The Pentagon is considering increasing the pace and scope of cyberattacks against Islamic State, arguing that more aggressive efforts to disable the group’s computers, servers and cellphones could help curtail its appeal and disrupt potential terrorist attacks.
Military hackers and coders at Cyber Command, based at Fort Meade, Md., have developed an array of malware that could be used to sabotage the terrorists’ propaganda and recruitment capabilities, said U.S. officials who spoke on the condition of anonymity because they were not authorized to speak publicly about internal discussions.
But closing off the terrorists’ communications faces resistance from the FBI and intelligence officials. They warn that too sweeping an effort to constrict internet, social media and cellphone access in Syria and Iraq would shut a critical window into the terrorists’ locations, leadership and intentions.
Moreover, a shutdown of communication nodes could affect humanitarian aid organizations, opposition groups, U.S.-backed rebels and others caught up in the Syrian civil war. A virus could spread to computers outside the country.
Defense Secretary Ashton Carter will meet with his cybercommanders this week at the Pentagon to examine the options, including jamming and viruses, that could be used to target the Sunni Muslim group’s communications, according to the officials.
The White House directed senior Pentagon officials to prepare options for a stepped-up cyberoffensive after evidence indicated that the husband-and-wife shooters who killed 14 people in San Bernardino, Calif., on Dec. 2 had become self-radicalized on the internet and had pledged fealty to Islamic State on social media, said the officials.
Those in the White House “want to see options” for cyberattacks, said one official. “That doesn’t mean they are all in play. It just means they want to look at what ways we can pressure” Islamic State.
For now, the White House is leaning toward more targeted cyberattacks when intelligence can pinpoint specific phones, computers or other digital devices used by the web-savvy terrorists.
“If you do see something that is in service of an active operation, you may want to take some action to disrupt that operation,” Ben Rhodes, the deputy national security adviser, said in an interview.
But there are apparently limits to U.S. cybercapabilities. On Dec. 9, Rep. Michael McCaul (R-Texas), chairman of the House Homeland Security Committee, said Islamic State hackers “have developed an encrypted app and can communicate anywhere in the world from an iPhone without any ability for us to pick up those communications. … They have mastered this dark space.”
The issue has erupted in the 2016 presidential campaign. In response to a question at the Republican candidates’ debate Tuesday, Donald Trump sparked a heated exchange when he said he was “open to closing [the internet in] areas where we are at war with somebody.”
U.S. officials have long criticized China, Cuba, North Korea and other authoritarian states for limiting or barring public access to the internet and social media.
Cyber Command, which is responsible for U.S. offensive operations in cyberspace, has targeted some computer networks and social media accounts since President Barack Obama authorized airstrikes and other operations against Islamic State in August 2014, officials said.
But some Pentagon officials privately argue more can be done. They say computer viruses, so-called Trojan-horse attachments, denial of service attacks and other digital assaults should be used to take down Islamic State communications.
Experts warn that a blackout probably wouldn’t last — and could backfire. The terrorists could send messages and videos through flash drives, satellite phones, or other devices or platforms. Encryption, already widely used by the terrorists, would make tracking them more difficult.
“The more we go after them and take them down, the more we push them into secure areas online,” said Jeff Bardin, a computer security consultant and former Air Force linguist who reads Arabic and tracks radical Islamic groups online.
After Twitter began shutting Islamic State’s official accounts in 2014, for example, the group encouraged its operatives and followers to use encrypted social apps, or to use stronger privacy settings that made them harder to monitor.
Trying to chase and close the volume of traffic on social media may be impossible – about 90,000 Twitter messages a day are sent by terrorists or possible terrorists, according to the Counter Extremism Project, a New York-based nonprofit that tracks such messages online and pressures social media companies to identify and disable accounts that promote terrorist groups.
Moreover, intelligence officials say Islamic State has become more adept at changing computers, cellphones and messaging apps when one is compromised.
When its websites are shut down or recruiters are blocked, they often switch to other sites or accounts and the communication gets out.
“Sitting there trying to play whack-a-mole to knock these communications platforms off can be so complicated and so resource intensive and only marginally effective,” said John D. Cohen, a former senior Homeland Security counterterrorism official who teaches at Rutgers University.
The Obama administration has chosen a middle course so far, shutting the most egregious Islamic State website and accounts — and using others to track and kill recruiters and operatives.
In August, a U.S. drone strike near Raqqah, Syria, killed Junaid Hussain, a British-born hacker who had posted the names, addresses and photos of about 1,300 U.S. military and other officials online and urged followers to attack them.
Officials said Hussain also had been in contact with one of the two armed men who sought last May to attack a cartoon contest that was based on the founder of Islam in Garland, Texas. Police there shot and killed the two assailants.
FBI Director James Comey told the Senate Judiciary Committee this month that one of the men had exchanged 109 messages “with an overseas terrorist” on the morning of the attempted attack.
“We have no idea what he said because those messages were encrypted,” said Comey.
A month later, the U.S. fired missiles into a building in Syria after a terrorist published several posts on social media that were embedded with his precise geolocation coordinates.
The arrest Thursday of Jalil Ibn Ameer Aziz, a 19-year-old resident of Harrisburg, Pa., on terrorism charges highlighted the dilemma for federal authorities investigating potential terrorism cases in the United States.
Aziz created at least 57 Twitter accounts on which he posted propaganda for Islamic State, including photos of executions, and exhortations to launch violent attacks, according to charging documents. But prosecutors relied on those same Twitter accounts to build their case against him.
Twitter repeatedly suspended Aziz’s accounts because of their violent content, but he quickly set up others under the pseudonym “Colonal Shami” that allowed followers to re-establish contact. Last summer he exchanged dozens of messages with other Twitter users about going to Syria and Iraq to fight with Islamic State.
Aziz made an initial appearance in U.S. District Court in Harrisburg after his arrest. He did not enter a plea.