The ISIS guide, how to stay secure online

Which are the technological tools used by the ISIS? Do the terrorists know how to avoid the surveillance online? The ISIS guide has the replies to these questions.

In the wake of Paris attacks, intelligence agencies and law enforcement have raised again the debate about the encryption requesting IT giants to support them by introducing backdoors in their products.

But news reports of the Paris attacks have revealed that at least some of the time, the terrorists behind the attacks didn’t bother to use encryption while communicating, allowing authorities to intercept and read their messages.

Clearly the ability of law enforcement in intercepting communication is essential in fighting terrorism, the crusade against the online encryption is instrumented by part of the intelligence community. In some documented cases, the ISIS terrorists haven’t adopted the necessary measures to properly use encryption causing the exposure of their communications.

So what exactly are ISIS attackers doing for OPSEC?

Wired has published an interesting post to respond the question, it started from an ISIS guide to operational security that was available online.

The ISIS guide, which is written in Arabic, alongside with other documents were analyzed by Aaron Brantly and other researchers with the Combating Terrorism Center at West Point’s military academy.

The documents provide a long series of suggestion to the members of the organization to avoid online surveillance, for example it bans the use of Instagram meanwhile it suggests dozens of privacy and security applications, including the Tor browser and the Tails distro, Cryptocat, Wickr, and Telegram encrypted messaging systems, Hushmail and ProtonMail email services, and RedPhone and Signal for encrypted phone communications.

The ISIS guide includes most of the recommendations provided by civil liberties, privacy defender, and journalist groups when dealing with surveillance operated by many regimes across the world.

“The documents indicate that the jihadis have not only studied these other guides closely, but also keep pace with the news to understand the latest privacy and security vulnerabilities uncovered in apps and software that could change their status on the jihadi greatest-hits list.” states Wired.

The ISIS guide invites members of the organizations to use Gmail only with false credentials and in conjunction with the Tor network or by protecting the access with a VPN (of course avoiding US VPN providers). The use of mobile OS is considered secure when data connections are routed through the Tor network.

In the list of the banned applications, there are also the Apple’s iMessage and WhatsApp, despite both implements end-to-end encryption the jihadists believe that companies spies on behalf of the US Government.

It also warns that mobile communications can be intercepted and recommends followers to use crypto phones like Cryptophone or BlackPhone instead.

“Instead of buying the [expensive] Blackphone, they’re trying to hack their own devices and route traffic through Tor,” explains Brantly who added that the ISIS demonstrating an increasing interest in hacking . “There’s a whole section on hacking [in the ISIS forums],” Brantley says. “They’re not super-talented hackers, but they’re reasonable.”

The manual also provides instructions to disable location services and geotagging when using mobile apps or taking photos and videos.

Dropbox is on the black list because Edward Snowden’s revelations, and because former Secretary of State Condoleezza Rice is on the company’s investors board.

“It uses a lot Services “Alclaud” or cloud services to store their files and photographs or make a backup copy of important and non-important files, and perhaps the most popular service in this area is a service Dropbox Drop Box, which joined Condoleezza Rice of the Council of your managed recently and is known to fight for privacy and support the absolute spy mail, so Adraor Snowden advised not to use the service and considered it .dangerous to personal security and privacy Here we put alternative and safe services and less than the paths of Xbox in .terms of space and features but much better ones”

Mega Services, SpiderOak service, SugarSync service and Copy.com service are cloud storages suggested in the manual.

“This is about as good at OPSEC as you can get without being formally trained by a government,” Brantly, a cyber fellow with the West Point center, told WIRED. “This is roughly [the same advice] I give to human rights activists and journalists to avoid state surveillance in other countries. If they do it right, then they can become pretty secure. [But] there’s a difference between telling somebody how to do it and then [them] doing it right.”

The manual provides instruction to assume a secure posture online avoiding to be infected by malware or get hacked. It suggests to carefully manage suspicious email and provides detailed instructions on how to set up a private Wi-Fi network.

Interesting the use of mobile apps like FireChat to share photos and text at short distances without needing to access the Internet.

Let’s close with two further elements emerged from the analysis of the ISIS guide, there is no reference to the use of gaming console as messaging platforms, neither the use of home-brewed encryption programs developed by ISIS members.

Pierluigi Paganini

(Security Affairs – ISIS, ISIS guide)