://alsomod.com
hxxp://altarefe.com
hxxp://alweya.com
hxxp://an-najah.net
hxxp://anjemchoudary.co.uk
hxxp://ansar-alhaqq.net
hxxp://ansar.tv
hxxp://ansar1.info
hxxp://anti-majos.com
hxxp://arrahmah.com
hxxp://azzammedia.com
hxxp://azzammedia.net
hxxp://cageuk.org
hxxp://chechensinsyria.com
hxxp://cyberkov.com
hxxp://dakwahmedia.net
hxxp://darultavhid.com
hxxp://daulahisamiyah.net
hxxp://daulahislamiyyah.com
hxxp://dawaalhaq.com
hxxp://dawatehaq.net
hxxp://dhiqar.net
hxxp://dolatislam.blogspot.sg
hxxp://dr-algzouil.com
hxxp://eldorar.com
hxxp://elmanara.org
hxxp://enfalmedya.com
hxxp://faithfreedom.org
hxxp://fpi.or.id
hxxp://gimfmedia.com
hxxp://globalkhilafah.com
hxxp://gulf-up.com
hxxp://gurmad.info
hxxp://halabnews.com
hxxp://halifat.info
hxxp://heyetnet.org
hxxp://hizb-afghanistan.com
hxxp://hizb-america.org
hxxp://hizb-australia.org
hxxp://hizb-eastafrica.com
hxxp://hizb-pakistan.com
hxxp://hizb-russia.info
hxxp://hizb-turkiston.net
hxxp://hizb-turkiye.org
hxxp://hizb-ut-tahrir.dk
hxxp://hizb-ut-tahrir.info
hxxp://hizb-ut-tahrir.nl
hxxp://hizb-ut-tahrir.org
hxxp://hizb-ut-tahrir.se
hxxp://hizb-uzbekistan.info
hxxp://hizb.org.ua
hxxp://hizb.org.uk
hxxp://hizbut-tahrir.or.id
hxxp://hizbut-tahrir.org.my
hxxp://hizbuttahrir.org
hxxp://ht-afghanistan.org
hxxp://ht-bangladesh.info
hxxp://ht-tunisie.info
hxxp://htmedia.info
hxxp://invitetoislam.com
hxxp://invitetoislam.org
hxxp://isdarat.in
hxxp://isdarat.org
hxxp://isdarat.tv
hxxp://isecur1ty.com
hxxp://isis.zz.vc
hxxp://islaam.com
hxxp://islahhaber.net
hxxp://islam-iea.com
hxxp://islam-in-poland.org
hxxp://islamdaveti.com
hxxp://islamdin.com
hxxp://islamdin.net
hxxp://islamic-dw.com
hxxp://islamicstate.pro
hxxp://isnews.net
hxxp://issdaratj.appspot.com
hxxp://jabhtnosra.appspot.com
hxxp://jamatdawa.org
hxxp://jannatoshiqlari.net
hxxp://jehadway.7olm.org
hxxp://jhuf.net
hxxp://jihadica.com
hxxp://jihadmin.com
hxxp://joinalqarda.com
hxxp://kavkazcenter.com
hxxp://kavkazchat.com
hxxp://khabarpana.com
hxxp://khelafa.org
hxxp://khilafa.org
hxxp://khilafah.com
hxxp://khilafah.net
hxxp://liputan-kita.com
hxxp://maqrezeradio.net
hxxp://millatuibrahim.com
hxxp://mindspring.eu.com
hxxp://mnbr.info
hxxp://moqatel1.clod5.com
hxxp://muqawamah.net
hxxp://muvahhid.info
hxxp://opcharliehebdo.com
hxxp://qassam.ps
hxxp://radioalfurqaan.com
hxxp://radioandalus24.com
hxxp://radyotevhid.com
hxxp://salaf-us-saalih.com
hxxp://salafimediauk.com
hxxp://se-te.com
hxxp://shabakataljahad.com
hxxp://shahamat-arabic.com
hxxp://shahamat-english.com
hxxp://shahamat-farsi.com
hxxp://shahamat-movie.com
hxxp://shahamat-urdu.com
hxxp://shamikh1.info
hxxp://shoutussalam.org
hxxp://somalimemo.net
hxxp://soutalhaq.net
hxxp://sunnahonline.com
hxxp://suwaidan.com
hxxp://tajdeed.org.uk
hxxp://takvahaber.net
hxxp://tarani.info
hxxp://tawhed.ws
hxxp://tevhiddergisi.com
hxxp://tevhiddersleri.com
hxxp://tevhidigundem.com
hxxp://theshamnews.com
hxxp://toorabora.net
hxxp://turkhackteam.org
hxxp://turkiyevilayeti.org
hxxp://twelvershia.net
hxxp://uicforce.co.vu
hxxp://ummah.com
hxxp://ummetislam.info
hxxp://ummetislam.net
hxxp://uptotal.com
hxxp://vdagestan.com
hxxp://voa-islam.com
hxxp://wa3iarabi.com
hxxp://worldakhbar.com
hxxp://www.alokab.com
hxxp://www.alsomod.com
hxxp://www.arrahmah.com
hxxp://www.eramuslim.com
hxxp://www.expliciet.nl
hxxp://www.hilafet.com
hxxp://www.islamdevleti.org
hxxp://www.kalifaat.org
hxxp://www.khilafah.com
hxxp://www.khilafah.net
hxxp://www.khilafah.org
hxxp://www.khilafat.dk
hxxp://www.khilafat.org
hxxp://www.kiblat.net
hxxp://www.kokludegisim.net
hxxp://www.lasdipo.com
hxxp://www.lebensordnung.com
hxxp://www.mykhilafah.com
hxxp://www.newcivilisation.com
hxxp://www.ramadhan.org
hxxp://www.risala.org
hxxp://www.sunnahcare.com
hxxp://www.waislama.net
hxxp://zaidhamid.pk

What should be taken into consideration when obtaining access to and processing these communities would be raw OSINT data in terms of Email addresses and public IPs which could be used for possible attribution. The next logical step would be to ensure that a proper enrichment and colleration strategy is in place the eventual dissemination of the actionable intelligence to a variety of U.S Intelligence Community including international law enforcement agencies for the purpose of launching a possible track down and prosecution including various other clandestine and offensive cyber warfare including operational support type of activities.

hxxp://a3maqagency.wordpress.com
hxxp://abu-qatada.com
hxxp://abubaraa.co.uk
hxxp://abuicanimovic.blogspot.com
hxxp://abujibriel.com
hxxp://abuqatada.com
hxxp://abuqital1.wordpress.com
hxxp://al-busyro.org
hxxp://al-fidaa.com
hxxp://al-jahafal.com
hxxp://al-rashedeen.info
hxxp://albayan.co.uk
hxxp://albayanislamac.com
hxxp://albetaqa.com
hxxp://alboraq.info
hxxp://alfetn.com
hxxp://almaqdese.net
hxxp://almaqreze.net
hxxp://almubarakradio.com
hxxp://almuhajirun.net
hxxp://almuwahhidin.wordpress.com
hxxp://alokab.com
hxxp://alqassam.ps
hxxp://alquds.co.uk
hxxp://alsomod-iea.info
hxxp://alsunnah.info
hxxp://altarefe.com
hxxp://alweya.com
hxxp://anjemchoudary.co.uk
hxxp://ansa1.info
hxxp://ansar1.info
hxxp://anshoruttauhidwassunnahwaljihad.blogspot.com
hxxp://ar-royyan.com
hxxp://arrahmah.com
hxxp://as-ansar.com
hxxp://as-ansar.org
hxxp://at-tawbah.net
hxxp://azzamalqitall.wordpress.com
hxxp://azzammedia.com
hxxp://benmamun.wordpress.com
hxxp://cageprisoners.com
hxxp://chechensinsyria.com
hxxp://cyberkov.com
hxxp://dakwahwaljihad.wordpress.com
hxxp://daruhilafe.com
hxxp://darultavhid.com
hxxp://daulahislamiyah.net
hxxp://dawaalhaq.com
hxxp://dawla-is.cf
hxxp://diarysangterroris.blogspot.com
hxxp://dr-algzouli.com
hxxp://dr-mahmoud.com
hxxp://dwl-is.appspot.com
hxxp://eldorar.com
hxxp://fisyria.info
hxxp://fpi.or.id
hxxp://greenoptimus.blogspot.com
hxxp://halummu.wordpress.com
hxxp://hanein.info
hxxp://heyetnet.org
hxxp://invitetoislam.org
hxxp://iraqirabita.org.uk
hxxp://isdarat-tube.com
hxxp://isecur1ty.com
hxxp://ishobat.wordpress.com
hxxp://ishoomy.blogspot.com
hxxp://islamdaveti.com
hxxp://islamic-state.ga
hxxp://islamic-state.media
hxxp://islamicawakening.com
hxxp://islamicsupremecouncil.org
hxxp://islamqa.info
hxxp://jihad-sabiluna.blogspot.com
hxxp://jihadist-tuts.blogspot.com
hxxp://kafilahmujahid.blogspot.com
hxxp://kavkazcenter.com
hxxp://kavkazchat.com
hxxp://kavkazjihad.com
hxxp://khelafa.org
hxxp://khilafah.com
hxxp://kiblat.net
hxxp://majles.alukah.net
hxxp://maktoobblog.com
hxxp://manbar.me
hxxp://maqrezeradio.net
hxxp://millahibrahim.wordpress.com
hxxp://mo3sl3m.wordpress.com
hxxp://mtj.tw
hxxp://mujahiddin-islam.blogspot.com
hxxp://muslimdaily.net
hxxp://muslm.org
hxxp://muvahhid.info
hxxp://nepras.ps
hxxp://pecixputih.blogspot.com
hxxp://radioalfurqaan.com
hxxp://rumahjihad.blogspot.com
hxxp://shabakataljahad.com
hxxp://shahamat-arabic.com
hxxp://shahamat-farsi.com
hxxp://shahamat-urdu.com
hxxp://shamikh1.info
hxxp://sharia4indonesia.com
hxxp://soutalhaq.net
hxxp://suaraikhwanmuwahhid.blogspot.com
hxxp://sunnahonline.com
hxxp://suwaidan.com
hxxp://tajdeed.org.uk
hxxp://takvahaber.net
hxxp://tawhed.net
hxxp://tawhed.ws
hxxp://tevhiddersleri.com
hxxp://tevhididavet.com
hxxp://thoriquna.com
hxxp://thoriquna.wordpress.com
hxxp://uicforce.co.vu
hxxp://vdagestan.com
hxxp://voa-islam.com
hxxp://www.alfidaa.biz
hxxp://www.alfidaa.info
hxxp://www.alfidaa.org
hxxp://www.almaqreze.net
hxxp://www.chechensinsyria.com
hxxp://www.dinhaqq.info
hxxp://www.dinhaqq.infosc
hxxp://www.eldorar.com
hxxp://www.hanein.info
hxxp://www.invitetoislam.org
hxxp://www.jarchive.net
hxxp://www.mediaumat.com
hxxp://www.mhesne.com
hxxp://www.muvahhid.info
hxxp://www.muwahhid.info
hxxp://www.nokbah.com
hxxp://www.profetensummah.com
hxxp://www.tawhed.ws
hxxp://www.tevhiddersleri.com
hxxp://www.thoriquna.com
hxxp://www.thoriquwna.com
hxxp://xalifati.wordpress.com
hxxp://yenidenislam.com
hxxp://zad-muslim.com

Prior to ensuring that a proper Technical Collection including a possible raw OSINT enrichment strategy is taking place a take-down and a possible Law Enforcement and U.S Intelligence Community outreach strategy should take place ensuring that the data is properly disseminated and properly attributed to a specific threat actor in this particular case the global Cyber Jihad community and ISIS in particular.

In terms of ISIS it should be noted that every then and now a commercial entity tries to actually monetize the ongoing Cyber Jihad and Cyberterrorism buzz with the idea to actually raise funds for an unknown set of cause most commonly funded and operated using basic marketing principles including the active creation and emergence of a popular brand in this particular case the commercial ISIS franchise. Is ISIS dangerous? It largely depends on what exactly is the group trying to achieve in terms of possible recruitment fund raising including active radicalization of online users for the purpose of spreading online Cyber Jihad and Cyberterrorism propaganda.

What should be worth pointing out in terms of ISIS is the fact that they actually managed to scale the brand in particular the introduction of franchise and multi-national and multi-lingual Network Based Asset Operators who further maintained and supported the ISIS campaign through the active production of propaganda material including the actual distribution and hosting of the propaganda material. It should be also noted that the very existence and creation of the ISIS brand directly intersects with the rise and popularity including growth of Social Media with tens of thousands of users who can actually support the brand through direct interaction with the group including the active sharing and distribution including actual hosting of Pro-ISIS based propaganda material for the purpose of enticing more users into participating in the campaign.

The actual modernization of what we commonly know as Cyber Jihad and Cyberterrorism online could be best described as a logical evolution of the active utilization of social media for the purpose of recruitment and the spread of online propaganda including actual recruitment and followers including actual supporters solicitation. This is where ISIS came into play for the purpose of positioning the group as the primary destination spot for Cyber Jihadists and Cyberterrorists online who might be interested in joining a “bigger cause” including the actual perhaps wrongly perceived approach of dominating a specific region of Cyberspace in terms of clustered conversation traffic generation and acquisition successfully positioning ISIS on the actual Offensive Cyber Warfare Map of U.S Government with the actual group aiming to claim a specific Cyberspace region for Cyber Jihad and Cyber Terrorism purposes and rogue operations.

What could the U.S Government do in this particular case? Excluding the actual legal action which means directly approaching the U.S Intelligence Community including U.S CYBERCOM which is basically responsible for offensive and defensive Cyber Warfare operations including the NSA the U.S Government could easily issue an international warning for such type of groups with the idea to clearly demonstrate knowledge and true power of the Cyber Domain successfully claiming back and undermining the credibility of such type of campaigns.

Image courtesy of the National Security Archive.

Dancho Danchev
Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade