Are the Taliban a cyber threat?

PUBLISHED May 22, 2022


Rapid advances in cyber capabilities and greater reliance on cyberspace have not only changed the landscape of modern warfare, but have also introduced a new dimension of threats, particularly in cyberspace. Seemingly harmless data in the wrong hands can become a potential cyber threat in today’s world. The chaotic U.S. withdrawal from Afghanistan and the Taliban takeover of Kabul in August 2021 opened up new avenues of cyber vulnerabilities for the United States as well as Afghanistan.

Although the Taliban has struggled to transition from an insurgent group to a functioning government, it may not pose an instant cyber threat to the United States. However, indirect cyber threats could soon emanate from countries willing to take advantage of the hasty withdrawal. For this reason, cybersecurity experts have warned the US government. vulnerabilities in biometric devices, aircraft, weapons and other sensitive information that was left behind after the US withdrawal. There are several parts to whether the Taliban pose a threat to the United States, including whether weapons, aircraft, and other information have been shared by the Taliban with countries like Iran and the United States. China.

The main issue for US cybersecurity is the potential loss of sensitive data left behind during removal. Embassy staff are specially trained to destroy sensitive data in an emergency. In the past, as evidenced by the Iranian hostage crisis and the attack on the Libyan embassy, ​​this has been very effective. However, due to the hasty nature of the US withdrawal, experts believe it is possible that sensitive data may have been overlooked, which could later contribute to a cybersecurity vulnerability.

It is also widely believed that the Taliban seized US military biometric devices also known as Handheld Interagency Identity Detection Equipment (HIIDE). HIIDE devices have been used by the US military and contain biometric databases including iris scans, fingerprints and digital histories of Afghans working with the US Embassy in Kabul. In the possession of the Taliban, these devices and their data could be used to track people previously affiliated with the United States in Afghanistan.

If the Taliban have this technology, American citizens and Afghan citizens are at risk of digital attacks. Besides the loss of data, another worrying element of the US withdrawal is the risk of aircraft and armored vehicles falling into the hands of the Taliban, which are not average vehicles but very advanced military equipment and the by-product of research. high level. The Humvee, for example, is equipped with sophisticated communication systems, encryption devices and equipment capable of detecting IEDs.

C130s that can be equipped with reconnaissance equipment and Black Hawk helicopters with digital avionics have also been left behind by the United States. Getting to grips with these important tools of warfare exposes how things are secured, configured, and operated in the United States, making the county more vulnerable to cyberattacks. Due to the secrecy surrounding these systems, the world has yet to witness a cyber attack on US military equipment, but that could change once that veil is lifted.

Like international politics, rivalries in cyberspace are constantly changing and evolving. The possibility of the Taliban sharing tools left behind by the United States with China and other countries could result from reverse engineering and testing of technologies in Chinese cyber labs.

During the evacuation process in Afghanistan, China was ready to cooperate with the Taliban. Since then, surprise visits by his foreign minister to Afghanistan have further strengthened the engagement between the powers. China has been present in Afghanistan since 2006 with its telecommunications company, ZTE, and has built a national fiber optic network between the two countries. Experts say it’s time for China to flood Afghan markets with the latest telecommunications infrastructure and cutting-edge technology.

Meanwhile, Iran, which cheered the US military defeat in August, has a somewhat complicated relationship with the Taliban. After the rapid withdrawal of the United States, it was predicted that the Taliban would do everything possible to ensure friendly ties with Iran in exchange for the country’s protection of the Shia minority in Afghanistan and to stand against the networks global terrorists. World experts believe that in return the Taliban may have provided training, food, weapons and funding.

In retaliation for STUXNET, a malicious computer worm that damaged Iran’s nuclear program, Tehran has dramatically improved its offensive cyber capabilities, worrying world powers including Israel and the United States. Iran’s Islamic Revolutionary Guards (IRGC) provided cybersecurity expertise, resources and training to the Houthis in Yemen during the Saudi-Yemen conflict and to Hezbollah in Lebanon. It is possible that the IRGC is also doing the Taliban a favor in cyberspace. A recent attack on the Iranian diplomatic mission in Kabul could halt cooperation for a while, but not permanently.

Whether the Taliban pose a major security threat to the United States can be answered by analyzing the group’s history of cyberattacks. So far, no cyber attacks from the Taliban have been reported. This implies that although the Taliban employs sophisticated communications, they do not appear to possess the essential offensive capabilities to carry out cyber surveillance, espionage or other cyber security related operations.

Their use of social media as a weapon, their powerful electronic communication systems and their strict controls on the Internet can help them win a war of influence, but not a cyber war. Still, it may be possible for the Taliban to share intelligence, equipment, and weapons with more capable cyber adversaries, such as Iran, China, and even Russia.

China, in particular, poses a threat as it has been accused of stealing hacking tools from the US National Security Agency in the past and using them to carry out attacks. If history gives us any clues, it is clear that some countries will do anything to get their hands on the data or the very advanced weapons left behind by the United States.

The merging of the digital and physical worlds into a single metaverse has raised significant cybersecurity concerns for the United States, and the capture of biometrics and sophisticated weaponry are additional concerns. Previously, the Taliban operated as a non-state actor with a terrorist mindset with limited funding, resources and control. However, currently the power dynamics have changed, increasing their control and access to the country’s resources, data, equipment and support. The risk of exploitation is higher than ever for the United States and its affiliates if relations with Afghanistan deteriorate.

Another concern for the United States in cyberspace is the activation of different hacker groups during the evacuation process. One such incident is an alleged cyber attack on the US State Department during the withdrawal. The references of such cases are low but the threat is high in cyberspace. Given this reality, a safe suggestion is that the United States begin to harden its firewall to evade further cyberattacks. The United States should also consider policy measures related to cyber diplomacy, including signing treaties and opting for cyber confidence-building measures with rival states to address future cyber threats.

The author holds an MPhil in Defense and Strategic Studies from Quaid-i-Azam University and is a research fellow at the Global Foundation for Cyber ​​Studies and Research, Washington DC.

Previous To war criminals with impunity, think again
Next The main irrigation reservoir in Iraq is close to drying up