ISIS JIHAD LEARNS SECURITY MEASURES FROM OPSEC

ISIS Jihad Learns Security Measures from OPSEC

Investigators, government officials, intelligence, and law enforcement agencies are all scrambling for answers after the recent Paris attacks. The main question is, how were Jihadist’s able to pull off this attack without detection? Another key question is, what security measures are they using and what counter actions do we need to take to prevent future attacks?

US officials claim that ISIS attackers used encryption and anti-surveillance technologies to shield themselves from detection.1 The same officials even suggested that Apple and Google could be responsible for the attacks because of their refusal to unlock customer phones. They argue that more attacks could be thwarted if they were allowed backdoor access to all customer phones as well as allowed to decrypt protected communications.

Yet, authorities from Paris are hinting at the fact that some of the terrorists didn’t even encrypt their phones or use protected anti-surveillance technology. Reports are also suggesting that when terrorists do use encryption, the technology they use tends not to be as secure as they thought it was, or it was not configured properly.2  

Since the Paris attacks, investigators have been able to locate some of the suspects’ hideouts using data collected from abandoned cellphones. According to the French publication “Le Monde,” one of those abandoned phones was found in a trashcan outside of the Bataclan concert hall. Investigators were able to access the phone and track its movements before the attack. This led them to a Paris safe house in a suburb where suspects were hiding and resulted in an hours-long shootout that ended in suspects either being killed or surrendering. Officials later discovered that these suspects were in hiding and had planned a second attack. 3  

Paris Officials are also reporting that an attack was prevented in Belgium last January because of a phone found in Syria. The Belgium attack was masterminded by Abdelhamid Abaaoud, who also planned the Paris attacks. Abaaoud’s recovered phone was unencrypted and gave investigators the information that they needed to prevent the Belgium attack. This phone was also the source of the now infamous video of Abaaoud torturing victims of another attack he planned.  

The Jihadists have definitely made some security mistakes in the past that gave officials the opportunity to prevent attacks. Unfortunately, the Paris attack tells us that at least some of the terrorists likely do have the ability to secure their tech now. In fact, ISIS recommends that followers use the OPSEC’s 34-page guide to ensure that. This is a guide about how to keep your communications, data, and locations private. The guide also informs people how to protect personal identities, the identity of informants and other sources, and how to maintain the integrity of research and writing.

The guide was originally written for journalists and political activists in Gaza by a Kuwaiti security company called Cyberkov. ISIS has modified the guide to make it more “ISIS friendly” by translating it into Arabic. The manual also offers advice, instruction, and recommends dozens of privacy and security sites, applications, and services.

For example, the manual recommends using the Tor browser, the Tails operating system, Cryptocat, Wickr, and Telegram for encrypted chat tools. For email, the guide recommends using Hushmail or ProtonMail. Gmail is only okay if the user sets up a false account and it’s used in tandem with the Tor browser or other private networks. To ensure phone calls are encrypted, they recommend using the RedPhone, Cryptophone, BlackPhone, or Signal app.

The guide advises against using Instagram because mobile communication can be intercepted. The app’s parent company (Facebook) has a bad track record with privacy and the app archives the location of each photo. It’s also recommended to turn off your mobile’s GPS function and instead using the Mappr app which falsifies location data.

When sending documents, the manual encourages members to stay away from using Dropbox. The site has potential security risks for ISIS because of the company’s ties with former US Secretary of State, Condoleezza Rice. The key here for ISIS is to use secure communications methods to hide their identities and locations as long as possible.  

The revised manual and other documents found on social forums indicate that Jihadists are keeping up on security trends, news, and resources. That will no doubt help them keep up on the latest privacy and security measures. It’s clear that anyone working to prevent future attacks must stay a step ahead in intelligence if they are to detect plans being made and stop future ISIS attacks.

1. http://www.bbc.co.uk/news/technology-34910649 2. Ibid 3. https://grahamcluley.com/2015/11/edellroot-huge-security-hole-shipped-dell-laptops-pcs-need-know/?utm_source=Cluley&utm;_campaign=01479aa96b-Graham_Cluley&utm;_medium=email&utm;_term=0_8106850f4a-01479aa96b-62331205

Share