Rick Astley never knew he had it in him.
But the 1980s British pop star unwittingly played a role in a critical desert battle against a terror outfit with sophisticated computer skills and a slick propaganda machine.
It was 2016 and the militant Islamic State (IS, also known as ISIS or ISIL) group, which had an ambition to establish an Islamic caliphate in the Middle East, was two years into its occupation of Mosul, the second-largest city in Iraq.
"They were using cyber as a tool to recruit, to coordinate, to raise funds, to spread ideology," says Mike Rogers, director of the United States' National Security Agency (NSA) between 2014 and 2018.
"We quickly came to the conclusion that ISIS's use of [a global network] was a significant advantage to them. It was a significant component of their strategy. We felt strongly we had to take that away from them, we have to negate it."
Among the foreign fighters recruited by Islamic State were top-flight hackers and cyber criminals who were experts at disguising the militants' battlefield communications.
So when the plot was hatched to liberate Mosul in northern Iraq, countering Islamic State militants' mastery of the internet became a key pillar of the operation.
And it was Australia's cyber intelligence agency, the Australian Signals Directorate (ASD), that was tasked with providing safe passage — as best it could — to Iraqi and partner troops as they advanced north up the Tigris River Valley in June 2016.
What's Rick Astley got to do with it?
Before providing cyber cover to security forces on the ground, ASD had done quite a bit of snooping in the Iraqi desert to identify Islamic State fighters between Baghdad and Mosul.
The agency's offensive cyber operators studied the IS militants' electronic equipment and found that Islamic State was using a variety of encrypted apps, including Surespot, Wickr, WhatsApp and Telegram.
ASD's cyber tactic was borne out of strategic necessity. Rather than target the use of any particular app, target the way any app worked: the internet.
The agency had a unique cyber tool that would do the job: "Light Bolt."
Light Bolt was a sneaky bit of coding that was surreptitiously put on Islamic State fighters' phones and computers without them ever knowing — no text message needed clicking, nor did it require a phishing email to be answered.
In the language of war, ASD called this type of Trojan technology a "payload".
"Light Bolt was an offensive cyber capability or hacking capability, and it denied ISIL's ability to connect to the internet," explains "Sarah", an ASD cyber planner.
Sarah was dispatched to US Cyber Command at the NSA headquarters in Maryland to help coordinate teams in the US, Australia and Iraq during Operation Valley Wolf.
As the Iraqi Security Forces advanced up the Tigris River Valley, ASD would activate the payloads and shut off IS systems.
Light Bolt had different gradations of power, depending on what ASD wanted it to do.
Its simplest payload was "Rickrolling", named after the internet prank where victims were directed to a video of Rick Astley singing his worldwide smash single Never Gonna Give You Up.
From a graffiti-walled basement several metres below ASD's Canberra headquarters, on the other side of the world, operators would deploy "Rickrolling" and other cyber weapons to coincide with bombs and bullets on the ground in Iraq.
"For about a two-week period at the height of Valley Wolf, there was a very small team of technical cyber operators that were working in this basement around the clock," Dan Baker, a senior cyber operator, says.
"We would be called in multiple times a night — we ended up having to explore options like putting out camp beds in the office so we could sleep next to our computers so that when the targets were online we could be there to put an effect in place.
"I think everyone that works down here is a Rick Astley fan to a certain extent."
The Rickrolling payload was more of an inconvenience than a permanent impairment to the enemy's communications.
Simple troubleshooting, such as turning the device off and on, would reverse it.
"But if an ISIL fighter needs to leave their position in order to go and reset a device, they've just exposed themselves to our partner forces," Baker explains.
"So even though it was a simple cyber effect, using it tightly coordinated with partner forces created a disproportionate effect in some cases."
Former ASD director-general Mike Burgess says it was likely the first time a conventional armed force had coordinated its action on the ground with remote cyber operators in real time.
"Absolutely first for Australia, and I suggest first for the world, generating effects through cyberspace in a very clever, precise, timed way, in coordination with military manoeuvres," Burgess says.
Escalating offensives in arms race against IS
And when Islamic State fighters defeated the Rickrolling payload, ASD took the next step up in its arsenal of cyber-offensive tools with "Care Bear", which required a lot more technical nous to get around.
Still, some Islamic State fighters managed to foil Care Bear with their own IT support, such was the sophistication of the militants' technical proficiency.
So a third type of cyber strike was needed: "Dark Wall."
"Dark Wall was actually developed very, very quickly on the fly," Baker says.
"The Care Bear technique was not effective in all cases and there were some pockets of ISIL fighters who were able to reverse that technique.
"So we were able to draw on many, many years of experience in building disruptive payloads in order to turn around a capability very, very quickly."
Dark Wall effectively rendered target devices useless, disabling a phone or computer's ability to connect to the internet.
"And that ultimately added additional friction, which our partner forces were able to exploit as they moved up the valley," Baker says.
With their phones not working, some Islamic State fighters used radios to communicate, which effectively put beacons on their location, allowing coalition air and ground strikes on enemy positions.
Rogers said the cyber operation was one of his proudest moments as NSA director.
"It was just great," he says.
"It's one of my favourite things I did when I was in uniform for 37 years. It was one of my favourite things we did when I was cyber commander and the director of NSA.
"I remember the pride I felt when the commander in Iraq is literally telling the [US] Secretary of Defense in front of me the value of what we're doing, how effective it is."
By Operation Valley Wolf's end, ASD had targeted 47 phones and other devices and launched 81 cyber strikes from the agency's Canberra headquarters.
Operation Valley Wolf saw the recapture of Qayyarah-West Airbase, which became the staging post for the eventual liberation of Mosul in January 2017.
The story of ASD Rickrolling IS is featured in BREAKING the CODE: Cyber Secrets Revealed which airs at 10:30pm on June 5 on ABC TV. You can also watch it on ABC iview.
