Pierluigi Paganini
May 12, 2016
“While Osama Bin Laden had his fingers on the trigger, his children have their fingers on the mouse.”
Intro
Until now people have fought for food, water or territory, but today the definition and motivation of fighting is changed i.e. terrorism. Terrorists often strike soft targets such innocent citizens and government infrastructure. The aim of terrorists is to turn people against the government. Terrorists are ahead of the Law Enforcement Agencies adapting to latest changing technology and use it as a medium to spread terror across the globe. In the recent past, terrorists had been physically present to carry out acts of terrorism. But with the advent of technology, they have changed their strategies and converted themselves into high-tech & sophisticated groups to name a few like ISIS and Al Qaeda. They have their own cyber cells and command & control centers, which are used to monitor and control their activities. This article throws light on covert communication techniques used by terrorists to communicate using various techniques.
Prologue
The increased dependency on communication and data networks, storage of information in cyber domain and their vulnerabilities to the outside world, lack of mutual consent between countries on effective control of operations in cyber domain has brought a new type of threat. Cyberspace the fifth space of warfare after land, sea, air, and space is all about the computer networks in the world and everything they connect and control via cable, fiber-optic or wireless. The internet is used for interconnecting people, including terrorists who are amongst the first to use the latest technologies even before the government agencies.
The Hyderabad Police arrested three students on 26 Dec2015 for allegedly planning to join ISIS and had “decided” to meet separatist leader Asiya Andrabi’s to seek her help to enter Pakistan-occupied Kashmir e route to Syria. ‘Youtube’ was used as a communication medium to seek help from Asiya Andrabi. In another case Delhi Police on 29 Dec 2015 arrested a former Indian Air Force official from Punjab for allegedly sharing secret documents with Pakistan’s ISI after he was “honey trapped” by a woman with links to the spy agency. Ranjith was allegedly introduced to the spy ring by an unidentified woman whom he had met over a social networking site and shared information through a fake ‘Facebook’ account.
In May 2015, when two terrorists attempted to kill a whole bunch of people in Garland, Texas, they were stopped by local law enforcement it was revealed that the morning before one of those terrorists exchanged 109 messages with an overseas terrorist. The government agencies replied, “We have no idea what he said because those messages were encrypted. That’s a big problem, and we have to grapple with it.” So here encryption played a role in the obstruction and helped in secure communication between the terrorists. In Paris Massive attack ISIS used encrypted communications via TOR and social media. For communication purpose, they used Telegram like apps, which securely communicate the messages to the other group members involved in that attack.
During the Mumbai attacks on November 2008, 10 Pakistani members of Lashkar-e-Taiba, an Islamic militant organization based in Pakistan, carried out a series of 12 coordinated shooting and bombing attacks lasting four days across Mumbai. They used GPS based maps; Satellite based phones for the communication purpose and live telecasts to monitor the event. The communication medium changed during every stage the attack. Thus it becomes very difficult for the Law Enforcement Agencies to hunt them down.
A study has shown that the commonly terrorists communicate through normal network channel using secret encoding techniques, which may not be traced out by Intelligence agencies i.e. Steganography and Hidden watermarking. These techniques with high tech encrypted communication may not be traced out through interception. They have analyzed the various social media platforms and categorized them so that their sympathizers can use these platforms with caution.
Practical Case Study Scenarios
High tech terrorist groups like LET, ISIS, etc. are using techniques such as steganography and watermarking for communicating covertly with each other. Some of the examples are discussed with actual implementations.
DTMF & Morse Code For Covert Communication Of Code Exchange
A person had recently identified as a suspected terrorist named Tom Corty. He was suspected of stealing missile activation codes from the Air force, which were handed to officials for a brief period of time. If suspect misuses the code then Air force may have to face some serious trouble. Thumb drive of Tom was found in formatted state and the same was used to store the activation code. Fortunately, the system had made a backup image of the drive. One of the Investigators handles this case, for getting activation code details.
The file name is win7.bak, which is back up of windows FAT file system machine. Investigator creates an image file of that backup file for fetching potential artifacts.
Found Encrypted Archive File
DTMF Code Audio File Is There In Encrypted Archive File
DTMF Code is Decoded
The Code Is Decoded i.e. AA6B A4A8 3C67 DDC7
Thus investigator successfully fetched the activation code detail from the above-mentioned code.
Barcodes or Qr Codes For GPS Coordinates or Location, Map, Auto Message
Barcode generally has 12- to 20-digit number. It is primarily used for serial numbers, pricing and inventory control of the products worldwide. The most common barcode in North America is the 12-digit Universal Product Code (UPC) code. UPC codes used with groceries and books and could be used to track any merchandise if needed. Marketers track consumer choices by analyzing what they are purchasing. With the advent of free barcode scanners on mobile devices, marketers can also pinpoint what age groups are buying what.
But barcode or Quick response code may also be used for communication too. If any terrorist group wants to communicate via covert communication, they can use this technology as a secure message passing system. Figure below shows the meeting will be held at Theatre Royal at 24 February 2016.
Qr Code of Meeting Place
Conclusion
Thus from the above case studies, it can be understood that terrorist can use high-tech medium of covert communication channels for passing their secrete messages to their group members. It is also important that the investigator should have out of the box thinking capability to understand the modus operandi and technology. The secret is no more secret when it comes to proper intelligence and applying novel detection strategies to identify the secrecy.
Written by: Mr. Nilay Mistry
Author Bio: Mr. Nilay Mistry working as Assistant Professor and PG Course Coordinator at Institute of Forensic Science, Gujarat Forensic Sciences University. He is actively involved in various research projects in cyber forensics. He is also involved in capacity building of various LEAs, Military & Para Military forces of India and International Police and Intelligence agency.
[adrotate banner=”9″]
(Security Affairs – terrorists, cyber security)
