U.S. cyber-offensive against ISIS continues, and eyes are now on Afghanistan, general says

As loyalties among Afghanistan’s Islamic extremists continue to shift, the U.S. military may be poised to rely more heavily on offensive cyber capabilities to target one group in particular — the dispersed but still active membership of ISIS, according to one military cyber commander.

Joint Task Force ARES, the outfit charged with running joint and coalition cyber-operations against ISIS, is working to uncover information about how the terrorist group continues to operate in Afghanistan, the deputy commander said Monday.

“JTF-ARES is in or around where ISIS is operating,” Brig. Gen. Len Anderson said during a question and answer at an Atlantic Council event Monday. “We are trying to illuminate the network, trying to figure out how they’re communicating, what they’re using, where the money might be flowing, is there money.”

Although the Islamic State’s physical caliphate has been crushed in Iraq and Syria, reporting from the Defense Intelligence Agency this year says the group still has a network of thousands of insurgents in Iraq and Syria, as well as militia in Iraq, Pakistan and Afghanistan. Security experts are concerned that ISIS is gaining momentum in Afghanistan in part because of the Trump administration’s efforts to establish a peace deal with the Taliban, according to the Financial Times.

Taliban hardliners reportedly have been defecting to ISIS in Afghanistan, also known as ISIS-Khorasan or ISIS-K, over concerns the Taliban will establish a deal with the U.S. in exchange for counterterrorism help.

Anderson would not discuss specific cyber-operations JTF-ARES is using against ISIS now.

The task force was established in 2016 to cripple ISIS digitally by developing malware and other tools to knock out computer and communications equipment. Known operations have included an operation in 2017 in which U.S. and coalition forces used digital means to shut down ISIS command posts one by one, forcing ISIS to reveal alternate command posts in Iraq and Syria. This allowed the Department of Defense to launch traditional military attacks against the outposts. Other capabilities include obtaining terrorists’ credentials, deleting their files, or disrupting their online campaigns, according to The Washington Post.

While prospects for peace in Afghanistan appear to have stalled — President Donald Trump announced earlier this month that he canceled secret talks with the Taliban — Anderson said cyber-operations from the Department of Defense could play a larger role moving forward if the Trump administration follows through on a promise to withdraw troops from the region.

“When we don’t have drones or … we don’t have an actual task force or any other other kinetic option, our only option to go in and get after these terrorists is going to be through non-kinetic means or through JTF-ARES,” Anderson told CyberScoop after his remarks. “With ISIS or really ISIS in any region, as we look at the possibility of U.S. forces even leaving, there’s opportunities for us at JTF-ARES.”

It is unclear if the proposal to drawdown troops in Afghanistan will come to fruition without a peace deal. After 18 years of war, the U.S. has approximately 14,000 troops in Afghanistan.

Global cyber-offensive

Anderson said JTF-ARES is tracking down terrorists globally from Africa to Southeast Asia.

“We’re in their network. We want to know [how] they’re moving money — and sometimes we let them know we’re there,” Anderson said during his remarks, referring to how the task force may intentionally leave traces as a warning shot to terrorists that American cyber operators have been in their networks.

“Now as that physical caliphate has gone away we’re focused on the digital caliphate which is worldwide, it’s global, and that’s where JTF-ARES is going to be,” he said, noting ISIS-K terrorists in Afghanistan “are one of the higher threats as far as the organizations across ISIS.”

ISIS-K terrorists, whose first activity was recorded in 2015, have developed a pattern of attacking vulnerable targets. Just last month the group claimed responsibility for the bombing at a wedding in Afghanistan. In 2017 it was a mosque in Afghanistan; in 2016, a civil hospital in Pakistan; in 2015, a bus.