- Oct 6, 2018
- Reaction score
- Sunset, Louisiana
Interesting read from NPR...
There was something else about Task Force ARES that was different: Young operators like Neil were briefing generals directly. "A lot of [ideas] come up that way, like somebody says, 'Well, we could gain access and do this to the files.' Really? You can do that? 'Oh yeah.' Would anyone notice? 'Well, maybe, but the chances are low.' It's like, hmmm, that's interesting, put that on the list."
Cardon said young operators on Joint Task Force ARES understood hacking in a visceral way and, in many respects, understood what was possible in cyberspace better than commanding officers did, so having a direct line to the people making the decisions was key.
The one thing on which everyone seemed to agree is that ISIS had found a way to do something other terrorist organizations had not: It had turned the Web into a weapon. ISIS routinely used encrypted apps, social media and splashy online magazines and videos to spread its message, find recruits and launch attacks.
A response to ISIS required a new kind of warfare, and so the NSA and U.S. Cyber Command created a secret task force, a special mission, and an operation that would become one of the largest and longest offensive cyber operations in U.S. military history. Few details about Joint Task Force ARES and Operation Glowing Symphony have been made public.
They began moving through the ISIS networks they had mapped for months. Participants describe it like watching a raid team clearing a house, except it was all online. Logging into accounts they had followed. Using passwords they discovered. Then, just as their move through targets started to accelerate, a roadblock: a security question. A standard, "what was your high school mascot"-type security question.
The question: "What is the name of your pet?"
The room quieted down.
"And we're stuck dead in our tracks," Neil said. "We all look to each other and we're like, what can we do? There's no way we're going to get in. This is going to stop the 20 or 30 targets after this."
Then an analyst stood up in the back of the room.
"Sir, 1-2-5-7," he said.
"We're like, what?" Neil says.
"How do you know that? [And he said] 'I've been looking at this guy for a year. He does it for everything.' And we're like, all right ... your favorite pet. 1-2-5-7.
"And boom, we're in."
"We had to understand, how did all of that work?" Buckner said. "And so, what is the best way to cause confusion online?"
The ideas that flowed up from operators like Neil were endless. Let's drain their cellphone batteries; or insert photographs into videos that weren't supposed to be there. Task Force ARES would watch, react and adjust its plans. It would change passwords, or buy domain names, delete content, all in a way that made it (mostly) look like it was just run-of-the mill IT problems.
But there is a dark side to this new arsenal. The U.S. isn't the only country that has turned to cyber. Consider the case of Washington Post journalist Jamal Khashoggi, who was murdered in a Saudi embassy late last year; cybertools are thought to have been part of that case too. "A lot of the preparation for that and the lead-up to it had to do with Saudi Arabia using offensive weapons," said Ron Deibert, the director of the Citizen Lab at the University of Toronto's Munk School of Global Affairs.