As the fight against Islamic State, or Daesh, turned to the offensive in late 2016, cyber operations by the Australian Signals Directorate (ASD) played a key role in shaping a critical battle.
Just as Coalition forces were preparing to attack terrorist positions, terrorist commanders suddenly couldn't connect to the internet, and were unable to communicate with each other.
"Our offensive cyber operators were at their keyboards in Australia, firing highly targeted bits and bytes into cyberspace. Daesh communications were degraded within seconds," said ASD director-general Mike Burgess in a speech to the Lowy Institute in Sydney on Wednesday.
"Terrorists were in disarray and driven from their position -- in part because of the young men and women at their keyboards some 11,000 kilometres or so away," he said.
"Our effects were generated in support of and in coordination with ground manoeuvres. This operation marked a milestone for both Australia and our Coalition partners. It was the first time that an offensive cyber operation had been conducted so closely synchronised with movements of military personnel in theatre. And it was highly successful."
Burgess' speech was another part of his stated mission to bring ASD "out from the shadows", as he declassified another two war stories for the occasion.
While the ASD can and occasionally does conduct high-impact "computer network attack operations" to destroy an adversary's communications, that's only done in "very specific circumstances".
"Our operations are carefully designed to achieve their objective in a much more precise, subtle and sophisticated way. And to be honest, that is far more exciting than smoking computers in cyberspace," Burgess said.
Covert online operator turns a potential terrorist
ASD operatives can assume false identities online to disrupt terrorist networks. One case involved a man who had been radicalised and was in "a remote location overseas" trying to join a terrorist group.
"The risks were significant and the stakes were high," Burgess said.
"If the terrorists didn't accept the newcomer, they would likely execute him.
If they did accept him, they would further radicalise him and train him to kill. It was literally a matter of life and death."
As Burgess tells the story, ASD stood up a specialist team including linguistic, cultural, and behavioural experts who were led by "[ASD's] our top operators", a young woman who was a a science graduate turned "covert online operator... a job title that remained secret until today".
ASD had tracked down and contacted the man online. Using broken English, the operator convinced him to change his method and mode of communication so he couldn't be contacted by the real terrorists.
"Eventually, she convinced the aspiring terrorist to abandon his plan for jihad and move to another country where our partner agencies could ensure he was no longer a danger to others or himself," Burgess said.
"A young operative sitting at a computer in Canberra successfully pretended to be a senior terrorist fighting in a faraway war zone. Her online persona was the inverse of her real one: different gender, age, culture, language, status, and a radically different ideology."
As part of another operation, ASD worked with coalition partners to "damage the terrorist media machine".
"We locked the terrorists out of their servers and destroyed their propaganda material, undermining Daesh's ability to spread hate and recruit new members," Burgess said.
ASD is supporting New Zealand in Christchurch terrorist attack investigations
Throughout his speech, Burgess stressed that the ASD's focus for offensive cyber operations is entirely offshore, and that they're "conducted in accordance with international and Australian law".
"Every mission must be targeted and proportionate, and is subject to rigorous oversight. All our actions are deeply considered, and subject to meticulous planning to consider the potential for unintended consequences," he said.
The ASD's offshore focus includes missions like investigating the terrorist attack against mosques in New Zealand earlier this month.
"I can confirm for you that on that Friday, when that individual was deemed a threat to security, because none of us knew about him beforehand, I sought my Minister's authorisation," Burgess said.
"Since that time we have been supporting ASIO [Australian Security Intelligence Organisation] and our New Zealand counterparts in investigations," he said.
Burgess dismissed the notion that the far-right attack in New Zealand had flown under the radar as a result of security agencies only focusing on the threat of Islamic terrorism.
"Violent extremism, regardless of the ideological cause, is always going to be taken seriously, and of great interest to the Australian law enforcement and security agencies," he said.
Intelligence priorities are classified, but threats to life top the list
Documents leaked via NSA whistleblower Edward Snowden revealed that in 2009 the ASD, then known as the Defence Signals Directorate (DSD), had tracked the mobile phone of Indonesian president Susilo Bambang Yudhoyono for at least 15 days.
Other members of his government were also targeted, including Indonesia's First Lady, the vice president, former vice president, foreign spokesman, domestic spokesman, and state secretary.
So, asked Lowy Institute executive director Dr Michael Fullilove, how is the ASD's targeting decided?
Burgess said that intelligence priorities are set by the National Security Committee of the federal cabinet, and coordinated through the Office of National Intelligence (ONI).
"The priorities themselves are classified, but you would not be surprised that when it comes to threat to life, that is a top focus and priority for government and the agencies. So counterterrorism and supporting military operations," Burgess said.
"If an Australian was kidnapped offshore, and the authorisation was in place, we would work to provide foreign signals intelligence to try and get the safe return of that Australian. That's given," he said.
"The other priorities are guided by strategic circumstances. Some of them may be obvious, some of them not. But I can't talk about them in this forum."
A not-so-covert ASD recruitment drive
Burgess was also keen to dispel the stereotypical image of hackers as seen in movies. The agency will be recruiting "recruiting many hundreds of people" over "the next few years".
"[In the movies] they're always a geek, invariably a guy, wearing black and working in lowlight, instantly hacking systems at will. Usually, they're cavalier, with no regard for the law, and they can just hit the 'enter; key to blow up buildings or do impossible things with electrical surges," he said.
The reality of the ASD is the full spectrum, from "sharp suits" to uniformed personnel from the Australian Defence Force's Joint Cyber Unit, to "the hoodies and jeans that you might expect to see in a tech start-up".
"The operations I've outlined today require linguists, software developers, analysts, code breakers and behavioural experts to name a few," Burgess said.
"And it's not as male dominated as you might think. Our most experienced covert online operators are all women."
When Australia's signals intelligence agency finds a cybersecurity vulnerability, it discloses it -- except in a few cases where it might help fulfil a "critical intelligence requirement".
Claims that the new laws will drive tech companies offshore are flawed, according to ASD Director-General Mike Burgess.
The department admitted it has work to do on fighting external threats.
Former Australian Prime Minister warns the intent of a vendor can change in a heartbeat.
High-risk vendors could previously be confined to the edge of networks, but 5G changes that, the Australian Signals Directorate has said.