UK military used malware to disrupt extremist networks

Using malware as a deterrent, disrupting extremist networks and remotely disabling devices are just some of the ways the UK is fighting on the cyber front lines, the head of the country's strategic command has revealed.

General Sir Patrick Sanders discussed the UK's cyber offensive capabilities on the Sky News podcast Into The Grey Zone, which also featured insight from Jeremy Fleming, the director of GCHQ.

The key theme of the discussion was the Islamic State (Isis) with Sanders speaking in detail about the cyber offensive strategies used against the organisation. Along with the US and other allies, visible military tech has been deployed against Isis, such as warplanes and drones, but there has also been a more covert use of online attacks.

The UK's military has previously suggested the use of 'cyber offensives', but this is the first time it has publicly discussed it.

"I think it sends a really strong signal that we and our allies were not going to leave cyberspace as an uncontested place," Fleming said to Sky News.

"We have to defend it. We have to make sure it's as secure as possible. We have to make sure that it is still underpinning our commerce, our economy, our society and our communities. But equally, when adversaries like Daesh (Islamic State) overstep the line, then they need to expect us to contest it, too."

As part of its cyber campaign, the UK military targeted mobile phones and laptops, devices that Isis extremists used to communicate with their contacts on the ground. The attacks were thought to be successful by stopping senior Isis officers from sending instructions, altering the content of the messages and confusing ground troops. In some cases, the attacks lead foot soldiers into the path of UK and allied troops.

The UK also launched malware against computer servers in various countries around the world to shut down Isis accounts, delete and distort information on their files, and also to remove online posts and videos. It is thought that US cyber operators were also involved in these efforts.

The 'Friendly' use of malware by the UK military should come as no surprise to anyone, according to Chris Sedgwick, director of security operations at Sy4 Security.

"The files Edward Snowden released in 2013 highlight the immense capability that GCHQ and other countries within Five Eyes have in relation to hacking personal devices and access to our sensitive data," Sedgwick told IT Pro. "Since then the UK Military has established "77th Brigade" which aims to tackle online disinformation. However, the launching of actual malware should follow very clear legal frameworks and justifications much the same as a physical military attack."

Similarly, malware attacks have the potential for severe collateral damage, according to Mike Beck, global CISO for Darktrace.

"We saw how malware can bleed from initial targets to cause widespread destruction with WannaCry, NotPetya, and Stuxnet" Beck explained. "Cyber conflict is asymmetrical and it is much easier to attack than to defend. The rules of conventional warfare do not apply to cyber and states must strive for good defence, not just good offence."