In 2016, a US-led coalition of international hackers began a precision strike on the media network of Islamic State.
The Australian Signals Directorate (ASD) contributed a team of 20 to what was known as Operation Glowing Symphony.
This week, ABC reporter, Stephanie Borys, spoke with two members of the ASD team involved in the operation who shared their experiences with the operation.
Lead Offensive Cyber Operator, Sarah (whose real name was kept hidden), described the working conditions on the floor of the cyber offensive against ISIS.
“We had a row of terminals the length of the operations room,” she said.
“We had set ourselves up with different teams to go after different targets and with that I would be walking the floor.
“I’d oversee and direct each of the operators, in turn this included overseeing when they were hijacking some of the accounts, blocking them out, stealing their content and then taking them all down.”
The purpose of this large-scale coordinated attack was to severely disrupt the ability for ISIS to spread its message online.
“We had an extensive sheet of targets that was pinned against the wall that all the operators were looking at and tactically going in through that process of access the accounts, lock them out, steal the content and delete it all,” Sarah said.
ISIS’ persistent global presence on the web was the main target.
In order to take that out, Operation Glowing Symphony began analysing the network of users and administrators who were posting and sharing propaganda content like videos of beheadings and ISIS’ online magazine, Dabiq.
By destroying the materials, they hoped to stop the spread of ISIS propaganda.
“We were going after the networks where they’re hosting the material that’s coming off the battlefields, where they’re doing graphic design of that material coming off the battlefields,” Sarah said.
“Where are they storing this or projecting it out globally, is it through websites?”
NPR ran a story in September outlining Operation Glowing Symphony from the US perspective.
In that report, a US military hacker, codenamed Neil, said their analysis of the system showed that the whole media network was tied back to just 10 accounts.
"Every account, every IP, every domain, every financial account, every email account ... everything," Neil said.
“If we could take those over we were going to win everything."
Sarah from the ASD likened the ISIS media network to a house.
“These were the 10 doors that we found that we could get in to then do the remainder of the actions to disrupt it,” she said.
The ASD didn’t confirm which methods they used to gain entry into those crucial accounts, but Sarah said “there’s multiple ways in which you can get into the door”.
NPR confirmed that phishing emails helped provide early access for the operation, and that the attack required long-term observation of targets to better understand their behaviour.
Ben Staughton, First Assistant Director-General of Network Operations and Access with the ASD, described what the result of the offensive would have looked like for people operating ISIS’ media network.
“There would be nothing left inside them; it looked like scorched earth,” he said.
“So all the material in them would be gone, all the links to other accounts would be gone, all the links to other networks would be gone.”
Military operations are being combined with efforts led by governments and tech companies to stop the spread of messages sent by terrorist organisations.
At the G20 earlier this year, world leaders signed the Statement on Preventing Exploitation of the Internet for Terrorism and Violent Extremism Conducive to Terrorism.
The Australian government also has the power to ‘give written directions’ for carriers and service providers to remove terrorist content.
But the Islamic State continues to circumvent international authorities, with a recent Vice report saying that ISIS is using a blockchain app called BCM to anonymously store and transfer its propaganda material.
