For the first time, the Australian Signals Directorate has revealed details of its “offensive cyber” operations.
In a major speech today the ASD’s director-general, Mike Burgess, outlined details of the agency’s participation in Australian Defence Force (ADF) operations against Daesh in the Middle East.
Burgess’ speech is a remarkable moment in the evolution of the ASD and follows an address by the director-general in October that he described as a coming “out of the shadows” moment by the agency.
Earlier this month the ASD for the first time revealed details of how it decides whether to withhold details of a security vulnerability its employees have discovered.
The increased openness by the agency follows its transformation into an independent agency sitting within the Defence portfolio. That transformation was in part motivated by the need to compete with the private sector to recruit individuals with the skills the ASD requires for its operations.
The government in late 2016 first detailed the ASD’s role in offensive operations against the terrorist group. Earlier in 2016 the government had confirmed that the ASD had an “offensive cyber” capability.
“At the height of the fight against Daesh, ASD – working to the direction of the ADF – helped shaped a critical battle,” Burgess said in remarks prepared for a Lowy Institute event today.
“Just as the coalition forces were preparing to attack the terrorists’ position, our offensive cyber operators were at their keyboards in Australia — firing highly targeted bits and bytes into cyberspace.”
As a result, “Daesh communications were degraded within seconds. Terrorist commanders couldn’t connect to the internet and were unable to communicate with each other.”
“The terrorists were in disarray and driven from their position – in part because of the young men and women at their keyboards some 11,000 kilometres or so from the battle,” Burgess said.
Although the impact was almost instantaneous, that operation took “weeks of planning,” the ASD head said.
The operation was in support of and in coordination with military manoeuvres on the ground.
“This operation marked a milestone for both Australia and our coalition partners,” Burgess said. “It was the first time that an offensive cyber operation had been conducted so closely synchronised with the movements of military personnel in theatre.
“And it was highly successful. Without reliable communications the enemy had no means to organise themselves and the coalition forces regained the territory.”
Burgess said another ASD operation involved damaging “the terrorist media machine.”
“We locked the terrorists out of their servers and destroyed propaganda material, undermining Daesh’s ability to spread hate and recruit new members,” he said.
Other operations have involved ASD operators “assuming false online identities to disrupt terrorist networks.”
One such case involved a sophisticated effort to prevent a man from joining and fighting for a terrorist group.
An ASD team included linguistic, cultural and behavioural experts, and was led by a young woman who is a “science graduate turned covert online operator”.
“ASD tracked down and reached out to the man over the Internet,” Burgess said. “Pretending to be a terrorist commander, our lead operator used a series of online conversations to gradually win her target’s trust.
“Our operative typed in deliberately broken English and was so convincing, she was able to influence the man’s behaviour. To ensure he couldn’t be contacted by the real terrorists, she got him to change his modes and methods of communication.”
The operation led to the man abandoning his plans and moving to a country where the ASD’s international partner agencies “could ensure he was no longer a danger to others or himself.”
Burgess said that the organisation’s offensive operations involve the use of “specialised tools and techniques” to disrupt the communications of adversaries or “interfere with the way they operate online.”
“In my experience, when people think of offensive cyber, they focus on the high-end of the spectrum involving computer network attack operations to destroy an adversary’s communication device,” the ASD head said.
“Yes, this is something that ASD does, but in very specific circumstances, and within a strict legal framework. But it’s just one of the ways we can disrupt our target’s behaviour online.”
Many of the agency’s operations are far more subtle and sophisticated.
“For example, our targets may find their communications don’t work at a critical moment – rather than being destroyed completely,” he said. “Or they don’t work in the way they are expecting. Or they might find themselves not able to access their information or accounts precisely when they need to.”
These somewhat-less-flashy operations are “actually more representative of what offensive cyber looks like – highly targeted and proportionate actions, timed to precision,” he said.
Burgess said his speech today was an effort to dispel myths about the agency and an opportunity to reveal how it operates — in part as part of the ASD’s efforts to reach potential recruits.
The organisation earlier this year launched a recruitment effort for the position of assistant director-general military effects and network operations, which sits within the organisation’s Signals Intelligence and Network Operations division and oversees its offensive cyber work.
Burgess said that the ASD’s offensive operations involve teams of experts, rather than a lone, hoodie-wearing hacker-genius, and the agency places a high emphasis on ensuring that its actions are “legal and ethical”.
“At every stage of every mission, we ask is it legal, is it right and is it proportionate?” he said. “Our operators and planners are imaginative and disciplined, with a strong sense of propriety. They are cool under pressure – and they love working as part of a team.”