Operation Glowing Symphony (2016)

From International cyber law: interactive toolkit
Jump to navigation Jump to search
Date The operation was authorized on 8 November 2016.[1]
Suspected actor Joint Task Force Ares (JTF-Ares), affiliated with the U.S. Cyber Command and the U.S. National Security Agency.[2] The U.S. have publicly acknowledged that the principal task of the JTF-Ares was to operate against the Islamic State.[3]
Target The media operation network of ISIS worldwide.[4] More specifically, the accounts and IP addresses of ISIS members who run the organization’s media operation.[5]
Method Such a complex operation was executed by a task force that was composed of a team of operators with various expertise and backgrounds including counterterrorism experts and digital forensics specialists.[6]

The JTF-Ares identified and prepared a list of the key targets, including the 10 core accounts and servers that were used by ISIS to manage the global distribution of its propaganda.[6] Reportedly, the task force then used phishing e-mails to gain access into ISIS’s networks.[6] The priority was given to obtaining access and control over an administrator’s account, which would allow the task force to navigate freely within the ISIS network, opening back doors and planting malware on their servers. After mapping the entire ISIS operation network, the task force operators logged into ISIS accounts, collected data, removed content and locked ISIS operators out of their accounts.[7]

Once in control over the main ISIS media operation accounts, the task force started the next phase of the operation that focused on causing a psychological impact, such as confusion, anger and deception, by deliberately causing technical errors and problems that would look like ordinary IT issues.[6] Such technical disruption and induced deception forced ISIS operators to use more vulnerable and less secure tools that would reveal their physical location, making them potential targets for kinetic attacks.[7]

Purpose The primary purpose of the operation was to deny, degrade and disrupt the global media operations of ISIS and their propaganda.[6][7] In addition to destroying the pro-ISIS propaganda material, and undermining their recruitment and financial activities online, the operation also served a psychological purpose and it also served to support the ground operations.[6]
Result Operation Glowing Symphony successfully managed to disrupt the operation of ISIS in the cyberspace by taking down servers and websites, removing most of pro-ISIS propaganda materials from the internet and denying some key ISIS operators access to their accounts.[5] For instance, the operation managed to shut down the mobile application of ISIS’s official news outlet ‘Amaq Agency’, and interrupted the regular publishing of the group’s most popular magazine online, which was discontinued later together with the organization’s websites in foreign languages.[6]
Aftermath Operation Glowing Symphony has been described as “one of the largest and longest offensive cyber operations in U.S. military history.”[6] In addition to being the first case in which the U.S. has confirmed its engagement in an offensive cyber operation,[8][9] it was seen as the first step towards the normalization of authorizing more future cyber operations.[6]

The operation gave rise to some contentions and heated debates in the U.S. over the success and effectiveness of such cyber operations as well as their impact on the relations between the US and their allies.[7][10] However, a senior official, who was the head of the JTF-Ares at the time, insisted on looking at the bigger picture by stressing the fact that the mere presence of ISIS online after the operation does not say anything about its success.[6] He added that the operation has effectively weakened ISIS and changed its behaviour in the cyberspace.[6]

Overall, Operation Glowing Symphony has been described by U.S. officials as “a watershed moment” in the process of commanding as well as conducting complex cyber operations.[8] It has also been considered as an example of the “American way” of fighting a cyberwar, and a demonstration of its offensive cyber capability.[8]

Analysed in Scenario 12: Cyber operations against computer data

Scenario 15: Cyber deception during armed conflict

Collected by: Alan Haji

  1. USSTRATCOM, 'FRAGORD 06 to USSTRATCOM OPORD 8000-17: Authorization to Conduct Operation GLOWING SYMPHONY, November 8 2016, Secret' National Security Archive (Washington DC, 13 August 2018)
  2. Atlantic Council, ‘Cyber Operations in Context: A Look at Joint Task Force Ares’ (Public discussion by the Atlantic Council’s Cyber Statecraft Initiative, 16 September 2019). See also Michael Martelle, ‘Joint Task Force ARES and Operation GLOWING SYMPHONY: Cyber Command’s Internet War Against ISIL’ (13 August 2018). For the order to establish the JTF, see: USCYBERCOM, ‘CYBERCOM FRAGORD 01 to TASKORD 16-0063 To Establish Joint Task Force (JTF)-ARES to Counter the Islamic State of Iraq and the Levant (ISIL) in Cyber Space, May 5, 2016. Secret//Rel to USA, Redacted’ National Security Archive.
  3. United States, ‘Statement of General Paul M. Nakasone, Commander, United States Cyber Command, before the Senate Committee on Armed Services’ 6–7 (14 February 2019).
  4. JD Work, ‘The American way of cyber warfare and the case of ISIS’ (17 September 2019).
  5. 5.0 5.1 David E. Sanger and Eric Schmitt, ‘U.S. Cyberweapons, Used Against Iran and North Korea, Are a Disappointment Against ISIS’ The New York Times (12 June 2017).
  6. 6.00 6.01 6.02 6.03 6.04 6.05 6.06 6.07 6.08 6.09 6.10 Dina Temple-Raston, ‘How The U.S. Hacked ISIS’ NPR (26 September 2019).
  7. 7.0 7.1 7.2 7.3 Daniel Cohen and Ofir Bar’el, center/cyber-center/Cyber_Cohen_Barel_ENG.pdf ‘The Use of Cyberwarfare in Influence Operations’ p. 36 (Yuval Ne’eman Workshop for Science, Technology and Security, October 2017).
  8. 8.0 8.1 8.2 Michael Martelle, ‘USCYBERCOM After Action Assessments of Operation GLOWING SYMPHONY’ National Security Archive (Washington DC, 21 January 2020).
  9. See also Statements made by BGen Len Anderson, Deputy Commander of the JTF-Ares, during a public panel discussion organized by the Atlantic Council’s Cyber Statecraft Initiative: Atlantic Council, ‘Cyber Operations in Context: A Look at Joint Task Force Ares’ (Public discussion by the Atlantic Council’s Cyber Statecraft Initiative, 16 September 2019).
  10. Ellen Nakashima, ‘U.S. military cyber operation to attack ISIS last year sparked heated debate over alerting allies’ The Washington Post (9 May 2017).