“I don’t think that there are too many [makers of encrypted communication tools who] can say that bad guys don’t use their stuff, accurately,” NSA deputy director Richard Ledgett said during the recent Defense One Tech Summit, describing ISIS’ use of various messaging services and platforms to communicate and distribute propaganda. A new report from cybersecurity group Flashpoint makes an attempt to catalog the digital tools in common use by jihadists, and when they started using them.
Here’s the shortlist:
Tor: Developed by the U.S. Naval Research Laboratory in the 1990s to help installations and military units keep contact during a global conflict, TOR anonymizes connections to the internet, making it harder for snoops to know who is visiting a given site. Throughout the last decade, “Tor’s popularity grew sharply within jihadist Deep and Dark Web forums,” the Flashpoint reports says.
In 2012, the Snowden revelations showed that the NSA could snoop on TOR traffic with a program called XKEYSCORE. In 2014, the German news service Tagesschau poked around TOR’s source code and found that the NSA was watching nine TOR servers that allowed it to do deep packet inspection on basically anyone accessing TOR outside of Australia, Britain, Canada, New Zealand, and the United States (the so-called Five Eyes surveillance partners).
Extremist groups have also begun using virtual private networks, or VPNs, which encrypt traffic between computers. As early as 2012, Al Qaeda was discussing the use of the free CyberGhost VPN, the report notes. But today’s savvy suicide bomber is likely to go in for a paid subscription to a better VPN service. “Some safer VPNs require monthly subscription,” the Pro-ISIS United Cyber Caliphate wrote earlier this year, warning loyalists to stay away from cheap VPNs.
Secure messaging apps, such as Telegram, and other services are proliferating and getting easier to use every day. “It used to be that you had to be pretty technically astute to use encryption on a device or for personal communications,” Leggett said. “That’s become very user friendly, very easy to use and now very unsophisticated actors can install very high-grade encryption on their devices, so ISIL, like many other targets, use that to hide their activities from us.”
One less remarked tool is Hushmail, an encrypted email service that the al Qaeda-affiliated Ibn Taimia Media Center, began using in Gaza in 2013, the report says, noting the Dagestani Mujahideen group “leverage Hushmail in tandem with PayPal for fundraising purposes.”
Another popular service is Yopmail, the burner phone of email. It gives users an email address they can use for up to eight days without registration. After the 2015 Paris attacks, as eyes and scrutiny turned to ISIS, al Qaeda’s Yemen branch (AQAP) used Yopmail to release an audio message about the attacks.
ISIS isn’t the first extremist group to use many of these tools, but it has put them to more effective use. A key element of its success has been its ability to find and groom followers and supporters online — and securely.
For a vivid display of that that looks like, check out Rukmini Callimachi’s 2015 New York Times profile of a young Oregon woman whom ISIS wooed as a supporter, not through slick videos or online magazines, but through constant contact with real people who sent her gifts, heard her every complaint, and filled a vacuum that friends, family, community and church could not.
“Alex [not her real name] was communicating with more than a dozen people who openly admired the Islamic State,” Callimachi writes. “Her life, which had mostly seemed like a blurred series of babysitting shifts and lonely weekends roaming the mall, was now filled with encouragement and tutorials from her online friends.”
That digital communication and outreach is essential to the way groups like ISIS grow — but it also makes them vulnerable.
In his discussion, Ledgett described the Real Time Regional Gateway, which since 2007 has allowed civilian and military NSA operatives to combine various kinds of intelligence to tie extremist fighters to their online identities. That saves lives, he said.
“It’s correlating signals intelligence collection, but also human sources —whether it’s human sources, pocket litter, things that are captured in detainee operations — to say, ‘Hey, this particular electronic activity is associated with this individual and we know from other sources that this guy is making IEDs,” so if I see him on my path, then that’s a concern to people in my operation we can provide them with real-time warning and real time,’” said Ledgett.
Still, the proliferation of tools to mask identities and encrypt conversation is making it harder to intercept jihadist communications.
But that wide variety with new ones coming out every day – suggests that calls to outlaw any particular encryption scheme or product wouldn’t eliminate ISIS’s messaging or operations ability. If anything, it would provide an artificial sense of safety while hurting the ability of consumers to use the same services. Indeed, jihadists have even built security software of their own. As the group Recorded Future notes, in 2007, a group called the Global Islamic Media Front created a desktop encryption software suite called Asrar al-Mujahideen, or Mujahedeen Secrets. In 2014, they released a plugin called Asrar al-Dardashah for instant messaging platforms such as Google Chat, Paltalk, Yahoo, and MSN.