British spies waged cyber campaign against ISIS, says GCHQ chief

'This campaign shows how targeted and effective offensive cyber can be,' says GCHQ director Jeremy Fleming.

Video: What is cyberwarefare?

Special feature

Special report: A winning strategy for cybersecurity (free PDF)

This ebook, based on the latest ZDNet/TechRepublic special feature, offers a detailed look at how to build risk management policies to protect your critical digital assets.

Read More

Cyber-attacks by British intelligence services have supported operations against the terror group ISIS, in a first-of-its-kind sustained campaign.

The offensive made a significant impact on the operations of the group, also known as Daesh, revealed Jeremy Fleming, director of UK intelligence agency GCHQ.

"GCHQ, in partnership with the Ministry of Defence, has conducted a major offensive cyber campaign against Daesh," he told the National Cyber Security Centre's CYBERUK conference in Manchester.

"These operations have made a significant contribution to the coalition's efforts to suppress their propaganda, hindered their ability to coordinate attacks and protected coalition forces on the battlefield.

"This is the first time the UK has systematically and persistently degraded an adversaries online efforts as part of a wider military campaign," said Fleming, in his first public address since taking up the role of head of GCHQ.

The attacks -- the specific timeframe of which hasn't been revealed -- disrupted the online activity of the terror group.

See also: Cyberwar: A guide to the frightening future of online conflict

"In 2017, there were times where Daesh found it almost impossible to spread their hate online, to use their normal channels, to spread their rhetoric or to trust their publications," said Fleming.

"Of course the job is never done; they will continue to evade and to reinvent. But this campaign shows how targeted and effective offensive cyber can be," he added.

While the operation was the first of its kind, GHCQ believes similar tactics and techniques can be used to disrupt the activities of other groups, including terrorist operations, cybercriminal groups, and nation-state actors.

"This technical savviness, this understanding of the potential of cyber-capabilities extends way beyond terrorist groups. The other protagonists are equally familiar: hostile states and criminal gangs," said Fleming.

"They too are using the enabling power the internet and modern communications provide to spread their ideology and to peddle their lies and the harm they cause is on a much larger scale."

Like home secretary Amber Rudd on the previous day of the CYBERUK conference, Fleming directly called out Russian government backed cyber-attacks, including the NotPetya outbreak, against critical infrastructure and attempts to spread disinformation to sway public opinion in recent elections.

"They're not playing to the same rules, they're blurring the boundaries between criminal and state activity," he said -- and warned that Russia isn't alone in this, with the likes of Iran and North Korea also operating in this space.

"We've seen state-sponsored hackers conducting cyber-attacks to avoid sanctions -- the release of WannaCry by North Korean cyber actors last year, is a great example of that. Some of their malware tools are highly complex, using extensive infrastructure and advanced tradecraft."

See also: The secret to being a great spy agency in the 21st century: Incubating startups (TechRepublic)

While there are numerous threats posed to the UK by nation-state actors, GCHQ is also aware that the cybercriminal gangs also pose a threat to organizations and citizens -- with attackers eager to distribute various forms of malware and ransomware -- and Fleming welcomed Amber Rudd's plans to take the fight to crooks using the dark web.

"Recent prosecutions are showing we really can make a difference in this space. Yesterday you heard the Home Secretary set out the next stage in the government's campaign against cybercrime," he said.

Recent and related coverage

GCHQ 'over-achieved' in hunt for exploits and cyber weapons

But hiring and keeping staff remains a challenge.

GCHQ's cybersecurity accelerator just opened its door to nine new startups

GCHQ has showcased the nine startups chosen to help protect the UK from the cyber-attacks of the future.

Bigger than WannaCry: A giant cyber attack will happen unless we rethink security, says GCHQ

A huge attack which makes WannaCry look like small fry will occur in the not to distant future - unless something changes.

READ MORE ON CYBERCRIME