
How the U.S. Hacked ISIS - decoyworker
https://www.npr.org/2019/09/26/763545811/how-the-u-s-hacked-isis
======
eatbitseveryday
I wish articles like this would divulge some details of the technical side of
hacking, rather than keep it a mystical field of study.

What did they hack and how did they “get in”?

Contrary to the title, there is little “how” and mostly “what”.

~~~
banachtarski
Funny, I had the exact opposite reaction. Part of me wishes we divulged less
about our tactics.

~~~
whatshisface
Assuming you're an American, you eventually have a civic duty to find out what
they did so you can evaluate them. You can't wait forever, because once
everyone involved has moved on far enough with their careers (or retired) it
won't be possible for your evaluation to have any impact. Declassification has
to happen at a reasonable speed in order for our system to work.

Although I don't know, I think this story was released for exactly that
purpose, to improve public support for the NSA and Cyber Command. With Snowden
being in the news lately I'm sure they're looking for opportunities to run
cool war stories to balance out their image.

~~~
rootsudo
At the same time, if you're smart you'll notice the propaganda pieces
circulated by AP on-behalf of USA.

One of them is Twitter. "identified accounts" but they aren't shut down or
shunted. Why's that?

Simple - once you identify a target and they're vocalizing their thoughts, why
do you want to limit and censor them? allow them to post, collect metadata and
help it tie together other pieces of the puzzle.Browser ident, time, date,
time of access, ip address, etc.

Meanwhile you'll see in the article a different reason as to inaction.

------
raxxorrax
Interesting, but reads a bit like a bad Tom Clancy novel that I read when I
was around 12.

I think that "hacking a human" as they described it was the most likely
vulnerability. Interesting to see that ISIS actually seem to have a decent
infrastructure. From media reports you would believe that they are mainly some
barbarians that may have or may have not access to electricity, never mind net
access.

That aside: NPR offering a plain text site is just awesome. Found that nearly
by accident since I just wanted to accept that damn cookies.

~~~
throwaway_law
>From media reports you would believe that they are mainly some barbarians
that may have or may have not access to electricity, never mind net access.

Isn't that what all reports after 9/11 would have you believe of al-qaeda and
the taliban? Complete with videos of masked men "training" in deserts by
jumping over logs and climbing ropes? And Reports that Bin Laden is hiding in
mountains?

Meanwhile Bin Laden was living in a large compound in Pakistan all but
protected by the Pakistani military and I believe 8 of the 9/11 hijackers had
degrees in engineering and a couple PhDs among them.

------
codesections
Like others, I'm also left wondering what methods the US is _really_ using.
Obviously, it's too soon to disclose all the details. But compare this (where
the few strategies disclosed involve methods like "guess the answer to a
security question") to something where we _do_ know the details.

For example, the Stuxnet worm used multiple OS zero days and involved hacking
or otherwise exfiltrating signing keys from multiple other third parties
([https://www.quora.com/What-is-the-most-sophisticated-
piece-o...](https://www.quora.com/What-is-the-most-sophisticated-piece-of-
software-ever-written-1/answer/John-Byrd-2)). I bet a lot of that sort of
thing is going on these days too, and we just don't know about it.

~~~
gnode
Maybe this campaign was as primitive as they let on. It's likely that bringing
down a terrorist group's marketing campaign didn't need or warrant a
sophisticated attack, like sabotaging Iran's nuclear programme with Stuxnet
did. A concerted attack effort using public knowledge techniques may have been
enough.

It's in the interest of cyber-warfare actors to not expose their capabilities
unnecessarily. Although efforts are taken to prevent malware from coming to
the attention of enemies / rivals, or even being adopted by them or criminals,
deployment always comes with that risk.

------
appleiigs
I dunno about this article... in the minor hacking I've done, it is tedious
and boring. More like a homework research project than a swat team raid. If
someone said "Fire!" to me I'd laugh.

------
authoritarian
I would hope that a country with the largest military industrial complex in
the world can hack a group of camel herders in a desert. Doesn't seem
particularly impressive

~~~
StreamBright
Also since they supplied equipment to them it would not have been as difficult
to trojan it.

~~~
bpodgursky
The US support of Syrian "moderate" rebels was stupid, shortsighted, and
pretended that the world was a different place.

And I will infinitely fault the Obama administration for providing technology
which immediately fell into jihadist hands, which any reasonable analyst would
have told them would happen.

But it's not accurate to say the US 'supplied' equipment to ISIS. ISIS stole
it.

~~~
will4274
If it was what "any reasonable analyst would have told them would happen," why
isn't it reasonable to assume that was the intention? Governments aren't
single level actors - they are occasionally capable of subtlety - saying one
thing even when intending another.

~~~
bpodgursky
I am not going to debate why "Obama secretly supported ISIS" is stupid.

It's stupid, and if you think it's plausible, you need to honestly evaluate
whether your news sources are informing you or peddling a narrative with an
objective.

------
rokhayakebe
What if any of this never happened and this story was the real hack?

~~~
nbanks
I tried reading an issue of Dabiq once because I was curious about how they
interpreted the Hadith. It was really hard to get, which probably shows that
the cyber attack worked. If their servers were still up it should have been
easy.

edit: I don't recommend reading Dabiq because a decapitation is really
difficult to unsee.

------
mmaunder
"Folder directory deleted"

Cringe.

~~~
jlgaddis
I cringed a bit at that and the end of the next paragraph:

> _Once he did that, he would see: 404 error: Destination unreadable._

Sounds like somebody got their ICMP types and HTTP response codes mixed up
but, hey, they're journalists, not IT guys. We understood their point.

------
vesche
This article has no substance and is seriously completely stupid.

~~~
vecter
You may be right, but this isn't a helpful comment. Per the HN guidelines [0]:

    
    
        Be kind. Don't be snarky. Comments should get more
        thoughtful and substantive, not less, as a topic
        gets more divisive.
    
        When disagreeing, please reply to the argument
        instead of calling names. "That is idiotic;
        1 + 1 is 2, not 3" can be shortened to "1 + 1
        is 2, not 3."
    
        Please don't post shallow dismissals, especially
        of other people's work. A good critical comment
        teaches us something.
    

[0]
[https://news.ycombinator.com/newsguidelines.html](https://news.ycombinator.com/newsguidelines.html)

------
slji
ISIS. Isis is an Egyptian god.

[https://en.wikipedia.org/wiki/Isis](https://en.wikipedia.org/wiki/Isis)

~~~
dang
Fixed now. Thanks!

------
giiguughh
The question should be how US created ISIS

