Darknet Diaries - Ep 50: Operation Glowing Symphony
Episode Date: October 30, 2019Operation Inherent Resolve was started in 2016 which aimed to combat ISIS. It was a combined joint task force lead by the US military. Operation Inherent Resolve sent troops, ships, and air s...trikes to Iraq and Syria to fire weapons upon ISIS military. It’s widely known that US military engaged with ISIS in this way. But what you may not have heard, is the story of how the US military also combated ISIS over the Internet. This is the story of how the US hacked ISIS.SponsorsThis episode was sponsored by Linode. Linode supplies you with virtual servers. Visit linode.com/darknet and when signing up with a new account use code darknet2019 to get a $20 credit on your next project.Support for this episode comes from Honeybook. HoneyBook is an online business management tool that organizes your client communications, bookings, contracts, and invoices – all in one place. Visit [honeybook.com/darknet] to get 50% off your subscription.Support for this episode comes from Check Point. Check Point makes firewalls and security appliances you can use to combat the latest generation of cyber attacks. Upgrade your cybersecurity at CheckPoint.com
Transcript
Discussion (0)
Just as a warning up front, there's some clips of violence in this episode, such as gunfights and terrorist attacks.
If that kind of thing bothers you, then you might want to skip this one.
Mosul. That sounds like a good place to start this story.
Mosul is an ancient city in Iraq.
Like, we're talking people have lived there in the area of Mosul since like 2000 BC.
It's right next to the Tigris River, and it's grown to a population of,
jeez, over a million and a half people. It's Iraq's second largest city. On June 10th, 2014,
a new chapter in Mosul's history shot it up, set stuff on fire,
and they were targeting all Iraqi police and military and security.
In just a few days, they took over the whole city of Mosul, the whole city of a million people. People began fleeing the city in huge
droves. Hundreds of thousands of people left or were killed. Mosul was now under control of ISIS,
the Islamic State, an extremist group, a group that the U.S. believes is made up of violent
jihadist terrorists. That same month, ISIS declared a caliphate in Mosul.
ISIS, which stands for the Islamic State in Iraq and Syria,
says now it will simply be known as the Islamic State.
And it declared all areas it's overtaken in Syria and Iraq to be a caliphate or Islamic State.
A significant move.
As far as I understand, declaring a caliphate
means that they are establishing that the city of Mosul is the Islamic state, like it's sort of
their own nation. It's a place to go live and practice their beliefs. Anyone who's affiliated
with ISIS can come live there. And ISIS had their own police patrolling the city, their own soldiers
defending it, their own leadership and everything.
This was a huge victory for the terrorists.
To take over the second largest city in Iraq and kill thousands of their enemies, this is what put ISIS on the map.
This is why they are a common household name here in the U.S.
Because since they took over Mosul, their numbers soared, and their attacks rained on the world.
These are true stories from the dark side of the internet.
I'm Jack Recider.
This is Darknet Diaries.
This episode is sponsored by Delete Me.
I know a bit too much about how scam callers work.
They'll use anything they can find about you online to try to get at your money.
And our personal information is all over the place online.
Phone numbers, addresses, family members, where you work, what kind of car you drive.
It's endless.
And it's not a fair fight.
But I realize I don't need to be fighting this alone anymore.
Now I use the help of Delete.me.
Delete.me is a subscription service that finds and removes personal information from hundreds of data brokers' websites and continuously works to keep it off. Data brokers hate them
because Delete.me makes sure your personal profile is no longer theirs to sell. I tried it and they
immediately got busy scouring the internet for my name and gave me reports on what they found.
And then they got busy deleting things. It was great to have someone on my team when it comes
to my privacy. Take control
of your data and keep your private life private by signing up for Delete Me. Now at a special
discount for Darknet Diaries listeners. Today, get 20% off your Delete Me plan when you go to
joindeleteme.com slash darknetdiaries and use promo code darknet at checkout. The only way to
get 20% off is to go to joindeleteme.com slash darknetdiaries and enter code darknet at checkout.
That's joindeleteme.com slash darknetdiaries and use code darknet.
Once ISIS took over Mosul and declared caliphate, their popularity boomed.
Tens of thousands of people around the world were learning what ISIS was, and they were joining the cause. We started to see attacks in many other cities around the world,
and ISIS was taking responsibility for it. We were starting to see attacks in Belgium,
Australia, Canada. And when I say attacks, I mean people were being killed by this group.
Today, the militant group ISIS posted a series of graphic photos on Twitter
claiming a massacre of more than 1,700 Iraqi soldiers.
Tonight, the urgent manhunt right now after the city of Brussels
is rocked with multiple explosions at the airport and then in the subway.
At least 31 killed, more than 200 injured.
Two people are dead tonight in Ottawa, a Canadian soldier and a suspect,
after a shooting on Parliament Hill, Canada's equivalent of Capitol Hill.
A violent morning that culminated in a shootout inside the ornate building where lawmakers were caucusing.
Gosh, that sounds so scary. And that's not the streets of Iraq. That's ISIS shooting up the Parliament building in the capital of Canada.
The Iraqi military simply didn't have the ability to take back their own city. And with ISIS growing in
numbers all over the world, something had to be done. So in October 2014, the U.S. military
initiated Executive Order Operation Inherent Resolve. Okay, so what is the Navy's role in
Inherent Resolve, which is the new name of the anti-ISIS coalition movement?
We provide sorties, meaning missions, off of our aircraft carrier,
the George Herbert Walker Bush.
Some of it is just information, intelligence, surveillance, reconnaissance.
Others are strikes, and it depends on what the central commander desires.
It can be jamming of some of ISIS's networks and what they're doing.
It can be, again, intelligence gathering.
We are standing by with Tomahawk missiles, tens and tens of them,
which, in fact, we used on that first night when we started this operation.
Jeez, Tomahawk missiles?
This is serious business.
And yes, that Navy ship was launching these missiles right into Mosul,
raining down one attack after another,
taking out ISIS infrastructure, some key leaders, their troops.
But tens of thousands of people formed ISIS,
so it wasn't easy to stop them with airstrikes alone.
ISIS continued to take over towns in Iraq and Syria
and claimed responsibility for more terrorist attacks around the world. And one of these attacks occurred in November of 2015 in Paris, France.
9.20 p.m. The first indication of the horror being unleashed that night.
A suicide bomber exploding his vest outside France's National Soccer Stadium. There was a second detonation, another suicide bomb.
Both attackers, it seems, had been stopped before they could get in.
A third attacker would blow himself up outside a nearby McDonald's.
Around 9.25, gunmen with Kalashnikov-type assault weapons
targeted diners at a string of restaurants.
Fifteen people were killed.
The gunmen raced away in a black car.
Next, the Café Bombier was hit.
Five people were killed.
At 936, at La Belle Equipe, sheer terror.
The same black car.
The crowded terrace sprayed with gunfire.
Witnesses say it went on and on.
19 people died here.
Nine others were critically injured.
The epicenter of the attack, though, would be the Bataclan, a concert venue.
As the band Eagles of Death Metal played, gunmen rushed the hall and opened fire.
Those who escaped, the survivors, called it a massacre, a mass execution. 89 people were killed.
This was bad. And other attacks were springing up all over the world. Operation Inherent Resolve needed more help to battle these terrorists.
Here's a clip from one of the captains on the carrier stationed in the Persian Gulf,
which was launching missiles at ISIS.
The airstrikes can only do so much.
And we're very, very effective and we're there to support.
But I think in the end, it's going to be a ground fight.
They needed more help to stop these terrorists.
So some phone calls were made.
Hello.
Jack, hey, it's how's it going?
Good to hear from you.
Thanks so much.
Sorry, in this one, I can't say our guest's name.
You'll understand later.
But for now, let's just call him the commander.
This is kind of a fanboy moment for myself, to be honest.
Okay, you're going to wonder how I got this interview, because as you'll hear, this is an extremely rare interview.
And I'll explain how I got all that at the end of this episode.
But I do want you to understand more about who he is.
Okay, so in 2016, I was the mission commander for a combat mission team at U.S. Cyber Command.
Yeah, U.S. Cyber Command is believed to be the offensive team within the NSA.
Actually, it came out of the NSA, but now it's its own thing.
So yeah, you got that right.
Today, we're going to hear a hacking story from someone inside the U.S. Cyber Command,
which is a very secret hacking organization within the U.S. government,
which makes this an extremely rare interview. So are you ready for this?
OK, so let's back up. The commander here wasn't always a commander. He started out as a regular
recruit in the Marines, but quickly he knew he wanted more. So I actually started, I was a force recon Marine for my first five years.
So, so I was in, I jumped out of planes. I did the halo, hey ho, scuba dive, all that stuff.
Whoa, this guy's a beast. I mean, my understanding is that the Marines train you to be a killer.
It's a very aggressive branch of the military, but force recon amplifies that immensely. They're
the highest trained troops in the Marines. And in 2012, he was deployed to Afghanistan in the
Sangin province, a tough place. And he was trying to neutralize the Taliban over there,
doing helo raids and other operations. And after a few years of that, he came back and spent a
total of five years as an active force recon Marine. You get older, things get harder physically.
So the way to stay in the fight is to use cyber.
The Marines give you a little wiggle room on where you can choose you want to go.
So he decided to join the Marine Forces Cyber Command.
But with the switch, they knew they needed to give him some training.
They did.
They sent me to school for larger cybersecurity stuff,
just basic security plus, network plus, CEH.
And then they did put us through some more technical training
for computer network exploitation boot camps and cyber attack and defend.
And eventually you attend the mission commander course
for what my role was
as an officer. So at this point, he's an officer for Marforce Cyber. That's short for Marine Forces
Cyber Command. Okay. Now let me read to you a paraphrased version of the mission statement
for this group, Marforce Cyber. The mission statement is, quote, to conduct full spectrum
cyberspace operations, including conducting offensive cyberspace operations, end quote.
Listen to that.
They conduct offensive cyberspace operations.
I once heard the U.S. government has never admitted to conducting any cyberspace attacks.
But look at this.
It's right here in the mission statement of Mar-4 Cyber.
And when I think about the mindset that the Marines have and how they're
so competitive and gung-ho and battle hungry, I just can't imagine what kind of hackers would
come out of this. Everybody always says, oh, we're shooting cyber bullets today. We're going out on
patrol. It's funny, but it's true. And then, you know, I mean, we always try to keep that kind of
mindset, especially in the Marines. The Marines are known to be more aggressive, and that was not different in cyber.
Our team was the first to do a lot of things.
You're a computer geek or you're a buff guy, right?
Like, which one is it or is it both?
Yeah, there's a lot of buff dudes in cyber, to be honest.
But it's pretty funny.
I mean, we still do all of that same kind of stuff.
I know people have some traditions
when you're the first,
for your first cyber mission on the ops floor,
they'll make you wear a flak jacket or a helmet
to look goofy when you're sitting in front of the computer
because it's your first op.
So that tradition still comes into play
in some of the op floors today.
So there is still that, you know, military mindset of messing with people and things like that.
I mean, it's pretty funny. I find it fun.
So this is how he transformed from being a trained killer to a capable hacker.
And he's on a new mission now to battle the enemy from behind the screen.
Yeah, we're all in uniform. It's sitting in front of a computer screen, four screens,
just like the movies. Everybody's in uniform, working on things. If you're at,
you know, very sensitive locations and sites, you'll be out of uniform and things like that.
But at Fort Meade, you're in uniform the whole time.
The fall of 2014, I was finishing up all of my training,
and they had just started a team between NSA and Cybercom that was focused solely on ISIS media.
Ah, yes, back to ISIS.
So ISIS, or sometimes it's called ISIL, produces a ton of media content. I mean,
they have two magazines that are published in 10 different languages, and these magazines are
excellent quality too. They're very well done. High quality pictures from the front lines and
expertly designed. They also have a ton of social media accounts that post news stories and even act
as recruitment tools for new members. And they also have people producing high quality videos,
filming horrific things and editing them and cleaning them up
to maximize the impact to the viewer.
To run all this, they must have a whole network
to share content between the teams, to store the videos and pictures,
and then a bunch of skilled people to run everything.
So Isis Media was everything that involved the production of their magazines, the videos that everyone saw come out, the logos, the attack claims, all of the social media accounts that they had, the websites.
Everything that was associated with that was what was under the umbrella of ISIS media.
And they had a lot of people.
I mean, we were talking, we're talking cameramen,
we're talking editors, we're talking, you know, linguists for translating things into every
language across the world so that they could disseminate their message. We had, you have your
own IT shops and, you know, finance guys. I mean, it was a large-scale operation.
And you could see that in, like, all the videos that came out.
They were Hollywood-quality videos
that were hitting CNN and ABC on a daily basis almost.
And that was all ISIS media.
So since the U.S. government was already using intelligence operations to keep tabs on ISIS,
they felt that ISIS media was big enough to create a team to just focus on this alone.
So ISIS media had been on the scene for about a year before that. And then in 2014, in the fall,
it was finally becoming so big that it was its own entity and warranted its own dedicated analysis,
production, targeting effort. And that's where they pulled a few Marines together,
a few civilians, and started a pretty cracknet team. And then I took over the team at the end
of the year in 2014. Oh, wow. That's very interesting, right?
From Force Recon Marine to Marforce Cyber, and now to the NSA and Cyber Command, to gather as much information as he can on ISIS media.
And so ISIS media became his primary focus.
All day, every day, him and his team were there doing everything they could to understand who's behind this.
We were trying to map out the network.
So everything behind, everything that made ISIS media tick was what we were supposed to uncover and define.
So people, places, things, everything behind it.
The analogy I give people is like, if you look at CNN or you look at a
regional news office, they have senior editors, they have people that do translations, they have
a web guy that sets up the website. They have a guy that configures domain names, a guy that,
you know, their IT staff that keeps the shared drives running, keeps the email accounts up,
their chat services up, so that
they can conduct their daily business.
And you have your field journalists and cameramen and all of that stuff.
Their goal was to simply gather data, basically spy on them and collect as much data as they
could from this group.
And they did this for a long time.
2014 all the way through to summer of 2016 was analysis, development,
building out the network, understanding how they operated, what they did. That was, I mean,
it was over, we spent a year and a half just understanding the target space and building out a high fidelity network.
Just to give you an idea of where we are in the timeline, this is still before ISIS invaded Mosul and declared a caliphate.
And here already, the NSA and U.S. Cyber Command are tracking them heavily.
Now, can you imagine how much data they collected in this time? I mean, we're talking the NSA and Cyber Command here,
and dedicating a whole team to investigate this for two solid years?
By that time and with those resources,
I'm sure they must have had everyone's name who was behind ISIS media,
and where it was edited, who's running the social media accounts,
what software they're running, and I bet that goes so much deeper.
He didn't say, but I bet they hacked into all these people too. They had access to their phones and laptops and facilities and
everything to gather as much data as they could. Probably even their spouses and relatives and
bosses and friends too. I bet they were infecting all these systems and burrowing their way deep
into the ISIS media network and then establishing persistence to maintain their
foothold in there. Because if you think about this, this is all going on in the same building
that the NSA headquarters are in, in Fort Meade, Maryland, that big black box of a building that
I'm sure you've seen pictures of. So if they needed more help, they could just walk down the
hall and get another group of people who are specialized in something to help them out.
I mean, I'm just guessing here, but here's an attack I think they probably did.
First, imagine if they hacked into the phone of one of these ISIS media people.
And then on that phone, they stole the private decryption keys for that phone.
This would be the key used to decrypt messages to that phone.
Then imagine they hacked into the Wi-Fi network that phone was on and somehow captured all the traffic to that phone. Now somewhere in that traffic are the private
chat messages to that phone. And with these private keys, I'm guessing it's technically
possible to decrypt those messages. And this would be a pretty complex hack, but I bet it's
something that U.S. Cyber Command could do.
I mean, we had a long target list and it was, I mean, it was a large, you think of like a large graph, just pictures, servers, domains, accounts, all connected with lines. And it was all, we had
a pretty good understanding of the whole thing. I can just picture it now, a big map on the wall,
linking everything together with photos of everyone.
And it probably looks like a map that the FBI would create
when building a case on someone.
Red strings connecting everything together.
I feel like there's very few people that know as much about ISIS media
as me and a couple other guys on the team.
In 2015, if you remember in the summer and early fall,
that's when ISIS attacks started to really pick up and they started to have those horrific videos
and beheadings and kidnappings of Westerners.
And the leadership, Congress and Secretary Carter at the time,
were getting fed up with all of this going on
and having it be all over the news.
So people were getting a little angry in leadership
and they wanted something done about it.
And we weren't really doing any ops to counter it at that time.
So because they had extensive knowledge of ISIS media,
they started to think, could we,
would it be possible for us to actually disrupt them
instead of just spy on them?
So they started to devise some plans
to actually take down some of ISIS media.
They were developing tactical cyber attacks
to take out a website or take control of it
or delete an entire server.
They came up with a plan to take out just part of a network in one country
as sort of a test run to see how effective this would be.
Made it so that we had some confidence in what we could do and our abilities.
And then, you know, General Hawk came back and was like, you know, what do we do now?
Like, how much bigger can we go?
What's the next step?
And then we said, we can go global.
Let's go global.
Instead of, you know, one country or two countries.
Let's go global.
Let's do everything.
After the break, we'll hear how this mission went global.
Stick with us.
Support for this show comes from Black Hills Information Security.
This is a company that does penetration testing, incident response, and active monitoring to help keep businesses secure.
I know a few people who work over there, and I can vouch they do very good work.
If you want to improve the security of your organization, give them a call.
I'm sure they can help.
But the founder of the company, John Strand, is a teacher, and he's made it a mission to make Black Hills
Information Security world-class in security training. You can learn things like penetration
testing, securing the cloud, breaching the cloud, digital forensics, and so much more. But get this,
the whole thing is pay what you can. Black Hills believes that great intro security
classes do not need to be expensive, and they are trying to break down barriers to get more people
into the security field. And if you decide to pay over $195, you get six months access to the
MetaCTF Cyber Range, which is great for practicing your skills and showing them off to potential
employers. Head on over to BlackHillsInfosec.com to learn more about what services
they offer and find links to their webcasts to get some world-class training. That's BlackHillsInfosec.com.
BlackHillsInfosec.com.
The commander felt like he had the skills and expertise to take out more of ISIS media.
But the leadership wasn't sure if this was the right course of action.
They needed something else.
And the icing on the cake was November.
You know, you had the Paris attacks, which were the horrible Paris attacks.
And that kind of was the final straw to where before early December and before
Christmas, Secretary Carter said, I want options. We have to do something big now.
Up until November 2015, it was all sit, listen, and enable other kinetic operations for the guys on the ground, help inform them to do certain things.
And there wasn't a mindset or an appetite at the time for, hey, let's do a strictly cyber operation to try and stop this media or try to diminish their impact of an attack in the publicity side of things.
We were ready at a tactical level, I felt like, but there wasn't that appetite at higher levels
to say, oh, we can do something that's purely cyber and have an impact on this terrorist
apparatus that's over there.
He was looking over his big map of ISIS media, looking over all the connections,
drawing a connection from this system to that system to that network and this person and all making all these connections. And he was looking at the map and all of a sudden it started to make
sense. Things became crystal clear. There were a few key nodes that if you were to disrupt or take out these key nodes,
the whole thing might come crashing down.
This was a big discovery for the commander.
He double-checked his work and looked over it again.
And yeah, this was making sense.
This was the way to take out ISIS media, attack these nodes, and it all unravels. That's when I had my like, aha moment,
like my Pepe Silvia moment. We've been staring at this data for a long time, and all of these
lists and information. And then in February, it kind of like struck me that it was all connected and it was very centralized.
So I remember running downstairs to my boss's office in the basement at NSA and starting to draw on the board circles with names and numbers and drawing the lines together and then saying, sir, it's all connected.
It's all here.
If we take this out, it all goes away,
or these five things, it'll all fall apart, it's a house of cards.
This was a big moment.
The leadership agreed that perhaps using hacking to take out ISIS media would be an effective approach.
With this strategy, a new task force had to be created to handle this.
First, they decided to start creating Joint Task Force Ares, or JTF Ares for short.
Now, JTF Ares was formed to carry out a specific mission.
JTF Ares is just cyber specialists that focus in offensive cyber operations against ISIS.
Whoa, wicked. A group of military trained hackers all coming
together to make joint task force Ares specifically to target ISIS and ISIS media. While this task
force was getting spun up, the captains had to decide on what the mission would be. Now, in my
opinion, this is where a major shift in operations took place. You see, we know that the military and the NSA collects data.
And they listen for signals and decipher the messages.
And yeah, sometimes they break into a computer to get that data.
But still, that's all it is.
It's gathering data from the adversary.
But here, here's where a big change takes place.
See, up until this point, all this team was doing was listening and watching and collecting.
Yeah, they hacked into the enemy to listen and collect, but that's all they were instructed and
legally allowed to do. But now, leadership is granting them the ability to disrupt, degrade,
and destroy the target using cyber attacks. This is a big difference. It's kind of like the difference
between someone on the roof with a pair of binoculars versus someone on the roof with a
long-barreled rifle and a scope with orders to kill. You see the difference? They were never
allowed to weaponize their hacks to destroy before, but now, now they're getting permission to do this.
So I think this is about to get a little hairy.
But first things first,
they need to come up with a name for this cyber operation.
So that is a funny story.
And I'm glad that I get to tell you that.
The way that military operations are named
is that every unit in a specific
AO in a specific area gets assigned two letters. So the, and those two letters have to be the,
the first part of the word that starts their operation. So GL was assigned to Marine Operations from Cyber Command.
And so we had to pick the first word to make the operation.
So GL.
So we sat down with a bunch of captains and tried to come up with the most badass words that started with GL.
So we were like gladiator gladius global and then you then
the second word in the name of an operation is just whatever you want it to be so you can do like
i mean gladiator something or global something and they would all be global xyz global abc
and so we were coming up with all these cool names or things that we thought were
cool and then it came down from higher that they were like the word is glowing we were like
seriously glowing that's so not cool let's pick something that's you know more badass. That's more like more hardcore. But that was what hire told us. And then the symphony
part came from in Marine basic training, when you're calling for fire. So when you have artillery
and air support and mortars and machine guns, all shooting at the enemy, they say that it's a,
it's a symphony of destruction
because it's boom, boom, boom, boom, boom,
like in a movie when they play the soundtrack
and all the stuff's blowing up.
So it's a symphony of destruction.
And we just say,
we're trying to have a symphony of destruction
against the enemy here
and take down all of the ISIS servers, domains, emails,
whatever at the same time.
It's going to be great.
And then one captain who was
the quirkiest one of the group was like well that's the name glowing symphony we were like
that's so lame man it can't be that and he wrote it down and then sent the email so then it became
glowing symphony and there was no turning back okay i know there was i know i know there was
a lot to talk about but it was there's only like 10 people know that.
Yeah, I love it.
So in May of 2016, Task Order 16-0063 was signed by President Barack Obama, and Operation Glowing Symphony was a go, or OGS for short, and JTF Ares was tasked to execute Operation Glowing Symphony
with their first mission to take out ISIS media.
I was in JTF Ares, and I was the mission commander for that specific team.
This is why I call him the commander, because he's the mission commander for all this.
A mission commander is a cyber comm term,
and a mission commander is the one who oversees a specific
cyber op or a mission for that for that day so it'd be the same as if a unit goes out on a patrol
and walks around enemy territory and comes back the leader of that patrol is a cyber mission
commander and that's what i was okay here we. Time to get ready to fire some cyber bullets.
The commander just spent the last two years learning everything about ISIS media
and is more than ready to carry out this mission.
But first, he needed some troops.
He was able to look around in the NSA and Cyber Command
and different military branches to find the right candidates.
Yeah, we definitely handpicked them. So we
assembled, I think it was four or five separate teams. Think of each team like a squad of soldiers
infiltrating the enemy territory and doing a patrol and an objective. And each squad has to
be independent on their own, being able to make decisions and look for the objective and execute on it. So they had to start assembling these teams.
There were four people per team.
So we had an intel analyst, an operator, a, you know, a SIGDEV analyst,
and then we had the kind of like team leader.
So first, let's look at what an operator does.
You had a guy who's an operator, and he is very skilled at setting up the infrastructure,
getting to a target and getting from a target.
And then also he's trained on the tools
and approved on the tools to use on target.
Interesting.
Not everyone on the team was approved
to hit that delete button or the enter key.
Only the operator was allowed to hit that delete button or the enter key.
Only the operator was allowed to actually execute on objective.
But not only that, this would be an expert on computers,
knowing what exploits to use to get into things and how to move around a network once you get in.
This is probably one of their best trained hackers on the team.
The person that would sit next to him is like the SIGDE the signals analyst who understands the tools and the infrastructure, but also understands the intricacies of the target.
So like directory structures, domain names, domain admins and things like that.
He'll know the larger target network and be able to provide the context to that guy on the keyboard.
This is so fascinating.
This is kind of like a navigator of some kind,
somebody who knows the lay of the land so well
and is like, okay, here's where the next objective is
and here's where you have to go next
and here's where this thing will be.
And if you go down this way,
then you're going to find this next thing.
Like, it's crazy that there's just some person sitting there
who knows all this stuff, ready to help.
And then we have another intel analyst
who is to the other side. And that intel analyst understands the typical targeting charts.
So the face, the phone number, the friends, the terrorist group, the cells, the homes,
the address, all of that stuff. He understands that larger picture that can help them when
they're on target of navigating through things.
This is another really valuable person to have on the other side of you.
This is someone who's memorized faces and names and friends' names and locations.
Because as you're working your way through this strange foreign network,
you're going to come across words that just don't make any sense.
Things like server names and network names and domain names and email addresses and website names.
Stuff that when you got in there and saw it, you wouldn't understand what that was
unless you had this person sitting right next to you explaining to you what you're looking at
because they've spent the last six months memorizing all of this stuff.
And then the mission commander is the one making sure that it all is going on correctly
and that they're going to accomplish the mission
that they're tasked to do,
that everybody's, we're kind of all following the rules
and not, you know, stepping in places we shouldn't go
or going in places that are not legally allowed
to go to in cyberspace.
And that's the team and how it functions.
So they started assembling these teams and one team wasn't good enough.
They wanted like four or five or six of these teams.
So they started asking around at NSA, U.S. Cyber Command,
or other military branches to see if anyone fits these criteria to recruit them.
So we've reached out to the other units, asked for these types of quals and the people that we
knew that were there. And then, you know, they coughed up those people in the task orders to
come over. Amazing. We've got quite the crack team of highly skilled hackers now. I mean,
this is what, dozens of military trainedtrained hackers, troops, soldiers?
All with the resources of the U.S. military behind them. I mean, if they needed to, they can use some pretty cutting-edge hacking tools for this.
Or they can get help from some much smarter people if they need to.
Linguists, interpreters, codebreakers, developers, or access to aerial photos.
But as they're getting the team together, there was tension in the air.
As in any operation,
we had all the accesses that we needed
and we were ready to go forward.
But we couldn't go forward
because we were still deconflicting
with the interagencies
and having very high up approvals
come down before we could do it.
There was a lot of talk from higher ups.
They were debating on whether or not this job might be better suited for the FBI,
or CIA, or NSA, or other military branches.
They weren't sure if this is something that Cyber Command should be doing,
since it hasn't done something like this in the past.
So we were sitting there as hackers with all this access and
it could go away at any moment at any point in time right they catch on to what you're doing
and then it's gone and they lock it down so we were nervous every day that went by that it would
go away but we go away as in uh isol isol media would catch on to you.
Is that what you mean?
Yeah, that they would catch on to.
We had varying levels of access throughout their network
and from the people, places, and things.
And if they caught on to one part of it,
we might not be able to get back.
And that would have made the operation less effective and maybe not even worth doing at all.
So every day that went by, we were like nervous that it was going to go away.
Not only was time ticking on all this, but there was also a lot of approvals that they had to go through.
I mean, after all, it's the government, and the government moves very slowly. We had to do mission briefs up the chain to each of the higher officers before we went to go do it to make sure that they had confidence in our plan, saying that we're going to go out the door, we're going to make a right, we're going to go for five miles, we're going to make a left, then we're going to turn right on this street.
So we had to tell them everything we were going to do. And after we presented, the senior operator and myself, they'd always turn to us and put their hand on our shoulder and say, are you sure we can do this?
Are you sure we can do this?
And we were always like, yes, sir.
Give me the green light.
Let's go.
Let's go. Let's go.
But nobody wanted us to fail because there was so much publicity within the community on it.
OK, now get this. This isn't something the commander told me about, but there was someone else also joining the fight. Can you guess who?
Greetings, citizens of the world, governments and corporations, and Facebook, we are anonymous, as most of you know by now, we started a cyber war on ISIS, and just a reminder, ISIS, we will hunt you, take down your sites, accounts, emails, and expose you, from now on, no safe place for you online, you will be treated like a virus. And we are the cure. Remember,
we are Anonymous. We are Legion. We do not forgive. We do not forget. Expect us.
Yeah. So as the ISIS attack started happening all over the world, Anonymous joined in on the fight
too. And they were doing things like reporting thousands of ISIS Twitter accounts to Twitter
and saying, hey, ban these people. And Twitter would. And
they would report Facebook users that were ISIS members and Instagram, all this stuff. And because
the thing is, is one thing that Anonymous is pretty good at is finding out who you are and
doxing you. So they're able to like root out who these ISIS people are online and report them. And
they were getting accounts taken down like crazy. Some reports say that up to like 10,000 accounts were taken down because of the activism that Anonymous was doing in this
fight as well. And at the same time, Anonymous was actually taking down some of ISIS's websites too.
And while this is cool and all, it kind of threw a monkey wrench in some of the intelligence
communities. I mean, how can you collect data on ISIS if ISIS
is down? And when a website that you're tracking for years goes down, why is it down? Who knocked
it down? What's going on here? And so, you know, a commander didn't say, but I bet that he was
watching this kind of stuff happening and trying to figure out who's taking this stuff down.
And I've heard stories from other people in intelligence who actually got like frustrated with this and went
into some of the hacker chat rooms and said, who's the one taking down these websites? And then
having like chats with these hackers to like kind of not so much coordinate things, but like just
back off on this for a little bit while we take care of it. We know we've got this in our sites
and we're going to do something real soon. Just kind of like cool it. And so while all these anonymous operations were going on,
approvals were starting to come through for Operation Glowing Symphony. Things were starting
to shape up. So you could take the approach of let's, you know, slowly degrade and disrupt it
and take it down over time. But you risk losing your access.
You risk not being able to continue the slow degrading
because they're going to learn every time something bad happens
and harden their network and the people, the places,
and everything that they have.
So what we saw with Growing Symphony was an opportunity
to give a massive blow to their operation to take
down everything that we could as fast as we could in one go and then see what's left and then pick
apart the little pieces that were left the remnants that remained and we that's what our
that's what the plan was to do was go in and just decimate as much as we could in the shortest amount of time possible and then maintain engagement with the enemy through because many of you think the NSA and the U.S. Cyber Command are the bad guys.
They're setting up ways to constantly spy on innocent U.S. civilians, and they hoard zero days,
and don't tell the vendors that there's bugs in the code, or that they're trying to make encryption weaker,
or make backdoors into things so they can defeat it.
All this does sound bad and scary, and I certainly don't like it when the NSA overreaches on what they're legally
allowed to do. So if anyone at the NSA is doing this kind of stuff, it's naughty. Stop it. Privacy
is important to me. Please don't try to ruin it. But I'm going to put all that aside for this hour.
Because in this case, in this specific course of action they are doing by decimating ISIS media, I can get
behind this. And I can't think of many times where hacking to destroy someone's computers is a good
idea. And at the same time, I'm excited to peek behind the curtain to see how U.S. Cyber Command
executes these missions. And there's a little part of me that kind of likes to watch chaos and
destruction. And here's a moment where I get to see the full force of U.S. Cyber Command
unleashing a devastating blow to ISIS.
Doesn't it get you excited too?
And I just feel so lucky to hear this.
Firsthand from a commander within U.S. Cybercom,
these people are extremely tight-lipped.
In fact, they've never claimed responsibility for any cyber attacks like this ever.
So now for the first time, you get to hear what operations are like inside there.
This is crazy.
So sorry.
Sorry, Commander.
Continue.
What are we looking at here?
What's going on?
So what they did have from the public view and in open source intelligence, you could see
they had over 10 different languages of publication for their magazine.
They had 10 different websites at various locations with new domain names every day.
So they had domain names.
They had web servers that were static IPs that they were spinning up for each specific language.
They had magazines that were posted at accounts at free file upload
sites where they would push all this stuff out and the videos to download and things like that.
We all know that they had tons and tons of social media accounts that they were
constantly pulling together. It's already been publicly reported they had tons of telegram
groups and tons of telegram accounts. So they have phones and they have email addresses to set up those accounts all across the board.
As they're buying servers, you can assess that they have accounts at those specific providers.
So they had servers, they had domain names, they had emails.
They had, you know, you could look at the code on a web page, the source code on a web page and see the file sharing server that served up the content for that web server.
And they had all of this laid out at a global scale.
They didn't care where it was in the world.
They just wanted it to be cheap, fast, and readily accessible.
The team spent months gaining access to the network and learning what was in there.
He couldn't go into detail about the techniques used, but he did give me a clue that it all starts with email.
Because I can't speak specific to us, but if you look at cyber operations writ large,
I think this was in the Hacking Humans podcast, Over 90% of cyber attacks today start with email.
And it's not just a spear phishing link, it's access to that email account.
The username, the email address, and the password.
That's where you can start and you can pivot everywhere from that.
I've looked into a lot of hacks.
And whether it's an APT or just a bunch of teenage
hackers, yeah, they love getting into email accounts to poke around. This is common for
hackers and effective for getting more information and to move further into the network. Getting into
an email account is golden. You can pivot from the email account into the other accounts associated
to that email, anything that's tied to that email for a password reset.
So you can pivot from that email address
into the AWS account, into the Cloudflare account,
whatever that may be.
The email is the key.
That is the core piece to pivot through.
Whoa, that makes sense.
Yes, of course.
If you have access to my email address,
you could go to another service I have,
like my web hosting, and tell them I lost my password. And they'll send a
link to my email account with the password reset. And if you had access to my email, then you could
see that and reset the password. So yeah, getting access to someone's email account can open the
doors to tons of other things that person has access to. So take note on this. Protect your
email access. Make it a high priority to
secure it. First, give it a long complex password. Then enable two-factor authentication on it. Make
it hard for anyone to get in your email because if someone does get in, they get access to almost
everything. So if Operation Glowing Symphony was getting into their email accounts, this was getting
them access to a ton of stuff. And once they got in,
they needed to establish persistence. This is where they can stay in the network, hidden,
unseen, even if how they got in got fixed or patched. And this might be enabling a root kit or opening a backdoor or leaving some program running that lets you connect back in later.
We had multiple access vectors into the whole system. So there wasn't just one piece of software or
exploit or something. It was a whole suite of things that gave us the understanding and the
access into the network. During this time, they learned about what's in the network,
and they spent time pairing the infrastructure with the exploits they needed to use. And they had a lot of meetings on what the best course
of action was to take it all out. Yeah. If you make it on their list,
it's not a matter of if, it's just when. I was amazed working there that any challenge that
would come to the folks at NSA or any of the developers, it was just a matter of time before
they figured it out.
There was nothing that I saw them throw their hands up and say, it's impossible.
It might not be the way that you thought, but they would find a way to answer your question or get where you wanted to go.
They assembled all the people into teams and were getting them ready.
We had four or five of those teams because we had so many targets and they each got 10 to 15 targets, right? Because we had to do the whole operation
as quick as we could. And because we didn't want the enemy to know once part of the network was
being taken down or locked out. And then they start to, they kind of like shut us off from
getting to the rest.
We had to do it all at the same time before they could catch on.
So I'm going to assume targets are our servers, social media accounts, email addresses, bank accounts,
mobile accounts, like just let's try to completely delete as much as possible.
Yeah, all of those targets were on the docket. It was lockout, delete, misconfigure, reroute, seize, anything that you could do to stop the network from functioning. had which targets and then which ones it was it was planned out to a t like down to the keystroke
of this is the one that i'm talking to this is the one that i'm going after first and then second
third fourth fifth and it was and they were pivoting and they were all dependent upon each
other and the other team had their same list of starting with this one and then going down the
list and and moving and pivoting and working their way through. So we planned that out in detail and rehearsed it in
detail prior to the operation. That was the next step. That's amazing because when I was a network
engineer, I would get my scripts approved by other people before making a change. And I never imagined
hackers also getting their scripts approved before
and then practicing it as well.
That's really something.
Oh, yeah.
You had your plan drawn out to a T
and we scripted it in a test environment
to make sure that it worked all the way through
to automate some things.
We automated as much as we
could, but then you still had to do some hands-on stuff, but we tested it. We had developers and
technical directors review before we went to go and do it. We had an extensive amount of rehearsals
before anything was actually executed on the real target.
Everyone's got their practice on. This is their primary focus, right?
This is the one operation everyone was working on and focused on? Yeah. When you woke up to when
you went to bed at night, this team was, it was OGS all day, every day.
OGS is Operation Glowing Symphony, in case you're wondering. It's the name of this operation.
And yeah, the people on the team would come in at nights and weekends
to conduct a lot of this preparation
because there are certain things you want to do when nobody's around
to reduce your chances of being caught.
And certain tools and software had to be custom built to get it just right.
So people were working really hard to get everything ready for this cyber strike.
The last thing they needed to do was pick a time window on when
they can do this operation in.
The 10 minute window was picked
because that's when we
knew they weren't going to be there.
So we had to
we had profiled
everything and known that
this two hour window
was going to be the time frame and we wanted
or at least I wanted everything executed within 10 minutes.
And as quick as we could, at least getting the first foothold.
Once you hit the domain controller, you're good to go.
But we had to get the domain controller within 10 minutes kind of thing.
Okay, the plan is ready, the people are ready.
After the break, it's go time.
Stay with us.
This episode is sponsored by SpyCloud.
With major breaches and cyber attacks making the news daily,
taking action on your company's exposure is more important than ever.
I recently visited SpyCloud.com to check my darknet exposure
and was surprised by just how much stolen identity data criminals have at their disposal.
From credentials to cookies to PII.
Knowing what's putting you and your organization at risk and what to remediate is critical for protecting you and your users from account takeover, session hijacking, and ransomware.
SpyCloud exists to disrupt cybercrime with a mission to end criminals' ability to profit from stolen data.
With Spy Cloud, a leader in identity threat protection, you're never in the dark about your company's exposure from third-party breaches, successful phishes, or info-stealer infections.
Get your free Darknet exposure report at spycloud.com slash darknetdiaries.
The website is spycloud.com slash darknetdiaries. The website is spycloud.com slash darknetdiaries.
So they set up the window, they rallied the troops, literal troops,
and they got everyone ready because this was the big day.
All the teams assembled in what they call the operations room.
It's a pretty big op floor is what they call it.
So it does look like a movie.
There's a lot of screens facing down,
like the command of the USS Enterprise
or something like that.
Everybody's got two keyboards, four screens,
chairs lined up, TVs all across the walls in the front
and on the sides with different, what you would see in a sock, like infrastructures up or down, stoplight charts, you know, world map, rosters, all of that's up.
The lights are dim.
Looks like everyone is ready.
Time for one last phone call to headquarters. We were waiting for approval, for final approval from headquarters over the phone.
And once they said, you know, cleared hot, then I turned to all the teams on the op floor and then I say, let's go. They put their heads down, and then they, you know,
hit shift enter on the scripts, and the scripts started running.
They started moving through parts of the network,
moving through accounts, moving through servers,
moving through everything, and executing according to plan.
The task unit immediately got to work,
running through the checklist
exactly as they practiced it over and over in training.
But this was not training.
This was live fire on the enemy's infrastructure.
You could hear the teams talking.
Click this.
Go into that directory.
That's it.
Jackpot.
They were running their scripts
and conducting their operations,
deleting virtual machines,
taking over domain controllers.
And this would give them access to key infrastructure that they were also destroying.
They were raining down a symphony of cyber destruction.
We had a large printout, probably three feet by six feet, tacked up on the wall.
And it had everything, every target printed on it. Every time somebody on the team would accomplish one of their objectives,
they'd run a little piece of paper up to the commander
to let him know what's been done.
And these pieces of paper had little codes on them.
And so they'd bring me a piece of paper and it'd say like one delta
and then it would say like Packers or, you know, Browns.
And I would know what that meant.
And then I would, you know, write it up on the board
and report it up on the radio to higher headquarters
because they were tracking,
everybody was tracking everything across the board.
Everybody was dialed in from all across the, you know, enterprise
to listen in because this was a big, such a big event.
Things were going great.
The teams were systematically destroying one thing after another
within the ISIS media network.
They were hitting targets all over the place,
deleting accounts, wiping hard drives,
destroying systems in any way they could,
rerouting traffic, taking control of accounts,
locking out accounts, and wrecking everything in their path.
But then one of the teams announced they have a problem.
The operator's on the keyboard. Everybody's there. We're moving. We hit a roadblock.
You know, what's your pet name? You're logging in from a different IP.
You need to authenticate with a security question. And we're like, oh man, we don't know this. What's your pet name?
How are we going to figure out, you know, this guy's pet, his pet name?
It was one of the core places that we were trying to go.
Like everybody's heart stopped.
We kind of got, we were like, oh, we're done.
We're not going anywhere.
And one of the analysts who'd been on the team with me for three years
stands up and is like, 1515.
We're like, what?
We're like, no way.
It says Pet's name.
It's got to be, you know, Spike or Bob or something like that.
And he's like, no, 1515 15 it's always 15 15 with this guy
and we're like okay man try 15 15
boom we're in and then we continue to move on to the target i mean so the analysts get to know these guys down to such detail that they can anticipate what these guys are going to do before they actually do it in the technical realm.
Whoa, this kind of trips me out.
I mean, this kind of highlights the power of what NSA and U.S. Cyber Command has, right?
Like, they can infiltrate someone's life so much that they understand their secret question
to all the accounts that they've ever set up. That's some pretty deep burrowing into someone's
network or even their mind. And after that, the task force continued to walk through their
objectives, hitting target after target, taking things down. And they had a lot of different types
of targets. And an interesting one to me are the financial accounts.
The commander said these were not the focus of the operation,
but I'm going to assume that these did exist and they ran into them sometimes.
Like, we're not the FBI.
We can't seize funds and then hold it.
But if you just get locked out of your PayPal account and there's $1,000 in there,
that money is essentially gone.
You're not going to be able to get it back.
And this wouldn't be a temporary lock because if the PayPal address was linked to an email and then that email gets taken over, then you can change backup passwords and recovery passwords and PayPal passwords and everything so that there's just no way to get back into that PayPal account ever.
But besides that, ISIS media had some cryptocurrencies.
But with this, you could just delete the private keys to those wallets, and you're never getting back in there, essentially destroying whatever cryptocurrency they had.
Yeah, there was a lot of deleting going on.
So if they were in the stuff on a virtual server and you deleted the private keys to the virtual server, they're not getting back.
So it sounds like some money was lost during all of this. And at this point, they have successfully accomplished all of their primary objectives for this mission? We did it in about 10 minutes that we got all of our key nodes and targets down
in the first 10 minutes and we had control. And we knew at that point that they couldn't stop us.
And we stayed on for the next, you know, two to four hours going through the rest of the target
list. But at that point in time, we could take our time and we knew that they couldn't take it back from us.
So it was like they were totally pwned after 10 minutes.
So we did have a brief high-five moment of,
we got into all of the main core places we needed to go to, high-five, and then it was, hey, we've still got to keep moving
through the rest of the targets.
So after our brief moment of happiness, we stayed on and kept going and going and going and going.
We found more targets, more domains, more servers, more parts of the network, more files, everything that we could find.
And if it was within the approved plan that we had approved or like our left and right lateral limits, then we had effects.
And if it wasn't, we wrote it down, cataloged it, and then put it on the target list for the next
day. And so we worked until, you know, we knew that they were coming back, and we kind of stopped.
And then we waited. So put yourself in ISIS media's shoes for a second here.
Imagine you just got knocked out big time
with hacks like you've never seen before.
All your servers are offline.
All your accounts are locked out.
Like everything's just gone.
What do you do, right?
Like you don't just say, oh, well, that's that.
Let's be done.
No, you work on trying to restore it. I mean, that's what the
IT team is there for, right? They're not just like fired immediately. They're like called in to come
help right now. Let's get everything stood back up. So immediately the IT team started trying to
stand up their servers again and rebuild their websites and relaunch their email applications
because they couldn't even get to emails anymore.
And they were rebuilding like file servers and then having to reissue new accounts for everyone there.
It's kind of like building an entire network from scratch all over again or trying to restore from backups.
And so while this was effective right away, they did see ISIS coming back online, slowly and with a lot of trouble. So this made some
people wonder whether or not Operation Glowing Symphony was a success or not since ISIS came
back online just after. You know, I'm obviously biased to the whole thing, but I think it was
very effective. He can't get into the specifics about how effective this was, but if we step back
and look at what public information we do know, we see that ISIS was very chatty on Twitter before Operation Glowing Symphony, but that number of tweets drastically got reduced right after Operation Glowing Symphony went into effect. photos from, you know, from the front battlefield lines back to the middle, mid-level office,
back to the high-level office so they can edit the photos and use them in the video
or from a field video of a battle where their ISIS is winning, getting that video back to
somebody at another location to edit it, to then, you know, upload it, to then put it
into a Photoshop editor and make it into a sexy video.
If all of that takes more time or you break that chain at any point,
it's going to make your whole production cycle longer.
And if you start missing deadlines, your brand isn't as good.
Nobody likes a news outlet that has bad logos, bad videos, and
delays in releases. So when you impose that on them, it erodes what ISIS media was seeking to be.
And people didn't like it as much. And they didn't want to do attacks or go fight for them in Syria.
And one other thing that you would notice if you
were kind of following the space at the time is that after this initial attack from OGS,
only 40% of the ISIS websites came back online afterwards. And those other websites just never
showed back up. But when these new websites came back online, this meant that JTF Ares had to attack again. And so they did.
Once you find a target, submit it up, get it approved, go take it down. You know, target,
take it down, target, take it down. And we stayed on for, I mean, OGS continued from that day on
for seven months. And after taking down ISIS's websites over and over and over and over again and again
for seven months,
they effectively took out 90% of ISIS's websites
that just never showed back up.
We didn't have ops every day,
but for the first 30 days or so,
we almost had ops every day.
Oh, and another thing you can look at to
see how effective this was, is the ISIS media magazines that they were putting out. If you look
at the Rumia and the Dabiq magazines were ISIS's flagship magazine. They came out, they were 50 to
60 pages, high quality video, great stories, instructions on how to do attacks, recaps of old attacks. They did excerpts
with leadership, other ISIS fighters to try and inspire people. And they were very good
magazines and productions. They had them in all the different languages and they were very
professional. When Glowing Symphony came into play, the Rumia magazine was the new magazine. And that was coming out every
30 days, like between 28 and 30 days. And it was based off of the Islamic calendar. At the time,
we didn't know that this happened. But when I was looking back, we could definitely see the impact.
They wanted it to come out on the first of each month, a day of the month for the Islamic calendar. The five o'clock news comes on at five o'clock, not five or five, right?
When we looked back at the impacts of growing symphony, the November Rumia came out on day 36.
So their average was 28 to 30, and it came out on day 36. it was very late almost a week late and then they were back
on track and then other disruption ops and continued operations from ogs came into play
and when we would knock them back we would see that date be longer and then we would see it be
longer and if you plot those dates out the dates get longer and longer until a point where the rumia had been discredited with other
operations and effects to a point to where they decided not to do it anymore that it was
unsustainable the brand had been damaged and they abandoned it so it took time for the for them to
give up and for the brand to be fully damaged but But the operations to slow down the production,
to make it harder, to delete the files,
to disrupt the coordination,
to do all of that had an impact over time
to a point to where they abandoned it.
Now, as far as I know,
the U.S. government has never taken credit
for any cyber attacks like this, ever.
This is the first time ever that they've publicly said they have destroyed computers using cyber attacks.
Now that you say that, I think it is that they are saying we have conducted offensive cyber operations against a target.
I think this is the first time i mean they in the past like the public mission for
mar 4 cyber says we conduct offensive cyber operations in support of the u.s government
right so like the mission says offensive cyber and it said that for a long time but i think you're
right nobody said we did this we this, we locked out this.
So I never thought of it that way, but I think you're right.
It's still fascinating to me to see that the military trains hackers.
But I guess this is the natural progression of how the world has become.
Because historically, the military had four domains of warfare,
land, sea, air, and space.
But in 1995, they added information as the fifth domain of warfare, land, sea, air, and space. But in 1995, they added information as the fifth
domain of warfare. The military has to be ready to battle on this front, because if they aren't,
the enemy will be attacking us there. In the military and all services,
they're building out cyber branches and cyber specialties at an entry level on the enlisted
side and at an officer side. So kids from high
school with computer skills that want to get into hacking, or after you go to college, you want to
get into hacking as an officer, you can, there are paths to go right into a cyber career field in the
military. And they have the blue team side with the cyber protection teams, and they have the offensive side with the combat mission teams. So whichever hat you want to wear, you can go right into those positions with training and begin to execute on target in defense or in offense of the nation. And while that's the story of Operation Going
Symphony and JTF Ares, the story isn't over. JTF Ares is still going strong, conducting a lot of
missions even today. Yeah, JTF Ares is still rocking and rolling. I mean, they're moving on
new targets every day. Other people involved with JTF Ares today have said that the attacks still
go on and they do things like just annoy their targets, like lock them out of their accounts,
or slow down their computer, or slow down their network,
or do something to drain the cell phone battery of their target.
The harder that they can make it for their target to get anything done in the day,
the more of a success it feels like for JTF Ares.
And, I mean, the first push was a solid six, seven months of, you know, day on, stay on.
But the ground forces have obviously taken back Syria from ISIS,
so it's a lot smaller than what it was in 2016.
But they're still in the fight every day.
Oh, and as for Mosul, because Iraq didn't have a strong enough army to take back their own town,
the U.S. helped invade it.
And together, they kicked out ISIS, which put an end to the caliphate.
It's a stretch to say that Operation Glowing Symphony helped take back Mosul.
But if you look at the series of events, Operation Glowing Symphony probably would have never happened
if ISIS didn't
take Mosul over in the first place. And you might be thinking the U.S. has conducted destructive
cyber attacks like this all the time, like with Stuxnet. But the thing is, the U.S. has never
admitted to doing Stuxnet. They refuse to talk about it at all. So whether or not this is the
first attack like this, one thing that's alarmingly clear now is that the US is in
the fight and not just doing signals collection, but causing destruction through cyber attacks.
And it just makes me think that now that OGS was successful and JTF Ares is still conducting these
attacks today, I wonder what else this paved the way for. What other doors got opened because of
this? What other missions have
been given the go-ahead to degrade and disrupt enemy networks? With the connected modern world
we live in, a lot is possible, such as remotely disabling a car, or draining a crypto wallet,
or shutting off the power to a missile silo. The NSA and Cyber Command have sometimes been
accused of going over the line on what they're legally allowed to do, like surveilling innocent American people. But one thing is clear,
if someone celebrates the death of Americans or threatens Americans, these are the people who
will take full notice of this and go after them. And the general goal and mission of the NSA and
Cyber Command is to protect the U.S. from threats like that. So it's just fascinating to
see what happens and how they go after these people. Now you might be wondering, how did I
really get this interview? How did I get a mission commander from U.S. Cyber Comm to come tell the
story about that time he hacked ISIS? Well, it's interesting, actually. Last year, I think it was
some journalists from Vice's motherboard who heard about Operation Going Symphony. They submitted a freedom of information request to the government to learn more.
And to all our surprise, the government sent them tons of information about OGS.
It was really incredible to peek behind the curtain for the first time.
And then in the last few months, a reporter from NPR actually asked the generals and commanders that were involved in this to speak on the record to hear more and again everyone's surprise approvals were given and it was around this time that i just
happened to bump into the commander at defcon while i was there and we started talking and i
heard this story and i was like oh my gosh if you were able to speak on NPR about this, is it possible that you could come on my show,
Darknet Diaries, and tell me this story? So he went back to U.S. Cyber Command and requested to
be on this show, and he was given approval. Unbelievable. And once I had this episode all
done and ready to go, I had to get one last approval from the U.S. government. People in
U.S. Cyber Command or Mar-4 Cyber had to listen to this
to verify that nothing was said that shouldn't have been said. And there were even some generals
that had to approve this too, which is just incredible to me because I thought I would never
hear a story from within U.S. Cyber Command about this time that they hacked into anything,
much less ISIS. So yeah, this is a story that I never thought I would ever get to do.
A big thank you to the commander for sharing this story with us.
This one really, truly is unbelievable to hear firsthand what you went through.
Thank you again.
And thanks to Major General Glavey for approving him to be on the show.
This show is made by me, Cadet Jack Recider,
reporting in from the Darknet Division.
Editing help by the Sanguine Guard, Damien.
Our theme music is by the Sonic Assaulter,
Breakmaster Cylinder.
And even though someone from the DOD
starts following me on LinkedIn every time I say it,
this is Darknet Diaries.