Ep 50: Operation Glowing Symphony


Area of Mozell since like two thousand B C it's right next to the Tigris river and it's grown to a population of cheese over a million and a half people Mozell that sounds like a good place to start the story Mozell is an ancient city in Iraq like we're talking people have lived there in the support for this episode comes from Home Advisor this is darkness diaries these are true stories from the dark side of the Internet I'm Jack reciter starting to see attacks in Belgium Australia Canada and when I say a tax I mean people were being killed by this group today the militant group Isis posted a series of in the US because since they took over mozell their number sword and their attacks rained on the world they took over the whole city of Mozell the whole city of a million people people began fleeing the city in huge droves hundreds of thousands of people left or were killed Mozell was now under control of Isis the Islamic state in extremist Group A group that the Dan for the Islamic state in Iraq and Syria says now it will simply be known as the Islamic State and declared all areas it's overtaken in we're learning what Isis was and they were joining the 'cause we started to see attacks in many other cities around the world an isis was taking responsibility for it we rests to take over the second largest city in Iraq and kill thousands of their enemies this is what put Isis on that this is why the common household name I'm live there an isis had their own police patrolling the city their own soldiers defending it their own leadership and everything this was a huge victory for the terrorist well once Isis took over Mozell and declared caliphate their popularity boomed tens of thousands of people around the world and army just raided the place isis infiltrated Moselle they shot it up list believes is made up of violent jihadist terrorists that same month isis declared a caliphate and mobile devices finding the right pros for home projects can be tough and it sparks a lot of questions like how do I find a pro who can help me or they're going to do good job will get a fair price set stuff on fire and they were targeting all Iraqi police and military and security in just a few days news check project Cost Guide and book appointments go to Homeadvisor DOT COM or download the free homeadvisor APP to start your next project today it's homeadvisor dot com ethic photos on twitter claiming a massacre of more than seventeen hundred Iraqi soldiers tonight the urgent manhunt right now after the city of Brussels is and Iraq to be a caliphate or Islamic state a significant move as far as I understand declaring caliphate means that they are establishing that the city we're home advisor can help from leaky faucets to major remodels homeadvisor connects you to the right pro for the job in seconds even helps you get a fair price you can read of Mozell is the Islamic state like it's sort of their own nation it's a place to go live and practice their beliefs anyone who's affiliated with Isis can capitol of Canada the Iraqi military simply don't have the ability to take back their own city and with isis growing in numbers all over the world some walk with multiple explosions at the airport and then in the subway at least thirty one killed more than two hundred injured two people are dead tonight in Ottawa Canadian soldiers ends of them which in fact we used on that first night when we started this operation Jeez Tomahawk missiles this is serious business and yes that navy ship was we're in a suspect after a shooting on Parliament Hill Canada's equivalent of Capitol Hill a violent morning that culminated shootout inside the ornate building where lawmakers a caucus bash that sounds so scary and that's not the streets of Iraq that's isis shooting up the parliament building in the ability for more terrorist attacks around the world and one of these attacks occurred in November of two thousand fifteen and Paris France thing had to be done so October two thousand fourteen the US military initiated Executive Order Operation Inherent Resolve launching these missiles right into Mozell raining down one attack after another taking out isis infrastructure some key leaders their troops but ten assault weapons targeted diners a string of restaurants fifteen people were killed the gunman raced away in a black car next of death metal played gunman rushed the whole and opened fire those who escaped the survivors Walker Bush Some of it is just information intelligence surveillance reconnaissance others or strikes and it depends on what the central commander desires it can be jam nine twenty pm the first indication of the horror being unleashed that night a suicide bomber exploding his best outside Francis national terror the same blackheart the crowded terrace sprayed with gunfire witnesses say it went on and on nineteen people died here called it a massacre a mass execution eighty nine people were killed in other attacks were springing up all over the world to operation inherent resolve ends of thousands of people formed Isis so wasn't easy to stop them with airstrikes alone isis continued to take over towns in Iraq and Syria and claimed response needed more help to battle these terrorists. Here's a clip from one of the captains on the carrier that was stationed in the Arabian Gulf which was launching missiles at Isis airstrikes understand more about who he is okay so in two thousand sixteen I was the mission commander for a combat mission team at USC phone calls were made Hello Jack Hayes how's it going good to hear from you thanks so much sorry in this one which makes this an extremely rare interview so are you ready for this okay so let's back up the commander here wasn't occur stadium there was a second detonation another suicide baugh both attackers that seems to be stopped before they could get in Five years so so I was in I jumped out of planes did the Halo Heyhoe Scuba dive all that stuff well right to do we're going to hear a hacking story from someone inside the US Cyber Command which is a very secret hacking organization within the US government he decided to join the Marine Forces Cyber Command but with the switch they knew they needed to give him some training they sent me to school for means of of some of Isis is networks and what they're doing it can be again intelligence gathering we are standing by with Tomahawk missiles tens and tens third attacker would blow himself up outside a nearby McDonald's around nine twenty five gunmen with Kalashnikovs. This guy's a beast I mean my understanding is at Marines training to be a killer it's a very aggressive branch of the military but force RECON amplifies that immensely they're the highest trained can only do so much and we're very very effective we're there to support but I think in the end it's going to be a ground fight they needed more help to stop these terrorists so cafe bomb was hit five people were killed at nine thirty six at La Belle achey sheared can't say our guest's name you'll understand leader but for now let's just call him the commander this is kind of a fan boy moment for myself to be Honest Cyberspace Operations and Quo Listen It at the Conduct Offensive Cyberspace Operations I once heard the US government has resumes Rolling Inherent Resolve which is the new name of the ice of some Anti Isis Coalition Movin we provide meaning missions off of aircraft carrier the George George her always a commander t started out as a regular recruit in the marines but quickly he knew he wanted more so I actually started I was a force recon marine right I in the Marines and in two thousand twelve he was deployed to Afghanistan in the sing in prevents a tough place and trying to neutralize the Taliban over there doing okay you're going to wonder how I got to send you because as you'll hear this is an extremely rare interview and I'll explain how I got all that at the end of this episode but I do want you to today we're going out on patrol it's funny but it's true and then you know I mean we always try to keep that kind of mindset especially in the Marines where the Marines are known to be more aggressive in that was not different in cyber our team was the first to do a lot of things it's your computer geek or your or your buff yeah us come in is believed to be the offensive team within the NSA or actually it came out of the NSA but now it's its own thing so yeah you got that in statement for this group Mark for cyber the mission statement is quote to Conduct Full Spectrum Cyberspace operations including conducting offensive loser cybersecurity stuff just basic security plus network plus C H and then they do they did put us through some more in the fall of twenty fourteen I was finishing up all my training and they had just started a team very sensitive locations and sites you'll be out of uniform and things like that but still at Fort Meade you're in uniform all time admitted to conducting cyberspace attacks but look at this it's right here in the mission statement of Mar for cyber and when I think about the mindset that the marines have and how technical training for Computer Network Exploitation Luke camps and cyber attack and defend and eventually you attend mission Commander Course for my role was I'm Kinda stuff I know people have some traditions when you're the first for your first cyber mission on the OPS floor don't make you wear a flak jackets I find it fun so this is how transformed from being a trained killer to capable hacker and he's on a new mission now it's about the enemy from behind the screen store the videos and pictures and then a bunch of skilled people to run everything so is this media was everything that involved the production of their media content I mean they have to magazines that are published in ten different languages and these magazines are excellent quality to they're very well done high quality pictures from the front lines an ex they're so competitive and gung-ho and battle hungry I just can't imagine what kind of hackers would come out of this everybody says overshooting cyber or a helmet to look goofy when you're sitting in front of the computer because it's your first op traditions still comes into play in some of the floors today on a daily basis on most and that was that was all isis media so since the US government was already using intelligence geared buff guy right like which one is it or is it both there's a lot of buff dudes in cyber to be honest but it's it's pretty funny I mean we we still do all of that between NSA and cyber com that was focused solely on isis media. Yes back to isis so isis sometimes it's called still produces a ton filming horrific things and editing them cleaning them up to maximize the impact to the viewer to run all this they must have a whole network to share content between the teams hello raids and other operations and after a few years of that he came back and spent a total of five years as an active force recon marine you get older things get harder yeah we're all in uniform it's sitting in front of a computer screen for screams just like movies everybody's in uniform working on things everything that was associated with that was what was under the umbrella of Isis Media and they had a lot of people I mean we were talking early designed they also have a ton of social media accounts post news stories and even act as recruitment tools for new members also have people producing high quality videos dedicated analysis project production targeting effort and that's where they pulled a few marines together after you civilian ear before that and then in twenty fourteen in the fall it was finally becoming so big that it was its own entity in warranted its own we're talking Cameron we're talking editors we're talking you know linguists for translating into every language across the world so that the and and started a a pretty crack knit team and then I took over the team at the end of the year in Twenty Fourteen Oh wow this very interesting there's an officer so at this point he's an officer for Mar four cyber that's short for Marine Forces cybercrime okay now let me read to you a paraphrase version of the mission perations to keep tabs on Isis. They felt that Isis media was big enough to create a team to just focus on this alone so isis media had been on the scene for about a year so there is still that you know military mindset of messing with people and and things like that I mean it's it's pretty funny I find it fourteen all the way through to summer of two thousand sixteen was analysis development building out the network could disseminate their message we had you have your own. It shops and finance guys I mean it was a large scale right from force recon marine to mar for cyber and now to the NSA and cyber command to gather as much information as he can on isis media nine others were critically injured the epicenter of the attack though would be the battle clung a concert venue as the band beagles or you look at a regional news office they have senior editors they have people that do translations they have a web guy that sets up the website magazines the videos that everyone saw come out the logos the attack claims all of the social media accounts that they had the websites who is behind isis media and where it was edited who's running the social media accounts what software they're running and I bet that goes so much deeper he didn't say and here already the NSA Cyber Command are tracking them heavily now can you imagine how much data they collected in this time I mean we're talking the say and Cyber Command here and dedicating a whole team to investigate this for two solid years by that time and with those resources I'm sure they must have had everyone's name variation and you could see that in like all the videos that came out they were Hollywood quality videos that were hitting CNN and ABC understanding how they operated what they did that was I mean it was over we spent a year and a half just understanding the target space and I mean I'm just guessing here but here's an attack I think they probably did I imagine if they hacked into the phone of one of these isis media people and then on that phone they so I says media became his primary focus all day every day him and his team were they're doing everything they could to understand who's behind this I bet they hacked into all these people to they had access to their phones and laptops and facilities everything together as much data as the could probably even their spouses and they have a guy that configures domain names guy that you know their it staff that keeps the sheriff the shared drives running keeps the email accounts up there chat services there's domains accounts all connected with lines and it was all we had a pretty good understanding I can just picture it now a big map living out a high fidelity network just to give you an idea of where we are in a time line this is still before ices invaded Mozell and declared a caliphate so that they can conduct their daily business and you have your field journalists and cameramen and all of those all of that stuff one was on and somehow captured all the traffic to that phone now somewhere in that traffic are the private chat messages to that phone and with these private keys the goal was to simply gather data basically spy on them and collect as much data as they could from this group and they did this for a long time so the way to stay in the fight is to cyber the marines give you a little wiggle room on where you can choose do you WanNa go so we were trying to map out the network so everything behind everything that made isis media tick the building that I'm sure you've seen pictures of so if they needed more help they could just walk down the hall and get another group of people who are specialized than something to help them out the private decryption keys for that phone this would be the key used to decrypt messages to that phone then imagine they hacked into the Wifi network that phone I'm guessing it's technically possible to decrypt those messages this would be a pretty complex hack but I bet it's something that US cyber command could do who in our abilities and then you know General Hawk came back and was like you know what do we do now like how how much bigger can we go what's the next step and then we said we can go global let's go global instead of those horrific videos and beheadings kidnappings of Westerners and the leadership congress and sexy what we were supposed to uncover defined so people places things everything minded analogy I give people is like if you look at CNN doc kind of was the final Straw to where before early December and before Christmas Secretary Carter said I want Gary Carter at the time we're getting set up with all of this going on and having it be all over the news so people were getting a little angry in leadership and icing on the cake was November you know you had the Paris attacks and which were the horrible terrorist attacks and to diminish their impact of an attack in the publicity side of things we already at a tactical level I felt like but options we have to do something big now up until November twenty fifteen it was all sit listen mindset or an appetite at the time for Hey let's do a strictly cyber operation to try and stop this media or tried bulletin bosses and friends too I bet they were infecting all these systems and bring their week deep into the Isis media network and then establishing persistence to maintain some plans to actually take down some of Isis media they were developing tactical cyber attacks to take out a website or take control of it or delete in entire server the chemo started to make sense things became crystal clear there were a few key nodes that if you were to disrupt or take out these key nodes in two thousand fifteen if you remember in the summer and early fall that's when Isis attacked started to really pick up and they started to have terrorist apparatus that's over there he was looking over his big map of Isis media looking over all the connections drawing a connection it's Iraq's second largest city on June tenth two thousand fourteen a new chapter in Muslim history was written a group of armed fighters basically from this system to that system to that network and this person making all these connections and he was looking at the map and all of a sudden it's with a plan to take out just part of a network in one country as sort of a test run to see how effective this would be made it so that we had some confidence in what we could do and and and enable other Connecticut operations for the guys on the ground help inform them to do certain things and the wasn't this was making sense this was the way to take out isis media attack these nodes and it all unravels that's when I had my like Aha moment when they wanted something done about it and we weren't really doing any ops to counter that that's at that time still because they had extensive uh there wasn't that appetite at higher levels to say oh we can we can do something that's purely cyber and have an impact on this one country or two countries scoble let's do everything after the break we'll hear how this mission went global stay with US Dak feel like there's very few people that know as much about isis media's me and a couple of guys on the team the commander felt like he had the skills and expertise to take out more of Isis media but the leadership wasn't sure if this was the right course of action they needed something else nothing my come crashing down this was a big discovery for the commander double checked his work and looked over it again and yet I mean we had a long target list it was I mean it was a large you think of like a large graph just pictures server a foothold in there because if you think about this this is all going on in the same building that the NSA headquarters in Fort Meade Maryland that big black boxes like my Pepsi Sylvia moment we've been staring at this data for a long time all of these lists knowledge of Isis media they started to think could we would it be possible for us to actually disrupt them instead of just spy on them so they started to divide wall linking everything together with photos of everyone and it probably looks like a map that the FBI will create when building a case on someone red strings connecting everything together us in the basement at NSA and starting to draw on the board circles with names and numbers and an information and then in February it kind of struck me that it was all connected and it was very centralized so I remember running downstairs to my boss's office was assigned to Marine Operations from Cyber Command and so we had to pick a instructed and legally allowed to do but now leadership is granting them the ability to disrupt degrade and destroy the target yes we were like gladiator gladys global and then you then the second word in the name of an operation is just whatever you want data but still that's all it is gathering data from the adversary but here here's where a big change takes place isis wicked a group of military trained hackers all coming together to make joint task force aries specifically to target Isis using cyber-attacks this is a big difference it's kind of like the difference between someone on the roof with a pair of binoculars versus someone on the warm to carry out a specific mission j just cyber specialists that focus in ofensive cyber operations against to be so you can do like I mean gladiator somethin- or global something and they would all be global XYZ global ABC the way that military operations are named is that every unit in a specific EO in a specific area gets a sign oof with a long barreled rifle and scope with orders to kill you see the difference they were never allowed to weaponize their hacks to destroy before you see up until this point all this team was doing was listening and watching and collecting yet the hacked into the enemy to listen and collect but that's all they were but first things first they need to come up with a name for this cyber operation so that is a funny story and I'm glad that I got to tell you that and two letters so the in those two letters have to be the first part of the word that starts their operation so G. L. I am Isis media while this task force was getting spun up the captains had to decide on what the mission would be no in my opinion this is where a major shift in taskforce had to be created to handle this first they decided to start creating joint task force aires or JT aries for short now jt areas was the first word to make the operation so G. L. so we sat down and a bunch of captains and try to come up with the most bad ass words that started with G. L. Nations took place you see we know that the military and the NSA collects data and listen for signals and decipher the messages yes sometimes they break into a computer to get that this was a big moment the leadership agreed that perhaps using hacking to take out isis media would be effective approach with the strategy now now they're getting permission to do this so I think this is about to get a little hairy is glowing seriously glowing that's so knock cool respite something that's you know more bad assets more like more hardcore but that was what higher told us and then the symphony part came from you and so we were coming up with all these cool names or things that we thought were cool and then it came down from higher that they were like the word in marine basic training when you're calling for fires when you have artillery and air support and mortars and machine guns all shooting at the amy they say that it's a it's a symphony of destruction because it's you know boom boom boom boom boom like in a movie when they play the soundtrack in all the stuffs blowing up so and he wrote it down and then sent the email so then it became glowing symphony and there was no turning back okay the symphony of destruction and we just say we're trying to have a symphony of destruction against the enemy here and take down all of the isis service domains emails whatever at the so in May of two thousand sixteen task order one six dash zero zero six three was signed by President Barack Obama an operation glowing symphony was ago time it's GonNa be great and then one captain who was the quirkiest one of the group was like well that's the name glowing symphony we were like that's so lame and it can't be that the mission commander for that specific team this is why I call him the commander because he's the mission commander for all this I was on a mission commander is a I know there was I know I know there was a lot to talk about but it was only like ten people know that Yeah I love it cyber com term and mission commander is the one who oversees a specific cyber opera mission for that for that day so it'd be the same as if a unit goes out on a patrol and walks around enemy territory and comes back the leader of that patrol is a cyber mission commander and that's what I was okay here we go time to get ready to fire some cyber bullets the commander just spent the last two years learning everything about isis media and his tom or Ogsm for short and GTS aries was tasked to execute operation going symphony with the first mission to take out isis media. I wasn't Jae Varies and I was more than ready to carry out this mission I e needed some troops he was able to look around in the NSA and cyber command different military branches to find the right candidates and then also he's trained on the tools and approved on the tools to use on target interesting not everyone on the team was a squad of soldiers infiltrating enemy territory and doing a patrol and objective and each squad has to be independent on their own being able to make decisions and yeah we've definitely handpicked him pick them so we assembled I think it was four or five separate teams think of each team like you had a guy who's an an operator and he's very skilled at setting up the infrastructure getting to target and getting chroma target hooved hit the delete button or the enter key only the operator was allowed to actually execute on objective but not only that this would be an expert on for the objective and execute on it so they had to start assembling these teams four people per team so we had an intel directory structures domain names domain admins and things like that hell underhill no the larger target network and have be able to provide the context to that guy just an operator a signals analyst and then we had a kind of like team leader so first let's look at what an operator does pewter knowing what exploits to us to get into things and how to move around and network once you get in this probably one of their best trained hackers on the team the person I would sit next to me ready to help and then we have another Intel analyst who is to the other side ten that Intel analysts understands the typical targeting charts so the face the phone number the friends the terrorist group the cells that the you know the homes that address all that stuff and who's memorized faces and names and friends names and locations because as you're working your way through this strange foreign network you're gonNA come across words understand what that was unless you had this person sitting right next to you explaining what you're looking at because they've spent the last six months memorizing all of this stuff and then the mission commander is the one making sure that it always going to on correctly and that they're going to accomplish the mission that they're tasked to do are not legally allowed to go to cyberspace and and that's how that's the team functions military trained hackers our troops soldiers all with the resources of the US military behind them I mean if they needed to the can use some pretty cutting edge hacking they coughed up those people in the task orders to come over amazing we've got quite the crack team of highly skilled hackers now I mean this is what dozens of tools for this or they can get help from some much smarter people if they need to linguists interpreters codebreakers developers or access to aerial photos but as they're getting the team together that was tension in the air as in any operation we had all the accesses that we needed it just don't make any sense things like server names network names and domain names and email addresses and website names stuff that when you got in there and saw it you wouldn't that everybody's following the rules and not you know stepping in places we shouldn't go or going in places that activist and here's where you have to go next and here's where this thing will be and if you go down this way then you're gonna find this next thing like crazy there's just some person sitting there who knows all this stuff pass so we were sitting there as hackers who all this access and it could go at any moment at any point in time right to see if anyone fits these criteria to recruit them so we reached out to the other units asked for these types of qualls the people that we knew that were there and then understands that larger picture that can help them when they're on target of navigating through this is another reunion valuable person to have on the other side of you this is someone right on the keyboard so fascinating this is kind of like a navigator of some kind somebody who knows the lay of the land so well and it's like okay here's where the next unity on it okay now get this isn't something the commander told me about but there was someone else also joining the fight can guess who greeting citizens or CIA or an essay or other military branches they weren't sure of this is something that cyber command should be doing since it hasn't done something like this in the work and from the people places and things and if they caught onto one part of it we might not be able to get back and you've made the operation less effective and maybe not even worth doing it all so every day that went by we were like hi of approvals come down before we can do it there was a lot of talk from higher ups there were debating on whether or not this job might be better suited for the FBI fine you will be treated like a virus and we are the cure remember we are anonymous we are Legion we do not forgive we do not forget affect us yes so as the isis attack started happening all over the world anonymous joined in on the fight you and they were doing things reporting thousands of Isis twitter accounts to give me the green light let's go let's go but nobody wanted us to fail because there was so much publicity within the and is executive signals analyst who understands the tools and the infrastructure but also understands the intricacies of the targets I was going to go away not only was time taking on all this but there was also a lot of approvals that they had to go through I mean after all it's the heard Isis we will hunt you take down your sites accounts e mails and expose you from now on no safe place for you on they started sending these teams and one team wasn't good enough they wanted like four or five or six of these teams so I started asking around at NSA US cyber command or other military branches entities. I mean how can you collect data on ISIS IF ISIS is down and when when a website that you're tracking for years goes down Peter and saying Hey ben these people twitter would and they would report facebook users that were Isis members and instagram all this stuff because the thing is one thing that anonymous is pretty we're getting accounts taken down like crazy some reports say that up to like ten thousand accounts were taken down because of the activism that anonymous was doing in this fight as well and world governments and corporations and facebook we are anonymous as most of you know by now we started a cyber war on Isis and just to remind you were ready to go forward and but we couldn't go forward because we were still deconfliction what the inner agencies and having very are you sure we can do this right there yeah are you sir we can do this I was like yes sir on you know we've got this in our sites and we're GonNa do something real soon just kind of like cool it and so while all these anonymous operations were going on approvals were starting to come through for Operation Going symphony things were starting to shape up so you could take the approach of what's you know slowly degraded the enemy through until they were go no longer that was the goal whole man this is getting so good and you might wonder why I'm so excited day catch onto what you're doing and then it's gone and they lock it down so we were nervous everyday that went by that it would go away go away as in they had confidence in our plan saying that you know we're GONNA go out the door we're GONNA make a right we're going to go for five miles we're gonNA make left that we're gonNA turn right on this street why is it down who knocked it down what's going on here and so you know commander in and say but I'm bet that he was watching this kind of stuff happening and trying to fit you're out who's taken this stuff down and I've heard stories from other people in intelligence who actually got frustrated with this and went into some of the hacker chat rooms and said WHO's yeah that is finding out who you are and dachshund you so they're able to root out who these isis people are online and report them and and I certainly don't like it when the NSA overreaches on what they're legally allowed to do so if anyone at the NSA is doing this kind of stuff it's naughty stop it that's what the plan was to do was go in and just decimate as much as we could in the shortest amount of time possible and then maintain engagement with the community to give a massive below to their operation to take down everything that we could as fast as we could so we had to tell them everything we were GonNa do and after we presented the senior operator myself you know they'd always turn to us in like put their hand on our shoulder and say awesome destruction and here's a moment where I get to see the full force of US Cyber Command unleashing a devastating blow to isis doesn't it get you about this because many of you think the NSA in the US cyber command are the bad guys they're setting up ways to constantly spy on innocent civilians and the horde zero days and ten different languages of publication for their magazine they had ten different websites at various various locations with new domain names the same time anonymous was actually taking down some of Isis websites to and walled this is cool in all it kind of threw a monkey wrench in some of the intelligence distrupted and take it down over time but you risk losing your access you risk not being able to continue the slow degrading because they hard in one go and then see what's left and then pick apart the little pieces that were left remnants that remain and we that's what are every day so they had domain names they had web servers that were static Ip's that that they were spinning up for each specific language accounts at those specific providers so they had servers domain names they had emails they had you know you could look at the coast any cyber attacks like this ever so now for the first time you to hear what operations are like inside their this is crazy so sorry busy is important to meet please don't try to ruin it but I'm GonNa put all that aside for this hour because in this case in this specific tell the vendors that there's bugs in the code or that they're trying to make encryption weaker or make back doors and things so they can defeat it all this does sound bad and scary global scale they didn't care where it was in the world they just wanted to be cheap fast and readily accessible in tons of telegram accounts so they have phones and they have email addresses to set up those accounts all across the board as they're buying servers you can assess that they have we'll see media would catch on us I mean yes they would catch onto we have varying levels of access throughout their of action lear doing by decimating isis media I can get behind this and I can't think of many times where hacking destroy someone's computers is a good idea they're gonNA learn every time something bad happens in hard in their network and the people the places and everything that they have so we saw with going symphony was an sorry commander continue what are we what are we looking here what's going on so what they did have from the public view in an open source intelligence you could see they had the team spent months gaining access to the network learning what was in there he couldn't go into detail about the techniques used but he didn't give include that it all starts with email taken down these websites and then having like chats with these hackers to like kind of not so much coordinate things but like just back off on this for a little bit while while while we take care of it we we know hermit and the government moves very slowly to do mission briefs up the chain to each of the higher officers before we went to go do it to make sure that you know getting more information and to move further into the network getting into an email account is golden you can pivot from the email account into the other and at the same time I'm excited to peek behind the curtain to see how US Cyber Command executes these missions and there's a little part of me that kind of likes to watch and if you had access to my email then you could see that and reset the password so yeah getting access to someone's email account can open the doors to tons of other things that person has access to you so 'cause I can't speak specific to us but if you look at the Look Cyber Operations Large Ninety I think this was if you have access to my email address you could go to another service I have like my web hosting and tell them I lost my password and they'll send to my email account with the password reset for exploit or something there was it was a whole suite of things that that gave us the understanding and the access network doing this time the learn about what's in Laura Count whatever that may be the email is the key that is the core piece to pivot through Whoa that makes sense yes of course I do too and I just feel so lucky to hear this firsthand from commander within US Cyber Com these people are extremely tight-lipped in fact they've never claimed responsibility for this was getting them access to a ton of stuff and once they got in they needed to establish persistence this is where they can stay in the network hidden unseen even if how they got in got fixed note on this protect your email access make it a high priority to secure it I give it a long complex password then able to factor authentication on it make it hard watched and this might be enabling root kit or opening a back door or leaving some program running that lets you connect back in later we had multiple access tres into the whole system so it wasn't there wasn't just there wasn't just one one piece of software a lot of hacks and whether it's an at just a bunch of teenage hackers yet they love getting into email accounts to poke around this is common for hackers and effective it's it's not a matter of if it's just went like I was amazed working there that any challenge that would come to the folks at NASA or any of the develop anyone to get in your email because if someone does get in they get access to almost everything to of operation going symphony was getting into their email accounts out the username the email the email address in the password that's that's that's where you can start you can pivot everywhere from that I've looked into it they had magazines that were posted at You know accounts of Free Fall Upland sites where they were push all this stuff out and the videos to download and things like that we counts email addresses bank accounts mobile accounts like just let's try to completely delete as much as possible yeah all of those I it was just a matter of time before they figured it out there was nothing that I saw them you know throw their hands up say it's impossible targets were on the docket it was lockout delete miss configure reroute that's associated to that email any thing that's tied to that email for password reset so you can pivot from that email address into aws account into the cloud drawing the lines together and then saying Sir it's all connected it's all here if we take this out it all goes away or these five things will fall apart it's a house of cards the way that you saw but they would find a way to answer your question forget where you wanted to go they assembled other people into teams and we're getting them ready the network and they spent time pairing the infrastructure with the exploits needed us and they had a lot of meetings on what the best course of action was to take it all out you make it on their list it on a webpage the source code on a Web page see the file sharing server that served up the content for that Web server and they had all of this laid out at an ex Donovan today at tons and tons of social media accounts that they were constantly pulling together it's always it's already been reported they had tons of telegram groups four or five of those teams because we had so many targets and they each got ten to fifteen targets right because we had to do the whole operation as quick as we could and because we didn't want the enemy to know once part of the network was being taken down or locked out and and they start to they kind of like shut us off from getting to the rest we had to do it all the same time before they could catch on so I'm GonNa assume targets are our servers social media in this isn't hacking humans podcast over ninety percent of cyber-attacks today start with email and it's not just spearfishing link it's access to that email please anything that you could do to stop the network from functioning will come up with who had which targets and then which ones it was it was planned out to a t. like down to the keystroke of this is the one that I'm talking to this is the one that I'm going rosters all of that up lights are dim let's like everyone is ready time for one last phone call to headquarters we were waiting on the sides with different you know what you would see in a sock like infrastructures up or down stoplight charts no world map in never imagined hackers also getting their scripts approved before and then practicing it as well that's really something Oh yeah we says enterprise or something like that it's got everybody's got to keyboards four screens chairs lined up TV's all across the walls and the front we would you had your plan to a t and we scripted it in a test environment to make sure that it worked all the way through window was going to be the timeframe and we wanted or at least I wanted everything executed within ten minutes and as quick as we can at least getting the first foothold and then I turned to all the teams on the floor and then I say let's go the plan is ready to people are ready after the break it's go time stay with us so they set up the window the rallied the troops letter for approval for final approval from headquarters over the phone and once they said you know cleared hot your chances of being caught and certain tools and software had to be custom built to get it just right so people were working really hard to get everything ready for this cyber and yet the people on the team would come in nights and weekends to conduct a lot of this preparation because there are certain things you want to do when nobody's around to reduce to automate some things to we automated as much as we could but then you still have to do some hands on stuff but we tested it we had developers and technical directors review before we went to go and do it we had an extensive amount of Hertzel's before anything was actually executed on the real target with this one in a going down the list and moving pivoting and working their way through so we planned that out in detail and rehearsed it in detail prior to the operation that was that was the next step that's amazing because when I was a network engineer I would get my script approved by other people before making a change name was it was all day everyday Ojeda's operation going symphony in case you're wondering it's the name of this operation all troops and they got everyone ready because this was the big day all the teams assembled in what they call the operations room it's a pretty big op floor is they call it so it looks it does look like a movie a lot of screens phasing down the you know command of the US their heads down and then they hit shift enter on the scripts and script started running started moving through strike the last thing they needed to do was pick a time window on when they can do this operation in the ten minute window was picked because that's new parts of the network moving through a cow swimming through servers moving through everything and executing according to plan the task unit immediately have to work running through the checklist exactly as practiced it over and over in training but this was not training this was live fire on the enemies infrastructure you could controllers and this would give them access to key infrastructure that they were also destroying raining down a symphony of cyber destruction we had a we knew they weren't going to be there so we had to we have profiled everything and known that this to large print out probably three feet five six feet tacked up on the wall and it had everything every target printed on it every time on the team would accomplish one of their objectives they'd run a little piece of paper up to the commander to let him know what's been done and these pieces of paper had little codes on them and so they bring right once you get domain you hit the domain controller you're good to go but we had to get the domain controller in ten minutes caffeine okay things were going great the teams were systematically destroying one thing after another within the isis media network were hitting targets all over the place deleting accounts everyone's got their practice on this primary focus right this is their one operation everyone was working on and focused on when you woke up to to bed at night the teams talking Click this go into that directory that see Jackpot were running their scripts and conducting their operations deleting virtual machines ticking over board everybody was donald in from all across the enterprise to listening because this was a big such a big event wiping hard drives destroying systems in any way they could rerouting traffic taking control of accounts locking out accounts and wrecking everything in their path as a paper that say like one Delta and then it would say like packers were browns and I would know what that meant you logging in from a different Ip you need to authenticate with security question and we're like Oh man we on this not going anywhere in one of the analysts who've been on the team me for three years stands like fifteen fifteen understand their secret question to all the counts that they've ever set up that's some pretty deep burrowing into someone's network or even their mind and and then I would write it up on the board and report it up on the on the radio to higher quotas because they retract everybody was tracking everything across the then one of the teams announced they have a problem operators on keyboard everybody's there we're moving hit a roadblock you know what's your pet me fifteen fifteen it's always fifteen fifteen this guy and we're like okay man tries fifteen fifteen the trips me out I mean this kind of highlights the power of would insane. US Cyber Command has right like they can infiltrate someone's life so much that the what's your pet name how are we going to figure out you know the disguise pets his patenting it was one of the core after that the task force continued to walk through their objectives hitting target after target taking things down and they had a lot of different types of targets an interesting one to me are the financial FBI we can't seize funds and then hold it but you just get locked out of your pay pal account and there's a thousand dollars in there are places that we were trying to go everybody's heart stopped we kinda got all done or and then we continue to move onto the target I mean certain analysts get to know these guys down to such detail that they can -ticipant what these guys are going to do before they actually do it in the technical in the technical round well discount Mike what no way it says pet's name it's got to be no spike or bomb or something like that and he's like a brief moment of happiness we stayed on and kept going and going and going and going we found more targets more more more domains more servers so we worked until you know we knew that they were coming back and we kind of stopped and then related seclude yourself some money was lost during all of this and at this point they have successfully accomplished all of their primary objectives for this mission we did it in about ten minutes that we got all of our key two four hours going to the rest of the target list but at that point in time we could take our time and and we knew that they couldn't take it back from US nodes and targets down in the first ten minutes and we had control and we knew at that point that they couldn't stop us and we stayed on for the next so immediately the I team started trying to stand up their servers again and rebuild their websites and relaunch their email applications because they couldn't even get to all over again or trying to restore from backups and so while this was effective right away they did see isis coming back online slowly trying to restore it I mean that's what the it team is therefore right they're not just like fired immediately they're like called in to come help right now let's get everything stood back up more parts of the network more files everything that we could we could find and it it was within the approved plan that that we had approved or like are left and right lateral they had yeah there were there was a lot of leading going on so if they were in there they're gone but yeah if you could delete the private keys for longer and you start missing deadlines you know your brand isn't as good nobody nobody likes a new Isis media had some crypto currencies but with this you can just delete the private keys to those wallets and you're never getting back in there essentially destroying whatever crypto currency a public information we do know we see that Isis was very chatty on twitter before operation going symphony but that number of tweets drastically got reduced right after Operation Going symphony went into effect if you don't have a file sharing server to pass the photos from you know from the front battlefield lines backed out like everything's just gone what do you do right like you don't just say oh well that's that let's be dying no you work on is out with that has bad logos bad videos and delays and releases so when you impose that on them it erodes what emails

Coming up next