Modern field guide to security and privacy

How Islamic State militants attempt to outwit spies

A group claiming Islamic State ties is distributing manuals on a secure messaging app to help the militant group use common encryption tools to thwart government surveillance.

Reuters
A militant Islamist fighter uses a mobile to film his fellow fighters taking part in a military parade along the streets of Syria's northern Raqqa province on June 30, 2014.

Islamic State supporters have published a series of manuals to help the militants and their followers use smartphone encryption and other technologies to hide from government spy agencies. 

Though the militant group has previously released guides for using encrypted mobile apps, the new documents suggest that the terrorist organization is becoming increasingly sophisticated when it comes to the use of digital security. 

The Horizon Electronic Foundation, a group claiming Islamic State links, began distributing five Arabic-language manuals via encrypted channels on the messaging service Telegram last month. Security analysts say the releases come with the group increasingly worried about the threat of surveillance from Western intelligence agencies.

"They’ve been pushing ideas that the US government is conducting surveillance on pretty much everybody," said Matt Ortiz, head of cybersecurity at SITE Intelligence Group, a firm that tracks the activities terrorist groups. The documents send a message that militants "have to watch out" for government monitoring, Mr. Ortiz said.

The Horizon group, which first appeared in February to provide technical support to IS, calls on militants to secure their smartphone communications by installing virtual private networks, which increase security while using the Web, and a handful of security and privacy apps available on Google Play and Apple’s App Store.

Horizon also emphasizes anonymizing services such as the Tor Browser, and the e-mail encryption services ProtonMail and Tutanota.

"I warn brothers and sisters against using their personal numbers when activating any service on the Internet regardless of how secure it might be," the manual states. Horizon also lists contact information for militants who need help setting up the applications. 

What’s more, the manuals – which appear to be written in fragmented Arabic – advise militants to move away from products and encrypted apps with roots in Silicon Valley, advising militants to disavow Google Chrome and Yahoo. In one document, Horizon provides a link to an encrypted e-mail server and writes, "goodbye Google and Yahoo, Hello to encrypted e-mails."

Though the documents do not specify a reason for recommending the security protocols, the release comes as Islamic State supporters appear to increasingly wary about US digital spying efforts. Last week, Horizon released a video on its Telegram accounts that recounted the Edward Snowden leaks and warned the group’s backers to follow its technical advice – or risk being targeted and tracked.

Islamic State operatives have previously demonstrated their familiarity with tools designed to cloak online communications. For instance, The New York Times reported in March that Islamic State recruits in France had used the digital encryption program TrueCrypt to keep their communications secret. Additionally, the militant group has released a technology guide ranked the security of more than 30 chat apps – including WhatsApp, Telegram, and Signal. 

But intelligence analysts who track the group online say the availability of these manuals may still have an important impact on the way that Islamic State communicates – making the militants tougher to pin down.

"More than any other terrorist group, the Islamic State is educating its supporters about the best tools and tradecraft to use to coordinate activities – online and off," said Michael Smith II, chief operating officer at Kronos Advisory, a defense consulting firm.

The US government has acknowledged that militants are getting better at covering their tracks online. In 2014, National Security Agency Director Adm. Michael Rogers noted that terrorist groups were doing more to avoid surveillance after Mr. Snowden's disclosures. 

As Islamic State and its supporters become more expert at hiding behind technology, said Mr. Smith, "that will be increasingly difficult for authorities to thwart."

 

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.