Q+A: Hacking as Propaganda Warfare

Norman Balchunas, operations director of Drexel Cybersecurity Institute and expert in information warfare.

Earlier this week hackers, calling themselves the Cyber Caliphate and acting in support of the Islamic State of Iraq and Syria, gained access to social media accounts of the U.S. Central Command (CENTCOM), posting pro-ISIS messages, videos and images on its twitter, facebook and YouTube accounts. The hackers also claimed to have posted classified documents on the social media pages, but much of the information, it was discovered, is publicly available.

Norman Balchunas, operations director of Drexel’s Cybersecurity Institute, is a retired Air Force colonel who is an expert in information warfare—the military’s term for using propaganda, intercepting or blocking critical information and communications as a tactic during military conflicts. Balchunas gave the Drexel Newsblog his perspective on the CENTCOM hack and what it could mean for a nation that is shifting its focus on cybersecurity.

How does the hacking of CENTCOM’s social media accounts equate to an act of information/propaganda warfare?

ISIS obviously did not gain access to any classified or important information. However, ISIS was able to display their efforts to their constituents as a success in promoting their cyber caliphate; that they could reach anywhere and were causing even Special Operations to take down its cyber systems.

What do cyberattackers gain from taking over Pentagon social media? What is the symbolism of this attack?

ISIS or any adversary is able to communicate to followers that, not only is the United States vulnerable, but also that they, as attackers, are not limited to a geographic region. While this doesn’t amount to a serious attack, it’s indicative of the nature of ISIS’s growing capability and that social media is a vulnerable tool in the free world.

What sort of advantages do propaganda campaigns/hacks like this provide to the aggressor/actor on the stage of information warfare?  What does this sort of attack tell us about the people/group who did it?   

Information warfare has a cheap entry cost in some areas—allowing attackers to communicate a message. Worldwide news agencies covered this very limited activity, which garnered ISIS far more attention than the act itself.

What the cyber attack tells us is that ISIS has a lot of money and access to recruiting across the world. Foreign fighters may not want to travel to Syria to physically fight but can offer their services as part of a cyber caliphate. Countering these efforts globally, and also internally, will be an ongoing challenge.

How do U.S. cybersercurity experts go about discovering where the attack came from?  What can cybersecurity researchers learn from attacks like this to help guard against them in the future?

Being able to determine who is accountable is often a very difficult challenge. As the SONY case unveils, it’s still not clear who was responsible. The forensics across international borders is difficult but countries are cooperating in sharing information in ways we have never experienced before. Researchers are also gaining access to counterparts around the globe and sharing information to ensure secure communications.