Driving the Islamic State –ISIS – out of Syria and Iraq isn’t necessarily going to defeat the terrorist organization unless its influence in cyberspace is substantially reduced as well.
What the U.S. and its allies need to do is mount a digital counterinsurgency to combat ISIS, says Jared Cohen, founder and director of Google Ideas. But if such an effort is to succeed online, it will need to be far more comprehensive and effective than it has been to date. Writing in the latest edition of Foreign Affairs, Cohen laid out his plan for a ramped-up war in cyberspace. “Instead of resorting to a single tool, opponents should treat this fight as they would a military confrontation.”
A digital conflict of the kind he envisions is unprecedented, but on the other hand, so is the threat: this is the first time that a terrorist organization has managed to occupy such a large swath of physical terrain while simultaneously establishing such an influential digital presence. It’s “a harbinger of things to come.”
Initially, efforts to marginalize ISIS online were limited to taking down social media accounts used by its followers. In 2014, for instance, British authorities, in coordination with companies like Google, Facebook, and Twitter, removed more than 46,000 incendiary pieces of ISIS propaganda. That same year, YouTube took down approximately 14 million videos. In April 2015, Twitter announced it had suspended 10,000 accounts linked to ISIS on a single day. But it was a Sisyphean task, especially because little was done to deter ISIS supporters from using popular encrypted messaging platforms like WhatsApp, Kik, Wickr, Zello, and Telegram. At the same time digital media production houses like the Al-Hayat Media Center continued to turn out polished videos and promotional material on behalf of the organization.
Like any major corporation, ISIS has its own PR department — the central command for digital operations — that determines the messaging and media strategy. At first, the messages it decides on are sent only to a select group of ISIS leaders — think of them as middle management — who may operate as many 12-50 separate accounts under different names. They in turn are responsible for implementing the agenda set by the central command. The message is then disseminated to the rank and file, using what Cohen calls “guerrilla-marketing tactics.”
In June 2014, for example, Isis supporters barraged soccer fans with propaganda by seizing trending hashtags related to the World Cup. ISIS’ digital warriors run the risk of having their accounts taken down, of course, but it’s a small price to pay — literally: it’s easy to set up another account under a new identity and purchase thousands of fake followers from social media marketing firms for a mere $10. ISIS can also rely on the support of a large number of sympathizers around the world with no formal links to the organization, but who “once drawn into ISIS' echo chamber by the rank and file… spend their time helping the group disseminate its radical message and convert people to its cause.”
Western intelligence analysts still can’t figure out who in the organization is responsible for what. Its organizational hierarchy is too opaque. After the Paris attacks, for instance, ISIS released a video taking credit, more or less saying: We did it and we’re proud of it. But there were anomalies about the video that struck Graeme Wood, a writer and contributing editor at Atlantic Monthly who has done extensive research on the militant group.
The ISIS claim of responsibility for Paris, he notes, was less florid and lacked the polish of videos that it released after earlier attacks; moreover, it contained grammatical errors in both the Arabic and French versions, raising the possibility that the attacks weren’t ordered by the central command at all. That may explain why the ISIS propaganda machine was caught unprepared and did such a slapdash job. Graeme notes that just after ISIS took credit for the carnage in Paris it released a video about how easy it was to do laundry in Raqqa, its de facto capital in Syria, as if to drive home the message that potential recruits could expect to enjoy the same amenities in the self-styled caliphate that they have at home.
To supplement its human propagandists, ISIS has taken a lesson from spammers and opened thousands of fake accounts that automatically generate messages, using Twitter bots to multiply tweets exponentially and monopolizing comment sections of social media sites like Facebook and YouTube.
The good news is that the very tools that ISIS is using online to get its message across can be used against it. “We’re already doing most of the things with spammers, cyberbullies, Russian troll bombs,” Cohen says. LinkedIn offers a promising precedent; after its site was bombarded by spammers, the company set up a false account to divert them so that “spammers ended up spamming other spammers.”
One way to retaliate against ISIS is by mobilizing “a nonhuman digital army” against ISIS using machine learning, a form of artificial intelligence based on algorithms that can learn and make predictions from data. Moderators in chatrooms will rely on machine learning to filter out vitriolic comments from users. Advertisers use it when they target a particular demographic of consumers based on their income, interests and history of previous purchases. The same technology can “identify, map and deactivate accounts of terrorist supporters” with greater precision and on a greater scale than what could be achieved by humans trying to accomplish the same thing.
“Drive a wedge between people who operate the accounts and automated accounts,” Cohen urges, noting that private companies are incentivized to eliminate false accounts. The suspension of terrorist accounts, however, has to be targeted — more like kill-or-capture raids than carpet bombing — than by imposing blanket suspensions; the objective is to eliminate the accounts of the leadership rather than wasting resources shutting down those of their followers.
But there’s a risk of forcing terrorist commanders to operate exclusively in the Dark Web — the part of the Internet that because it isn’t indexed by search engines like Google is a favorite playing ground for drug dealers and sex traffickers. Exiling ISIS leaders might splinter the group, making it more difficult for intelligence officials to track, and risk creating rogue groups that could launch "doxxing" attacks — publically disclosing sensitive information about their enemies — or taking down websites with distributed denial-of-service campaigns.
Taking the offensive against Isis to cyberspace will require the cooperation of a number of actors just as it does on the physical battleground. Optimally, such a coalition would include intelligence officials, computer engineers, tech companies, nonprofits and international organizations. But Cohen takes issue with FBI Director James Comey when it comes to encryption.
Comey argues that by encrypting their services, companies like Google and Apple are in effect making it easier for terrorists to communicate while denying U.S. intelligence agencies the ability — via a digital ‘backdoor’ in the encryption software — to find out what they’re up to. Cohen says that there’s little evidence that adoption of advanced encryption techniques has allowed terrorists to plan or carry out any attacks. If government searches are too broad, he adds, it’s difficult for companies to respond and not terribly useful as a means of finding actionable intelligence. (Of course, he’s a Google guy.)
“ISIS will be neutered as a digital threat when its online presence becomes barely noticeable,” Cohen wrote in Foreign Affairs. “The group would find it either too risky or tactically impossible to commandeer control of social media platforms and public chat rooms, and its digital content would be hard to discover.” Success, he cautions, will only be achieved incrementally, not in one fell swoop.
And greater challenges may lie ahead, Cohen recently told guests attending a panel discussion in Washington sponsored by the magazine. Though it’s doing a masterful job of exploiting social media, ISIS hasn’t shown itself to be very tech savvy when it comes to launching damaging cyberattacks against its adversaries. But that could change. Like any corporation, ISIS wouldn’t have to search ‘in-house’ to find the technical know-how; it could emulate Google or Facebook and acquire talent with the capability. There are plenty of brilliant hackers who are ready to work for the highest bidder; if necessary, ISIS could hide its identity so that the hackers wouldn’t have to know who was paying them.
For the immediate future, though, the priority of law enforcement should be to try to head off would-be recruits before they can get on a plane to Syria. One way to do this is to scare the hell out of them. “Governments can inject risk into the ecosystem,” Cohen says. Anyone who went online to look up a flight itinerary to Syria, for instance, would be presented with news stories about others who made the attempt, only to be arrested at the airport.
Because ISIS is far from monolithic and counts among its followers disaffected Iraqi Sunnis, devout Islamic scholars, lonely teenagers and young men and women who are looking for romance and adventure, any counternarrative has to be tailored so that it can reach a variety of followers and sympathizers with very different motivations. As a model of such a strategy Cohen points to suicide-prevention and anti-bullying campaigns. One example that shows some promise in this regard is a cartoon series marketed through YouTube called Abdullah-X, which promotes an anti-extremist message. Most YouTube users were drawn to it because of targeted ads, not because they found it on their own.
Cohen concedes that there’s little chance that any counternarrative to ISIS can win the hearts and minds of Muslims who support the caliphate. But there may be alternatives, he says, adding that they may consist of “things we don’t like,” but which at least may divert potential recruits from committing violence. What these ‘things’ would be, though, he doesn’t say.
Cohen acknowledges that a digital counterinsurgency campaign “represents uncharted territory,” but in contrast to combat on the real battlefield, the costs of failure are low because “those who fight digitally face no risk of injury or death.” But fighters in the real world are still going to be injured and killed. As Cohen says, “You can’t fall into the trap of believing that the battle can be won by technology.”