US Cyber Command was not prepared to handle the amount of data it hacked from ISIS

Operation Glowing Symphony was a success, but Cyber Command operators were not prepared for the amount of data they found in hacked ISIS accounts and servers.

How NYC Cyber Command processes potential threat events very, very quickly

Special feature

Cyberwar and the Future of Cybersecurity

Today's security threats have expanded in scope and seriousness. There can now be millions -- or even billions -- of dollars at risk when information security isn't handled properly.

Read More

Documents obtained through FOIA (Freedom of Information Act) requests and made public today reveal that while successful, the US Cyber Command's campaign to hack ISIS faced some issues, such as lacking the storage space to store all the information stolen from ISIS accounts.

The six heavily-redacted documents published today by the National Security Archive at the George Washington University in Washington, DC, reveal the conclusions of a 120-day assessment US Cyber Command conducted after the completion of Operation Glowing Symphony.

Carried out in November 2016, Operation Glowing Symphony was a classified offensive cyber operation executed by Joint Task Force Ares (JTF-Ares).

The operation's primary task was to disrupt ISIS' online presence and propaganda efforts, by hacking or hijacking online social media accounts, and taking down websites and servers used by the terrorist group to spread propaganda materials and recruit new members.

According to a 120-day post-mortem assessment of Operation Glowing Symphony, US Cyber Command did not anticipate the magnitude of the data they would eventually end up exfiltrating from compromised ISIS infrastructure.

"The assessment reveals that a key challenge to exploitation was storage of the data itself, an indication of the operation's scope relative to USCYBERCOM's capacity at the time," said Michael Martelle, analyst for the National Security Archive.

Documents show JTF-Ares operators adapted as they went on.

A recommandation included in the 120-day post-mortem assessment was that US Cyber Command's Capabilities Development Group (CDG) develop new data storage solutions for future operations.

But data storage was just one of the technical and bureaucratic issues that JTF-Ares faced at the time. Other issues mentioned in the assessment include challenges in coordination with other coallition members and US government agencies, and a lenghty and overly complex process for vetting suspects, which made it difficult to engage time-sensitive targets.

The six documents are available on the National Security Archive website. Operation Glowing Symphony has been detailed in other reports by NPR, ABC, and Darknet Diaries.