A Few Good Twitter Trolls
Why the United States needs to take a page from the Chinese and Russian playbooks when it comes to combating the Islamic State online.
A New York Times headline from early June said it all: “ISIS Is Winning the Social Media War, U.S. Concludes.” The piece that followed described a dispiriting internal State Department document laying out how badly President Barack Obama’s administration and its allies — “a fractured coalition that cannot get its own message straight” — have failed in combating the Islamic State’s social media operation. Ambassador Alberto Fernandez, the former head of the U.S. State Department’s Center for Strategic Counterterrorism Communications, put it bluntly in an interview with CBS News. “It’s not that ISIS is so great,” he said. “It is that the response against ISIS is both limited and weak.”
So, what would a truly effective response look like? One that could finally turn the tide against the Islamic State’s social campaign? As of March, Twitter (one of the social platforms most associated with the Islamic State), was suspending at least 2,000 accounts a week suspected of spreading violent, pro-Islamic State messages. Yet when the House Foreign Affairs Committee wrote to Twitter CEO Dick Costolo this past March insisting that companies must prevent their services from “being hijacked for terrorist use.” In a formal letter, Twitter’s general counsel responded with a pledge to uphold “the ability of users to share freely their views — including views that many people may disagree with or find abhorrent.” Not exactly the response Congress was hoping for. But as an international company, Twitter recognizes that complying with one government’s request to censor all pro-Islamic State users could lend support to another’s requests to censor all anti-government users. Relying on Twitter to police itself by automatically removing all pro-Islamic State tweets is unlikely, and would create significant First Amendment issues for American users.
Still, Washington’s failure to counter the Islamic State’s online front does not stem from a lack of trying. Indeed, as of March, the United States had sent over 50,000 messages in four languages across a range of social platforms, from Twitter to YouTube. The problem, instead, lies in the content of those messages. As Ambassador Fernandez said in an interview in March, the root narrative of all Islamic State propaganda lies in its “appeal to the best in people, to people’s aspirations, hopes and dreams, to their deepest yearnings for identity, faith, and self-actualization.” In contrast, the United States doesn’t offer “a counter-narrative that speaks to that. What we have is half a message: ‘Don’t do this.’ But we lack the ‘do this instead.'”
But even if we improve our counter-narrative, how do we disseminate it and ensure the Islamic State can’t drown it out? Successful counter-messaging in an increasingly fractured world of narratives demands conversations tailored to each demographic targeted by radicals. In our contemporary media environment, broadcast-style, “Run to ISIS Land” videos are unlikely to be effective, as there is no universal reason that individuals join the Islamic State. Even if the State Department hired a crack Madison Avenue advertising firm to oversee a modern, data-driven, personalized campaign, you can’t counter-message that which you don’t understand. Moreover, quantitative evidence from more than half a century of similar domestic counter-messaging campaigns in the United States suggests such campaigns may offer little deterrence.
Yet, this single-minded focus on social media and counter-messaging ignores the far more pertinent issue of why American anti-Islamic State efforts are housed in the U.S. Department of State in the first place. Tasking our diplomats with engaging in Twitter dialogue with the Islamic State, in the same fashion they would a foreign government or head of state, uniquely legitimizes its leaders. Similarly, referring to captured territory as “ISIS Land” would seem to convey a sense of sovereign recognition.
Instead, the Islamic State’s use of social media to recruit and incite terrorism represents a new form of cyber warfare requiring a more comprehensive response that includes the military and intelligence cyber and “psychological operations” communities. It won’t be long until the Islamic State graduates from defacing Twitter accounts to launching remote attacks on U.S. soil, from American critical infrastructure and power grid systems to financial markets, without ever leaving Iraq and Syria. Countering such threats requires disrupting the Islamic State’s ability to operate online. In past conflicts, the United States has made use of graphite bombs to disable enemy communications, cutting 70 percent of Serbia’s power grid and 85 percent of Iraq’s power generation capacity, yielding blackouts that lasted up to a month. A similar sustained bombing campaign targeting the Islamic State would degrade its access to social media, encrypted chat rooms, and military command and control networks, impacting its ability to distribute propaganda, recruit abroad, and manage its geographically dispersed empire. But it would also pose an exceptional threat to civilian populations trapped by the Islamic State.
Instead, a highly targeted cyber campaign could achieve many of the same goals of a kinetic operation, but with minimal collateral damage. Such a campaign would involve disrupting the Islamic State’s ability to spread its extremist messages and recruit Americans through social media. To date, such efforts have focused on suspending the Twitter accounts of known Islamic State sympathizers. But each time this happens, a new one emerges within hours to take its place. For example, according to The New York Times the handle @turjuman123 had been suspended 122 times as of April 10, but had found a simple workaround: re-registering each time by incrementing the number on the end of the username from 1, to 2, to 3 (and so on). Suspending these accounts one at a time will simply produce a futile game of whack-a-mole.
China and Russia learned long ago that simply censoring objectionable material does not work. Instead, the United States could flood the online environment with an overwhelming volume of counter-narratives that simply drown out all other voices. The Chinese propaganda machine, for instance, employs over 300,000 people, including over a quarter-million online commentators, whose job is to saturate the web with Beijing-friendly material, while encouraging self-censorship through high-volume character attacks against users posting objectionable material. Russia employs a similar model to control domestic Internet conversation. It adds an offensive element, via propaganda campaigns that spread panic-inciting, false reports of industrial accidents, pandemic outbreaks, and other calamities across the United States.
Imagine if we used a similar approach against the Islamic State. Each time Twitter suspended one of its accounts — let’s use the fictitious @ISISSupporter as an example — the U.S. government could register a thousand new ones, using every conceivable variation of the original user name, designed to appear identical to the suspended account, with handles like @ISISSupporter2, @ISISSupporter3, @SupporterOfISIS, and so on. Each account would claim to be the true reincarnation of the original.
When the real Islamic State user finally registers a new account, the U.S.-registered accounts would go on the offensive, tweeting claims that the real account is a phony designed to ensnare sympathizers. Other accounts would be set up to look like official Islamic State recruiter accounts, posting genuine Islamic State material. But the “recruiters” operating those accounts would, in reality, be government agents lurking in encrypted chat rooms, sending links that redirect the user’s browser to location-tracing malware.
In conjunction, U.S. cyber warriors would upload hundreds of thousands of videos to YouTube and similar platforms. The first few seconds would be lifted from an Islamic State video to ensure that their thumbnail and preview appear legitimate, while the rest would present a counter narrative or be blank. Links to these fake videos would be tweeted in the same fashion that the Islamic State tweets its own videos, effectively drowning legitimate videos in a sea of fake ones. Simultaneously, every Twitter hashtag and meme posted by the Islamic State would be met with a barrage of tens of millions of counter messages, crowding out pro-Islamic State sentiments. A non-top barrage of false messages would post claims of battlefield failures, defections, and drone strikes, overwhelming positive news and inciting local panic. The end result would be an environment where would-be Islamic State supporters and fighters could no longer distinguish between what was real and what was illusion, or who and what to trust — “a wilderness of mirrors,” to borrow the words of the former head of U.S. counterintelligence.
Already, thousands of cyber vigilantes scan Twitter for pro-Islamic State messages and flag those accounts for suspension, sometimes posting lists of tens of thousands of suspected accounts. This citizen activism, free of government involvement has, in fact, spurred Twitter’s increased rate of suspensions of pro-Islamic State accounts. In March, the Council on Foreign Relations’ Emerson Brooking suggested that Washington harness this collective activism by paying Anonymous and other hackers to confront the Islamic State, enlisting them as a cyber-mercenary force operating on behalf of the American people. Such a vigilante army could provide the vast human and technological heft necessary to carry out a China or Russia-scale online offensive against the Islamic State.
Even more provocatively: could the U.S. government take a page from the playbook of the North Korean attack on Sony? Under such a scenario, the NSA and other U.S. cyber elements would launch a dedicated effort to hack into Islamic State computers, copy all their data, and then permanently disable them. Or, a highly targeted virus like Stuxnet could be developed to disable computers in contact with Islamic State devices. In fact, according to documents leaked by Edward Snowden, the NSA has already developed such targeted capabilities. As the Chinese hack of the U.S. Office of Personnel Management reinforces, at the very least Washington must explore such offensive capabilities, even if only for defensive purposes to learn its own vulnerabilities.
An important caveat: the approaches outlined above are fraught with ethical and legal concerns. A coordinated, government-sanctioned campaign that floods the internet with false information, impersonates individuals, interferes with communications abroad, and violates the terms of service of a multitude of online platforms, would erode the United States’ moral standing, and send it on a slippery slope towards the routine censorship of global communications it views as a threat.
The growing fear is that others will crib from the Islamic State’s playbook. In May, the Senate Committee on Homeland Security & Governmental Affairs held a hearing — appropriately titled “Jihad 2.0: Social Media in the Next Evolution of Terrorist Recruitment” — exploring these concerns. “There are going to be other groups that notice what ISIS has done to effectively use social media . . . this isn’t an one-off deal here. This is going to continue,” committee chairman Sen. Ron Johnson said in an interview on CNN later that day.
If a small terror organization of 20,000 fighters and its supporters can defeat the “world’s richest and most technologically advanced nations,” clearly, the current approach simply isn’t working. This approach undeniably represents the future of cyber warfare, one where boundaries between physical and virtual battlefields and domestic and international issues are increasingly blurred. We must view the online battle against the Islamic State holistically, bringing to bear not simply harsh words from the State Department, but the collective creativity and capacity of our entire defense community in this inaugural battle of the new cyber era.
Photo Credit: Mark Wilson/Getty Images