30 January 2019 – Vancouver, CA

by Stewart Webb


President Trump and his administration have been adamant that ISIS has been defeated in Iraq and Syria. The headline of how ISIS-held territory in Syria has been reduced to a couple of “dusty villages” has garnered widespread international attention. This territorial degradation has been the logic behind the withdrawal of US ground forces from Syria. ISIS activities in the region signal that they have not been defeated at all and there is a real concern that they may make a resurgence over time. It is still estimated that ISIS has thousands of fighters, but the questions that arise are a bit more complex. What is their financial situation and ability to move funds, how is their ability to organize and launch attacks, what is their ability to organize through their franchise groups? It does seem that ISIS in Iraq and Syria has moved from a credible large-scale insurgent threat to a persistent small-scale terrorist threat, but its international reach is unknown and its operational control over cells in Iraq and Syria is also unknown.

However, as ISIS-held territory was being degraded, there was an evolving shift in its operational structure. The reason for this is simple, as ISIS was losing its territory, its fighters were forming a terrorist cell network – blending into the population and plotting small-scale attacks. We have seen more low-level insurgent/terrorist attacks in Iraq and Syria – car bombings, and small-scale operations rather than large-scale operations or even attempting to govern the territory it held. With the withdrawal of US forces from Syria, ISIS has the potential to make a resurgence, and even in Iraq where the bellicose sectarian divide could split further due to political impotence.

But for the organization to survive globally, it will have to rely on the success of its franchise groups such as the ISIS Khorasan Group in Afghanistan. This is not just the reality for ISIS, but also for al-Qaeda which heavily relies on its franchises in North Africa (al-Qaeda in the Islamic Maghreb) and in Yemen (al-Qaeda in the Arabian Peninsula) and has done so for approximately fifteen years. Any of the larger-scale operations were conducted by these two franchises and even the propagation of al-Qaeda has been through the English language digital magazine, Inspire, and that was created by AQAP and not the al-Qaeda core organization.

ISIS has not relied on its franchises to make an impact in the news or the minds of Western politicians.  Even when ISIS was at is paramount, it was making a global effort by inciting lone wolf attacks. ISIS was able to do this because of the proliferation of its propaganda and its recruitment efforts on the internet, which are well-documented. ISIS decided to inspire others to take up their cause through lone wolf attacks and not fixate on planning attacks as al-Qaeda has. This hands-off approach has allowed for ISIS to commit random attacks of terror throughout Europe and North America but simply inspiring the attackers to do so. This approach is also where the future of ISIS resides and, again, in the digital realm.

As ISIS-controlled territory for its core organization has been downgraded, it is becoming apparent that there is a new strategy forming for the next stage for the ISIS franchised network. ISIS enjoyed much success when it came to its ability to disseminate propaganda and globally recruit members from the internet. It seems that ISIS may be continuing this digital campaign, but in a geographically targeted manner to boost its effectiveness.

This seems to be the emerging cases for Southeast Asia, although ISIS cyber activities have been present for a couple of years. Notably, though, Indonesian police arrested 14 members of a network called the Muslim Cyber Army last March. Although, this group concentrated on the dissemination of propaganda and not cyber attacks. The Institute for International Counter-Terrorism recently published a report stating that ISIS-supporting hacktivists have been propping up cyber propaganda and recruitment campaign in Southeast Asia.  The report also noted that certain hacktivist activities have launched a RansomWare attack on a site that was geographically linked to Jakarta, Indonesia in 2017.  In May 2017,  the Fighter Muslim Cyber Caliphate, a unit of the United Cyber Caliphate, defaced an Indonesian tourism website. The abilities for ISIS hacktivists are limited. According to Kyle Wilhoit a senior security researcher at DomainTools, their efforts have “produce[d] buggy malware and easily crackable encryption programs”. However, ISIS hacktivists do not need to use this software against better protected Western networks but can utilise their efforts against computer networks in more vulnerable areas where their digital security is not as well defended. Areas such as Africa and Southeast Asia are examples of this and also examples of where ISIS franchises currently operate. It is to be said that the vast majority of ISIS cyber activity is concentrated on digital propaganda and recruitment and not on cyber attacks.

This is because much of ISIS’ original cyber initiative was diminished in a series of drone strikes targeting its members and what is left is a loosely-knit cohort of ISIS sympathizers. Regardless, the propaganda is still being disseminated and is influencing people to take up arms for the ISIS banner. But now with the activities in Southeast Asia, it seems that the ISIS cyber campaign is becoming more organized and Going forward, this is going to be the biggest concern. Propaganda will be created and disseminated, that will not be aimed for potential members to travel to Iraq or Syria, but aimed for more local franchises to the audience.

There is also another possible threat and that is the recruitment of individuals to take up the ISIS digital banner. In August 2018, pro-Islamic State hackers threatened the Indonesian government and appealed to ISIS supporters to join the cyber campaign. This appeal should be worrisome, and it is not the first time that a terrorist group has recruited digital support. One of the most notable instances, was in 2012, when a Pakistani-born, permanent resident of America, Jubair Ahmad, was sentenced to 12 years in prison. Ahmad pleaded guilty for supporting Lashkar-e-Taiba by producing a propaganda video for the group. Given the number of lone wolf attacks that have been inspired, it is foreseeable that digital lone wolves are also being recruited. Individuals that will create and disseminate ISIS propaganda. There is also the real possibility that there is an attempt to recruit disenfranchised youths, who are undertaking computer science degrees, in order to carry out cyber attacks such as RansomWare malware or Denial of Service (DoS) attack on government, financial or other websites. Other terrorist groups, including al-Qaeda, have been known to recruit students undertaking chemistry degrees in hopes of institgating a bomb attack.

As the ISIS core organization loses its territory, it will find new ways of continuing its movement. ISIS has enjoyed a very successful digital campaign and it is likely that it will move to the digital realm to prop up its global franchises, disseminate propaganda and recruit new members, some of whom might have more sinister marching orders. ISIS is not defeated; al-Qaeda is not defeated. This is a reality that we all need to be wary of as the loss of ISIS-held territory does not mean that the group does not have other options.


Feature Photo / Black lit keyboard, Wikimedia Commons, 2018

By Stewart Webb

The editor of DefenceReport and Senior Analyst, Stewart Webb holds a MScEcon in Security Studies from Aberystwyth University and a BA in Political Science from Acadia University. A frequent guest on defence issues for CTV National News, and other Canadian media outlets, his specialities include commentary on terrorist/insurgent activity and Canadian defence issues. Stewart can be contacted at: [email protected]