ISIS Uses Cyber Capabilities To Attack The U.S. Online
AUDIE CORNISH, HOST:
In Hannover, Germany today, President Obama had this to say about ISIS.
(SOUNDBITE OF ARCHIVED RECORDING)
BARACK OBAMA: These terrorists are doing everything in their power to strike our cities and kill our citizens, so we need to do everything in our power to stop them.
CORNISH: Everything in our power includes using cyber weapons. NPR's Mary Louise Kelly has recently reported on how the U.S. is stepping up cyberattacks against ISIS, so we asked her to consider the flip side, how ISIS is trying to attack the U.S. online. Mary Louise, welcome to the studio.
MARY LOUISE KELLY, BYLINE: Nice to be here, Audie.
CORNISH: Let's start there. Can you give us the big picture in terms of capabilities - right? - for ISIS? How adept are they at using, I guess, online tools as a weapon?
KELLY: Sure. And let me try to frame it by breaking it into three prongs. One, we know - we have seen they are very good at using social media to recruit, to spread their message. Two, we know that they are very good at using cyber as a defensive weapon. We saw that with the Paris attacks, with the Brussels attacks. They were able to use encrypted communications to plan those, to carry them out without being detected.
But the third prong is their offensive capability. How good are they - or not - in using cyber as a tool of terror to be able to attack the U.S. and the West? And that question - how good they are, what their capabilities are - that is a big question. It is a live question right now at the White House, at the Pentagon, elsewhere within the U.S. government.
CORNISH: Well, what's known? I mean, has ISIS actually carried out a significant cyberattack to date?
KELLY: The short answer is no. And that is, of course, good news. Adm. Mike Rogers who is the head both of U.S. Cyber Command and of the National Security Agency was asked that very question actually on Capitol Hill earlier this month. He said ISIS's ability today to use cyber as a weapon is limited. But he also said if they decide they want to carry out a cyberattack in the U.S., it would - and I'm quoting - not be difficult for them. And I think that gets to the question of intent, Audie.
One former Pentagon official I spoke with who's worked cyber issues, he agreed ISIS's current capability is limited. He described it as pinpricks at best. But he said consider this - what if they decide they want to buy that capability? Because we know they have money despite U.S. efforts to disrupt their finances. There are people out there with expertise who might be persuaded to share it for the right price.
CORNISH: Any guess as to who might do so? I mean, are there names that the U.S. Intelligence Committee is tracking?
KELLY: One key name that a lot of attention was paid to was Junaid Hussain, a British hacker - now a dead British hacker. He was killed in Syria last year in a U.S. drone strike. He hacked U.S. military accounts, published the names and photos of U.S. troops online. And then he tweeted to his followers and said go try to find these people and kill them.
The two takeaways I would say - one, he didn't succeed, and two, that is - as awful as it is - that is not shutting down the U.S. power grid, for example. That is not a U.S. cyber 9/11. It's not even close. They are not there yet.
CORNISH: Although, we should mention - didn't ISIS hack Central Command?
KELLY: They did last year. They hacked into the CENTCOM Twitter account, and they posted an image of a masked militant. They posted the message, I love you, ISIS, so a huge embarrassment. The Pentagon was quick to point out, hey, this was a Twitter feed. This was not CENTCOM classified accounts. However, I think it drove home the point this is an asymmetric battle that cyber is a great equalizer. All you need is one guy who is determined with a laptop and the ability to write code, new world.
CORNISH: That's NPR's Mary Louise Kelly. Thank you so much.
KELLY: You're welcome.
NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.