How Jihadists Use Privacy, Encryption Tools to Avoid Detection: Study

By Sean Michael Kerner  |  Posted 2016-07-23 Print this article Print
encryption, privacy tools

A report from Flashpoint Intelligence exposes the tools and techniques that jihadis use, and they're not all that different from any other security best practices.

Jihadist groups like the Islamic State have made extensive use of online media, including social networking in order to communicate their message and recruit supporters. According to a new report from security firm Flashpoint Intelligence titled, "Tech for Jihad: Dissecting Jihadists' Digital Toolbox," the tools used are fairly sophisticated and aren't all that different from what privacy advocates often employ.

The data for the report was obtained by way of multiple sources, according to Laith Alkhouri, Flashpoint co-founder and the director of research and analysis for the Middle East and North Africa. The intelligence was mainly collected from primary sources, including private, invitation-only channels on the Deep Web, mainly ISIS supportive Web forums and Telegram channels, Alkhouri said.

"While the majority of references are to pro-ISIS jihadists, as they're the most active, online activists who believe and spread the jihadi ideology in general are adapting some of these measures already," Alkhouri told eWEEK.

Among the techniques and tools used by the jihadists that Flashpoint analyzed are secure Web browsers, VPNs, protected email services and encrypted messaging programs. The overall sophistication of the tools and techniques used was not surprising to Alkhouri.

"Online jihadists, especially in the wake of ISIS' rise, have demonstrated a trend of growth, adaptation, and relentless motivation to escape the already-aggressive scrutiny imposed on them," Alkhouri said. "In other words, they're always under the microscope, and thus they constantly search for ways to protect their identity and cover their digital footprints."

On the secure browser side, Flashpoint's analysis found that jihadists are making use of the Tor Browser, which routes connections through the Tor network as a way to hide where a connection is coming from. Additionally, Alkhouri noted that there has been mention of TAILS Linux as a secure operating system by tech-savvy jihadists. TAILS—which stands for The Amnesic Incognito Live System—first rose to notoriety in 2013 as the Linux distribution used by U.S. National Security Agency (NSA) whistleblower Edward Snowden. In addition to the Tor browser, jihadists are also using VPN and proxy services in an attempt to further obfuscate their locations.

Alkhouri commented that many jihadists use, and preach, the application of more than just Tor to stay hidden. "Some of this goes back to some who believe that TOR is American government-developed and as such must be trackable," Alkhouri said. "There has been a clear advocacy for VPN/proxy services that, jihadists believe, reduces their risk if they are European or Asian. Plus, they exploit the free trials VPNs/proxies offer by constantly reregistering under different accounts."

In terms of encrypted messaging platforms, Flashpoint found that jihadists are using Telegram, Threema and, to a lesser extent, WhatsApp.

"We've previously come across fundraising campaigns for alleged Al-Qaida fighters in Syria and Gaza, using WhatsApp and Skype, and lately, channels on Telegram for small firearm trade are advertising WhatsApp numbers for dealers and buyers in Yemen," Alkhouri said.

Open social media, including Facebook and Twitter, is critical for jihadists, he said, adding that today jihadists are facing the most aggressive counter jihadist campaigns on social media, spearheaded by Twitter and Facebook.

"There has been numerous instances of Instagram use, but by far much less than Twitter," Alkhouri said. "In paraphrasing the words of one admin of top-tier Deep Web ISIS Web forums, Twitter is indispensable for the mass dissemination of their message, to reach the highest number of people."

Overall, what seems to be apparent is that jihadists are in large part making use of similar tools, techniques and best practices that are often employed by privacy advocates. The fact that jihadists make use of the same tools as privacy advocates is not a surprise either.

"It tells us that just as much as the average security-conscious individual is worried about information security, online jihadists are more worried about arrest, court prosecution and all sorts of law enforcement trouble," Alkhouri said. "Hence, it's of utmost importance that they pivot and adapt and operate safely online."

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel