ShortList is supported by you, our amazing readers. When you click through the links on our site and make a purchase we may earn a commission. Learn more

This is what's going on in the war on hackers

There's a race between intelligence agencies and insurgents to control the internet

This is what's going on in the war on hackers
22 June 2016

Gordon Corera – author of Intercept: The Secret History Of Computers And Spies – looks at the race between intelligence agencies and insurgents for battlefield internet 

In 24 August last year, a US drone circled above the city of Raqqa – the stronghold of Isis in Syria. The drone was looking for a Briton called Junaid Hussain. When it found the 21-year-old, a button was pressed many miles away by an operator and a missile was sent down to kill him. Drone strikes are controversial, but the US made it clear it had no regrets. “This individual was very dangerous,” a military spokesperson said. 

What was Junaid Hussain best known for? Not for being a leading military commander ordering troops across the battlefield, but for being a computer hacker.

Four years earlier, when he was still a teenager, Hussain had been part of a hacking crew calling itself ‘Team Poison’. It carried out the kind of defacements and caused the kind of trouble other hackers did, but with a political edge, hacking into the email account of someone who worked for Tony Blair and posting personal information online. That landed Hussain in jail. But after his release he made his way to Syria. From there, the US alleged that he had been a central figure in the so-called ‘Cyber Caliphate’, hacking US email and social media accounts and putting personal information about possible targets up on the web. He was also accused of using technology to reach back into the West to encourage others to carry out acts of violence.

This is the new high-tech world in which drones target computer hackers. It is a deadly conflict that is played out not just in the desert and cities of Iraq and Syria but also on the new battlefield of the internet. 


Five years ago, Western spy agencies faced a threat from al-Qaida, which was, in the most part, relatively technologically unsophisticated although still capable of deadly violence. But today members of Isis are drawn from a new generation of digital natives who have grown up with the latest technology. They are comfortable with cutting-edge devices and apps. Technology has transformed the capability of a group such as Isis, allowing it to reach from Raqqa into people’s homes to spread its ideology. In some cases, it uses propaganda to draw people out to Iraq and Syria, but in others it was about telling people in Britain to carry out attacks.

The Briton Mohammed Emwazi, also known as ‘Jihadi John’, who killed American and British hostages on video, was another example of the new technologically adept operative. It took more than a year to track Emwazi, resulting in his death in another drone strike in November 2015. Some Isis operatives have also tried to use technology to communicate effectively and sometimes secretly.

The attacks in San Bernardino, California, showed the concern this creates for the authorities. The FBI launched a legal battle to get Apple to help unlock an iPhone used by one of the attackers. Apple resisted that demand, arguing that creating weaknesses in the encryption that protects people’s data on phones would leave an entry point for hackers and criminals as well as the state. In the end, the FBI found a way to hack the phone without Apple’s help. It paid a company more than $1m to get into the phone, but reportedly found nothing useful on it. The high-profile legal battle only highlighted the gulf between Silicon Valley and the authorities.

That relationship was already fractured by the secrets revealed by the former American NSA contractor Edward Snowden. The top-secret files he extracted revealed to the world how the US used the dominance of American tech companies around the globe to gather intelligence. In the aftermath, the companies tried to distance themselves and show their independence by emphasising their concern for customers’ privacy.

So at the same time as Isis’s use of social media to spread its message has increased, so has the state’s desire to get more from companies, but the companies are focusing more on privacy. And that leads to a bigger question about how far the tech companies should be expected to help in an era when technology has become so central to terrorism. The early signs of individuals being radicalised might be displayed on social media. But how far should companies be responsible for what people do on their platforms? Is monitoring social media content for threats a matter of good corporate social responsibility for companies, or is it the outsourcing of intelligence-gathering to the private sector in which they spy on their users?

Protests against the US Government's attempts to hack iPhones


These are the issues that companies and governments are wrestling with. After pressure from the White House, some companies are now working more with intelligence and law enforcement in the US, taking down social media accounts or material put out by Isis and trying to use ‘big data’ and algorithms to spot those planning attacks or getting involved.

But what worries the security and intelligence agencies most is what could happen next. For all their hacking skills, Junaid Hussain and others in Isis were not able to actually carry out a cyber attack that caused physical destruction. This type of so-called ‘cyber terrorism’ is the dog that has not barked. At least not yet. But it may not be long.On 23 December 2015, a regional electricity distribution company in Ukraine reported service outages. In the middle of the afternoon. What caused it? When experts probed the details, they realised the Ukrainians were right when they said it was something malicious.

The power was switched off because of a co-ordinated cyber attack – the first publicly acknowledged cyber attacks to result in power outages.

This was not the work of teenage hackers. Those behind it had carried out long-term reconnaissance to put them in a position to execute what has been called by experts “a highly synchronised, multistage, multi-site attack”. No one thinks this was the work of terrorists. Everyone in Ukraine is sure it was the Russians.

Recent events have suggested the Nato alliance Western countries are behind Russia in integrating cyber attacks into their operations. Russia has pioneered what has been called ‘irregular’ or ‘hybrid’ warfare in which real-world military operations (sometimes clandestine) are accompanied by propaganda and cyber war. Soon there will be no such thing as ‘cyber spies’, as it will be a given that spying will be cyber-enabled, and the same is true for cyber warfare – it will become an intrinsic part of all military activity. 

The Cyber Caliphate allegedly hacked Air Koryo's Facebook page


Of course, the first and most famous cyber attack with real-world consequences (although not for the general public) was carried out not by a group like IS or al-Qaida or the Russians, but the Americans. They (along with – it’s thought – Israel) unleashed the Stuxnet virus, which entered into the Iranian nuclear facility at Natanz. A series of cyber attacks of increasing sophistication sent the centrifuges that enrich uranium spinning out of control. The first the Iranian engineers knew was a screeching sound. There was no explosion just a clatter as the delicate machines destroyed each other. Initially, the Iranians had no idea why this was happening, but eventually the virus escaped into the wild, and was identified by computer experts and linked to the US and Israel.

Stuxnet remains controversial. Critics say the US set a precedent by carrying out attacks using computer code, but American officials say that a cyber attack
was better than the alternative they were looking at to slow down the possibility of Iran developing nuclear weapons – a real-world attack.

“Speaking personally, it’s only a matter of time,” MI5’s head of cyber told me in 2013 about the threat of cyber terrorism. “The intent is already there, the capability can only follow in a few years’ time.” We are a few years down the road now and much closer to that reality.

And at the same time we are also becoming more vulnerable to hackers and cyber attacks as we put more and more of our information online and connect more and more of the world to the internet. The so-called ‘internet of things’ offers an ‘internet of things to hack’.

The modern battlefield is now digital. An arms race is under way and those who master technology will be the winners.

Intercept: The Secret History Of Computers And Spies is out now 

(Images: PA, Getty, Rex)