WASHINGTON — America’s fast-growing ranks of secret cyberwarriors have in recent years blown up nuclear centrifuges in Iran and turned to computer code and electronic warfare to sabotage North Korea’s missile launches, with mixed results.
But since they began training their arsenal of cyberweapons on a more elusive target, internet use by ISIS, the results have been a consistent disappointment, American officials say.
The effectiveness of the nation’s arsenal of cyberweapons hit its limits, they have discovered, against an enemy that exploits the internet largely to recruit, spread propaganda and use encrypted communications, all of which can be quickly reconstituted after American “mission teams” freeze their computers or manipulate their data.
It has been more than a year since the Pentagon announced that it was opening a new line of combat against ISIS, directing Cyber Command, then six years old, to mount computer-network attacks. The mission was clear: Disrupt the ability of the Islamic State to spread its message, attract new adherents, pay fighters and circulate orders from commanders.
But in the aftermath of the recent attacks in Britain and Iran claimed by ISIS, it has become clear that recruitment efforts and communications hubs reappear almost as quickly as they are torn down. This is prompting officials to rethink how cyberwarfare techniques, first designed for fixed targets like nuclear facilities, must be refashioned to fight terrorist groups that are becoming more adept at turning the web into a weapon.
“In general, there was some sense of disappointment in the overall ability for cyberoperations to land a major blow against ISIS,” said Joshua Geltzer, who was the senior director for counterterrorism at the National Security Council until March. “This is just much harder in practice than people think. It’s almost never as cool as getting into a system and thinking you’ll see things disappear for good.”
The ISIS agenda and tactics make it a particularly tough foe for cyberwarfare. The extremists use computers and social media not to develop or launch weapons systems but to recruit, raise money and coordinate future attacks.
Such activity is not tied to a single place, as Iran’s centrifuges were, and the militants can take advantage of remarkably advanced, low-cost encryption technologies. ISIS, officials said, has made tremendous use of Telegram, an encrypted messaging system.
In the endeavor, called Operation Glowing Symphony, the National Security Agency and its military cousin, United States Cyber Command, obtained the passwords of several ISIS administrator accounts and used them to block out militants and delete content. It was initially deemed a success because battlefield videos disappeared.
But the results were only temporary. American officials later discovered that the material had been either restored or moved to other servers. That setback was first reported by The Washington Post.
The experience did not surprise veteran cyberoperators, who have learned, through hard experience, that cyberweapons buy time but rarely are a permanent solution.
The attacks on Iran’s Natanz nuclear facility, begun in the George W. Bush administration and code-named Olympic Games, destroyed roughly 1,000 centrifuges and set back the Iranians by a year or so — the amount of time is still hotly disputed. But it created some room for a diplomatic negotiation.
The attacks on North Korea’s missile program, which President Barack Obama accelerated in 2014, were followed by a remarkable series of missile failures that Mr. Trump noted in a conversation, which leaked recently, with the president of the Philippines. But recent evidence suggests that the North, using a different kind of missile, has overcome at least some of the problems.
The New York Times