Australian cyber-op attacked ISIL with the terrifying power of Rickrolling
Commanders in the field persuaded to give up, let their guard down, run around and desert their posts
Australia's Signals Directorate, the signals intelligence organization, has revealed it employed zero-click attacks on devices used by fighters for Islamic State of Iraq and the Levant (ISIL) – then unleashed the terrifying power of Rick Astley.
The documentary, BREAKING the CODE: Cyber Secrets Revealed, reveals that the Directorate (ASD) developed three payloads it could deploy to ISIL fighters' smartphones and PCs "without ISIL having to interact with the device in any way."
One of those payloads, "Light Bolt," saw devices link to a video of Rick Astley's 1987 hit Never Gonna Give You Up. That attack took devices offline but was a mere inconvenience that could be dispelled by restarting.
A second payload, "Care Bear," could also take a device offline, but ISIL's tech support team found a workaround for that attack.
The ASD's operatives quickly developed a third payload, "Dark Wall," that they judged could not be defeated by ISIL's techies.
The three payloads were used against just 47 devices, on 81 occasions. But the documentary describes how even that level of intervention made a difference as commanders in the field were able to request the ASD act against fighters in real time – and those fighters struggle to coordinate their defense.
In the documentary, ASD staff explain that merely forcing ISIL fighters to leave their posts to seek tech support was a win, because it reduced their effectiveness. In some instances, once devices were taken offline, ISIL fighters started using radios that made it possible to determine their location. In some cases, air strikes followed.
ASD staff slept in the office during much of the campaign, which took place during 2016's Operation Valley Wolf, during which Iraqi forces advanced on the city of Mosul and ultimately reclaimed it from ISIL.
The documentary does not disclose the nature of the zero-click attacks, nor whether they were developed in-house or based on a commercial platform. During the discussion of Dark Wall, an ASD staffer states it was developed very quickly, suggesting the organization was able to iterate its efforts quickly.
- Australia to 'stand up and punch back' against cyber crims
- Big trouble Down Under as Australian MPs told to reset their passwords amid hack attack fears
- Oz spy boss defends 'high risk vendor' ban
- Medibank prognosis gets worse after more stolen data leaked
The documentary also details an ASD action against a young Australian who travelled to Afghanistan with the intent of joining the Taliban. During that operation, ASD personnel worked alongside cultural and language experts to write messages in plausibly broken English to convince the Australian he was contacting actual Taliban activists, who urged him to acquire a new phone and use a different email address. When the Australian was slow to act, the ASD operatives convinced him his reticence meant senior Taliban figures had become suspicious of his intentions.
The operation eventually convinced the Australian man to return home – an outcome considered a big win.
Another tale from the documentary concerns the 2002 Bali Bombing – an act of terror on the Indonesian island that killed 202 people including 88 Australians. The film reveals that a fragment of a mobile phone used in the bombing was recovered, complete with its IMEI number. Indonesian carriers shared info on that device's calls and network connections – a vast haul of data ASD analysts used to determine suspects.
A fourth case study in the film describes offensive cyber ops against Eastern European actors who impersonated Australia's government during COVID-19 lockdowns. Australia allowed access to retirement savings during the pandemic, and criminals used phishing and impersonation in attempts to siphon off some of that cash.
The documentary explains how ASD identified the operator of one malware strain used in that campaign, paid for a copy of the malware they deployed, detected a flaw in the software, and disabled it.
ASD operatives even complained to the malware-slinger's help desk, reporting that its bots had stopped working and they were not getting what they had paid for.
The documentary is streaming on the Australian Broadcasting Corporation's iView platform, which is geofenced. Given the topic of the film, The Register imagines it won't be long before alternative viewing options emerge. ®