They remind their members to always check “location services” to make sure their phones won’t reveal where they are. They urge them not to use Instagram because it’s owned by Facebook, which “has a bad reputation in the protection of privacy.” And they ask that no one use Dropbox, because former Secretary of State Condoleezza Rice is part of its board of investors, and Edward “Snowden advised not to use the service.”
These are just a few of the extensive security tips from a 32-page Arabic document that analysts at the Combating Terrorism Center, an independent research group at the U.S. Military Academy at West Point, have discovered after about a year of monitoring several known Islamic State online forums. The instructional guide was first published a year ago by a Kuwaiti security firm named Cyberkov to teach journalists and political activists how to protect their indentities and communications. Since then, it has been adopted by members of the Islamic State. The document includes a list of links and descriptions to over 40 consumer products that help secure written and spoken communications on almost every digital platform — the type of thing that would make online security advocates proud.
In the days following the Nov. 13 terrorist attacks in Paris that killed 129 people, an act for which IS has taken credit, it became clear that U.S. intelligence agencies are finding it increasingly difficult to track communication among the terrorist organization’s members. As Yahoo News reported last week, many officials have blamed the group’s adoption of sophisticated encryption software, such as the web browser Tor or the messaging app Telegram, for the inability to identify potential threats. In an October congressional hearing, FBI Director James Comey characterized this concerning new development as the group’s ability to “go dark.”
“With every platform they’ve been using there has been some sort of scrutiny, you saw that very clearly with Twitter as the accounts are regularly suspended,” Laith Alkhouri, director of terrorist activity tracking at deep-Web research firm Flashpoint Partners, told Yahoo News. “Now they’ve shifted to encrypted chatting platforms.”
Since its launch in 2013, IS has been largely known for its gruesome, well-produced videos and pervasive social media presence — efforts that have helped brand it as both a terrifying and innovative terrorist group. But now that the Islamic State has caught the world’s attention, its Web-savvy media operatives have becoming increasingly careful to secure their communications. A member’s ability to encrypt, analysts tell Yahoo News, is an important factor in how the organization values him or her as an operative. As a result, members are learning these tools faster, creating a much bigger problem for intelligence agencies trying to track their communications.
IS’s school of encryption includes a metaphorical 24-hour Jihadi Help Desk, as NBC’s Josh Meyer reported on Monday. Headed by a group of at least five core members with extensive technical training, it acts as a support system for those interested in joining the jihadi movement. Day or night, interested members can connect with the group to ask for help with securing their communications — whether that means changing the location metadata on photos they’ve taken or finding the most secure way to store information in the cloud.
“If you’re planning on going to Iraq or Syria on a flight and you’re looking up plane tickets, it’s probably not a good idea to look it up in the clear,” Aaron F. Brantly, a counterterrorism analyst at the CTC, told Yahoo News. “So [the Help Desk] says, go through the Tor network, use a VPN. If you want to communicate with your brother or sister who is fighting at the front, root [or gain control over the software in] your Android phone.”
For a good number of people who use the hotline, that’s where the tutorial ends. But Brantly says that his team has also identified several high-level members of IS’s media wing, the Al-Hayat Media Center, using the information in these tutorials as a way to spread propaganda more securely. In some cases, Alkhouri reports, group chats on Telegram that are specifically dedicated to propaganda can have up to 16,000 members, and are growing by the thousands every day.
Members of IS also use these platforms while engaging in real-time operations in Iraq or Syria, according to Brantly. But the bar that members must clear to be included in these forums is much higher. After using a Tor Web browser, a fake phone number, a fake email address and fake identity to sign up for an encrypted messaging platform, one is invited into a group chat centered around a specific goal. (For instance, Brantly says he’s spent a year monitoring a Telegram group whose sole purpose is to plan out minor cyberattacks on websites.) But to be fully accepted requires participating in a series of discussions intended to vet your beliefs. These can range from discussion about various religious edicts to terrorist incidents to specific battles. Some of the mainstay moderators of these groups may, at times, ask to chat using Telegram’s one-on-one “secret chat” feature, which uses end-to-end encryption, a process that jumbles the content of a message from both the sending and receiving ends.
“They actually explicitly say these are non-trust-based groups in general, so you have to wait to build that trust up in a non-open-forum sort of situation,” Brantly said. “In a non-help-desky way, if you will.”
In a meta way, IS has employed these chatrooms for discussions about security itself. One Telegram-based forum, populated mostly by men from ages 18 to 35, has spearheaded the conversation on heightening security standards, discussing which consumer products are best for various types of phones or computers. Others discuss how extensive encryption precautions need to be taken for a given piece of information, using encryption rates as substantial as 128-bit or 256-bit — levels that require considerable computing power in order to decode. Brantly says that over time, members of this group distill the wisdom into long instructional packets (like the one included in this piece) or YouTube and Vimeo tutorials.
“I’m certainly seeing more messages from more tech-savvy jihadists urging others to use more secure messaging platforms and to avoid leveraging their information on social media,” Alkhouri said. “Some people are even saying avoid Twitter in general, because that could give out your location, especially for fighters on the ground.”
Though intelligence officials have yet to discover how the attack on France’s capital was organized, it’s clear they had no inkling it would take place. And along with this tragedy, a new revelation about IS has come to light: An organization that was once famous for being everywhere on the Internet has now learned to be in as few traceable places as possible.
“They essentially try to eliminate all the digital breadcrumbs along the way,” Brantly said.
This piece has been updated to include the original source of the encryption guide.