Next Story

Does the Taliban pose a cyber-threat?

Data and technology left in Afghanistan after the US withdrawal could pose a great risk in the hands of the Taliban

By Mubeen Ashraf |
PUBLISHED May 22, 2022

The rapid advancement in cyber capabilities and greater dependence on cyberspace has not only changed the landscape of modern wars but also introduced a new dimension of threats, especially in cyberspace. Seemingly harmless data in the wrong hands can become a potential cyber threat in today’s world. The chaotic withdrawal of the United States from Afghanistan and the Taliban takeover of Kabul in August 2021 has opened new avenues of cyber vulnerabilities for the United States as well as Afghanistan.

While the Taliban has struggled to shift from an insurgent group to a functional government, it might not pose an instant cyber threat to the United States. However, indirect cyber threats may soon emanate from countries that are ready to take the advantage of the hasty withdrawal. For this reason, cybersecurity experts have warned the U.S. govt. of vulnerabilities in biometric devices, aircraft, weaponry, and other sensitive information that has been left behind after the US withdrawal. There are multiple parts to the question of whether the Taliban poses a threat to the U.S., including whether weapons, aircraft, and other information were shared by the Taliban with countries such as Iran and China.

The foremost issue for US cybersecurity is the potential loss of sensitive data left behind during the withdrawal. Embassy staff is specifically trained to destroy sensitive data in case of emergencies. In the past, as witnessed during the Iranian hostage crisis and Libyan embassy attack, this was highly effective. However, due to the rushed nature of the US withdrawal, experts believe there is a possibility that sensitive data might have been overlooked, which could contribute to a cybersecurity vulnerability later.

It is also widely believed that the Taliban seized biometric devices of the US military also known as Handheld Interagency Identity Detection Equipment (HIIDE). HIIDE devices were used by the U.S. military and contain biometric databases including iris scans, fingerprints, and digital history of Afghans working with the U.S. embassy in Kabul. In the Taliban's possession, those devices and their data could be used to track people previously affiliated with the United States in Afghanistan.

If the Taliban possess this technology, American citizens and Afghan citizens are at risk for digital attacks. Besides the loss of data, another worrisome part of the US withdrawal is the risk of aircraft and armored vehicles falling into the hands of the Taliban, which are not average vehicles but highly advanced military equipment and the byproduct of high-level research. The Humvee, for examples, is equipped with sophisticated communication systems, encryption devices, and equipment capable of detecting IEDs.

The C130s with the ability to be retrofitted with reconnaissance equipment and Black Hawk helicopters with digital avionics were also left behind by the US. Taking hold of those important tools of war exposes the way things are secured, configured, and operated in the United States, making the county more susceptible to cyber-attacks. Due to the cloak of secrecy around these systems, the world has not yet witnessed cyber-attack on U.S. military equipment, but that could change once that veil is lifted.

Like international politics, rivalries in cyberspace are always shifting and evolving. The possibility of the Taliban sharing tools left behind by the US with China and other countries could result of reverse engineering and testing of technologies in Chinese cyber labs.

During the evacuation process in Afghanistan, China was ready to collaborate with the Taliban. Since then, surprise visits from its foreign minister to Afghanistan further ensures engagement between the powers. China has had a presence in Afghanistan since 2006 with its telecom company, ZTE, and has been constructing a nationwide fiber-optic network between the two countries. Experts believe this is ta prime time for China to flood the Afghan markets with the latest telecommunication infrastructure and advanced technologies.

Meanwhile, Iran which cheered for U.S. military defeat in August maintains a somewhat complicated relationship with the Taliban. After the swift withdrawal of the U.S., it was predicted that the Taliban would go out of their way to ensure amicable ties with Iran in exchange for the country’s protection of the Shi’ite minority in Afghanistan and to stand up against global terror networks. Global experts believe that in return, the Taliban may have provided training, food, weaponry, and financing.

In retaliation for STUXNET, a malicious computer worm that caused damage to Iran’s nuclear program, Tehran drastically improved its offensive cyber capabilities, something that worries world powers including Israael and the United States. Iran's Islamic Revolutionary Guards Forces (IRGC) have provided cyber expertise, resources, and training to Houthis in Yemen during the Saudi-Yemen conflict and to Hezbollah in Lebanon. It's possible that the IRGC could do favors for the Taliban in cyberspace as well. A recent attack on the Iranian diplomatic mission in Kabul may halt cooperation for a while but not permanently.

The question of whether the Taliban presents a major security threat to the U.S. can be addressed by analyzing the group’s history of cyber-attacks. So far, there have been no cyber-attacks reported that have originated from the Taliban. This implies that although the Taliban uses sophisticated communications, they do not seem to possess the offensive capabilities essential for carrying out cyber-surveillance, espionage, or other cyber-related operations.

Their use of social media as a weapon, their strong electronic communication systems and their tight internet controls may help them win an influence war, but not a cyberwar. Still, it may be possible for the Taliban to share intelligence, equipment, and weaponry with more proficient cyber adversaries, such as Iran, China, and even Russia.

China, especially, presents a threat since it has been accused of stealing hacking tools from the U.S. National Security Agency in the past and using them to carry out attacks. If history gives us any clues, it’s clear that some countries will do anything to get ahold of the data or highly advanced weaponry left by the US.

The merger of digital and physical worlds into a single metaverse has raised cybersecurity concerns significantly for the U.S. and the seizure of biometric data and sophisticated weaponry is an added concern. Previously, the Taliban was operating as a non-state actor with a terrorist mindset with limited funding, resources, and control. However, currently, power dynamics have changed, increasing their control and access to the country’s resources, data, equipment, and support. The risk of exploitation is ever higher than ever for the US and its affiliates if relations with Afghanistan worsen.

Another concern for the U.S. in cyberspace is the activation of different hacker groups during the evacuation process. One such incident is an alleged cyber-attack on the U.S. State Department during the withdrawal. References of such instances are low but the threat is high cyberspace. Considering this reality, a safe suggestion is for the US to start beefing up its firewall to evade further cyberattacks. The US should also consider policy measures related to cyber diplomacy, including signing treaties and opting for confidence-building measures in cyberspace with its rival states to deal with upcoming cyber threats.


The author has an MPhil in Defence and Strategic Studies from Quaid-i-Azam University and is a researcher at the Global Foundation for Cyber Studies and Research,Washington DC.