Supporters of the terrorist group Islamic State (Isis) are shunning sophisticated security and encryption software, including the Tails operating system and the Tor network, which could be used to cover their tracks when viewingterrorist propaganda online, communications between jihadi sympathisers have revealed.
The 10 most important things you need to know about GDPR, and a jargon-buster explanation for some of the key terminology.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.
The disclosures come as the UK government prepares to introduce new restrictions on encryption following the terrorist attacks that killed more than 20 people, including children, at a concert in Manchester, and killed eight andinjured 47 at London Bridge.
Isis has claimed responsibility for the Manchester and London attacks and has also been linked to atrocities in Paris, Germany and Brussels.
Confidential messages show that Isis supporters had little interest in encryption techniques to hide their web browsing activities, or to createa secureversion of propaganda websites that would be difficult for law enforcement to censor or take down.
The messages between supporters recovered by police and the FBI investigating an internet terrorist reveal that Isis supporters preferred method of communication is mobile phone apps Telegram Threema, ChatSecure and Signal, which are designed for people with little or no technical knowledge.
Internet terrorist Samata Ullah communicated with Isis supporters on a Telegram discussion group known as the Khayr group. Police also retrieved a guide to ChatSecure, another mobile phone chat app, from Ullahs computer.
Ullah, who was jailed for eight years in May 2017 after posting encryption training videos on an Islamist blogsite, sent messages to an unidentified Isis supporter raising concerns that the terror groups supporters were not using more secure communications tools.
I dont know Akhi [brother], he wrote. It seems they have some bad info. They refuse to use Wikr [a mobile phone messaging system] and tails. They say threema is the best, then signal, and in extreme case chat secure [sic].
Ullahs Isis contact replied: And they say telegram with virtual sim or open vpn is enough protection.
Another message reads: Dawla [Isis] security groups seem to be very stubborn and not very flexible.
It was only when one of Ullahscontacts inKenya was arrested on 29 April 2016 that attempts were made to persuade fellow Isis supporters to adopt stronger forms of encryption.
The Kenyan said in a letter smuggled out of prison: Tell all KN [Khalifa News] and CCA [Cyber Caliphate Army] teams to be very careful online. It is very much advisable that phones be avoided & instead use PCs with TOR and TAILS.
Many Isis supporters, who often refer to themselves as fanboys, have little technical knowledge and it is difficult to convince them to use encryption software, one counter-terrorism organisation told Computer Weekly.
They have experimented a couple of times with ZeroNet and Onion [Tor] sites on occasions, but those sites are usually very short-lived, a spokesman said, speaking on condition of anonymity. While there are some tech savvy supporters, the majority of their fan base is not very tech savvy and trying to get a newbie to not only understand ZeroNet and Tor but to actually use them consistently is a challenge.
Isiss policy is to saturate the internet with ideas and jihadi content, through social media platforms such as Twitter, according to a report by counter-terrorism think-tank Quilliam.
The terror group distributes daily videos and photographs, which are circulated as widely as possible through self-appointed distributors, often with no official connection to the organisation.
Islamic State has revolutionised jihadist messaging by jettisoning operational security in the pursuit of dynamism, Quilliam reports in a study, The Virtual Caliphate: Understanding Islamic States Propaganda Strategy.
Ullah proposed using ZeroNet which uses BitTorrent peer-to-peer networking and integrates with the Tor secure internet network to create a secure version of a pro-Islamic blogsite, Ansar al Khilafah (Supporters of the Caliphate).
The WordPress propaganda blogsite had attracted interest from the UKs media arm of Isis, according to messages recovered by investigators.
The head of English Islamic State media wants to have the right to proofread all content before it is published on the wordpress in future, one Isis supporter told Ullah. If you would agree to it, they would promote the wordpress.
Ullah replied: Sure. thats good.
But in a series of exchanges, it becomes clear that Isis had no interest in using ZeroNet to create a version of the blog that would be difficult for law enforcement to censor or take down.
An Isis supporter told Ullah: First thing is, the brother almost completely dismissed the idea of zero net. So you will either have to give up the idea or try and convince them.
David Wells, a former GCHQ intelligence officer, told Computer Weekly that mobile phone apps offered a more practical alternative to ZeroNet, Tails and Tor for Isis supporters that may not have technical expertise.
More secure technologies are rarely easy to use, and pragmatically any terrorist group would rather their networks were using something pretty secure than not communicating [at all] when needed or doing something stupid like [sending an] SMS, he said.
A forensic report revealed that Ullahs ZeroNet version of the Answar al Khilafah blog did not work in practice.
ZeroNet would have been cumbersome to use for Isis supporters who were used to exchanging news on social media. It required each user to download the blogs contents, including the Isis magazine Dabiq, onto their own computer, putting them at risk of possession of terrorist materials.
Correspondence recovered from Ullahs computer equipment revealed that he had struggled to find a way to update the ZeroNet version of the site without writing code for each update, and to find ways of displaying videos and other feature-rich content.
Isis favours the mobile app Telegram as a platform for sharing propaganda and for group discussions because it has the ability to create public channels that unlimited numbers of people can view, according to the counter-terrorism specialist.
Isis members begin by creating a private distribution channel on Telegram which is restricted to a few people. These members are responsible forcopying messages from the private channels to publicly advertised open channels, where teams of people then share them through disposable Twitter and social media accounts.
The public channels usually have multiple backups to keep the data flowing if one of them gets suspended by Telegram administrators, said the specialist. Since the private channels have no links to join, they are considered private by Telegram and therefore wont be shut down.
Telegram is said to take down an average of 100 to 200 public Isis channels a day, but Isis creates multiple back-ups of each channel to keep data flowing.
However, the messaging service does not take down private discussion groups between Isis supporters because they are not publicly accessible, said the counter-terrorism specialist.
Encrypted communications is pretty much all they [Isis] do. Id say if theyre not using a walkie-talkie or a cell phone, theyre on one of the encrypted [mobile] apps.
If Isis had taken up ZeroNet, it may have drawn the intelligence services attention to its activities, Wells told Computer Weekly.
If a terrorist group chooses a bespoke or unusual communications provider or service, then this has huge challenges for the intelligence services but it also allows them to focus their efforts, he said.
Experimenting with unproven systems is likely be a low priority for Isis commanders in Syria, who have to deal with the day-to-day realities of civil war with the Assad regime and US drone strikes, said Ross Anderson, professor of computer security at Cambridge University.
If I was running Daeshs technology and some foot soldier says why dont we use ZeroNet, I would say get lost, I have far more interesting and important things to do, said Anderson. Why should I spend weeks investigating this stuff and seeing if it works?
Isis may be avoiding Tor and Tails for similar reasons. The US National Security Agency (NSA) and the UKs GCHQ could narrow down the search for Isis supporters if the terror group started using specialist applications such as Tails and Tor.
Anderson said: They could just harvest all the Tails users in the observable universe and de-dupe them against lists of known users, look for all the new ones and go searching for those.
Isis has used a variety of techniques to avoid detection. During the attack on the Bataclan theatre in Paris in November 2015, terrorist teams used multiple pre-paid burner phones, which they instantly discarded.
Investigators found a crates worth of disposable phones, an investigation by the New York Times has revealed. They used only new phones that they would then discard, including several activated minutes before the attacks, or phones seized from their victims, it said.
Although investigators concluded that the attackers were likely to have used encryption software, no evidence of it was found.
Read more:
Islamic State supporters shun Tails and Tor encryption for Telegram - ComputerWeekly.com
- WhatsApp overhauling status tab with encrypted Snapchat Stories-like feature - 9 to 5 Mac [Last Updated On: February 21st, 2017] [Originally Added On: February 21st, 2017]
- GOP demands inquiry into EPA use of encrypted messaging apps - CNET [Last Updated On: February 21st, 2017] [Originally Added On: February 21st, 2017]
- Encryption Apps Help White House Staffers Leakand Maybe Break the Law - WIRED [Last Updated On: February 21st, 2017] [Originally Added On: February 21st, 2017]
- World Wide Web Creator Calls for Internet Decentralization & Encryption - The Data Center Journal [Last Updated On: February 21st, 2017] [Originally Added On: February 21st, 2017]
- What It Means to Have an 'Adult' Conversation on Encryption - Pacific Standard [Last Updated On: February 21st, 2017] [Originally Added On: February 21st, 2017]
- Confide in me! Encryption app leaks sensitive info from Washington DC - SC Magazine UK [Last Updated On: February 21st, 2017] [Originally Added On: February 21st, 2017]
- Gmail v7.2 Prepares to Add Support for S/MIME Enhanced Encryption - XDA Developers (blog) [Last Updated On: February 26th, 2017] [Originally Added On: February 26th, 2017]
- Top 6 Data Encryption Solutions - The Merkle [Last Updated On: February 26th, 2017] [Originally Added On: February 26th, 2017]
- Your Guide to the Encryption Debate - Consumer Reports - ConsumerReports.org [Last Updated On: February 26th, 2017] [Originally Added On: February 26th, 2017]
- Google helps put aging SHA-1 encryption out to pasture - Engadget [Last Updated On: February 26th, 2017] [Originally Added On: February 26th, 2017]
- Decipher your Encryption Challenges - Infosecurity Magazine [Last Updated On: February 28th, 2017] [Originally Added On: February 28th, 2017]
- How the Politics of Encryption Affects Government Adoption - Freedom to Tinker [Last Updated On: February 28th, 2017] [Originally Added On: February 28th, 2017]
- How Encryption Makes Your Sensitive Cloud-Based Data an Asset, Not a Liability - Security Intelligence (blog) [Last Updated On: February 28th, 2017] [Originally Added On: February 28th, 2017]
- Set up VMware VM Encryption for hypervisor-level security - TechTarget [Last Updated On: February 28th, 2017] [Originally Added On: February 28th, 2017]
- How The Media Are Using Encryption Tools To Collect Anonymous Tips - NPR [Last Updated On: February 28th, 2017] [Originally Added On: February 28th, 2017]
- Encryption patent that roiled Newegg is dead on appeal | Ars Technica - Ars Technica [Last Updated On: February 28th, 2017] [Originally Added On: February 28th, 2017]
- Research proposes 'full-journey' email encryption - The Stack [Last Updated On: March 1st, 2017] [Originally Added On: March 1st, 2017]
- Database-as-a-service platform introduces encryption-at-rest - BetaNews [Last Updated On: March 1st, 2017] [Originally Added On: March 1st, 2017]
- Encrypted Messaging Service 'Signal' Adds Video Call Option - Top Tech News [Last Updated On: March 2nd, 2017] [Originally Added On: March 2nd, 2017]
- Germany, France lobby hard for terror-busting encryption backdoors ... - The Register [Last Updated On: March 2nd, 2017] [Originally Added On: March 2nd, 2017]
- How to Send Encrypted Nudes, a Guide for the Discerning Lover - Inverse [Last Updated On: March 2nd, 2017] [Originally Added On: March 2nd, 2017]
- Ironclad Encryption Corporation Announces New Ticker Symbol OTCQB: IRNC - Yahoo Finance [Last Updated On: March 2nd, 2017] [Originally Added On: March 2nd, 2017]
- The Best Email Encryption Software of 2017 | Top Ten Reviews [Last Updated On: March 2nd, 2017] [Originally Added On: March 2nd, 2017]
- No, you shouldn't delete Signal or other encrypted apps - TechCrunch [Last Updated On: March 11th, 2017] [Originally Added On: March 11th, 2017]
- Best encryption software: Top 5 - Computer Business Review [Last Updated On: March 11th, 2017] [Originally Added On: March 11th, 2017]
- Encryption Backdoors, Vault 7, and the Jurassic Park Rule of Internet Security - Just Security [Last Updated On: March 11th, 2017] [Originally Added On: March 11th, 2017]
- That Encrypted Chat App the White House Liked? Full of Holes - WIRED [Last Updated On: March 11th, 2017] [Originally Added On: March 11th, 2017]
- What the CIA WikiLeaks Dump Tells Us: Encryption Works - New York Times [Last Updated On: March 11th, 2017] [Originally Added On: March 11th, 2017]
- Snake-Oil Alert Encryption Does Not Prevent Mass-Snooping - Center for Research on Globalization [Last Updated On: March 11th, 2017] [Originally Added On: March 11th, 2017]
- Customer Letter - Apple [Last Updated On: March 11th, 2017] [Originally Added On: March 11th, 2017]
- Don't Let WikiLeaks Scare You Off of Signal and Other Encrypted Chat Apps - WIRED [Last Updated On: March 12th, 2017] [Originally Added On: March 12th, 2017]
- BT to offer customers encryption service for data - Capacity Media (registration) [Last Updated On: March 12th, 2017] [Originally Added On: March 12th, 2017]
- Encryption - technet.microsoft.com [Last Updated On: March 12th, 2017] [Originally Added On: March 12th, 2017]
- Use FileVault to encrypt the startup disk on ... - Apple Support [Last Updated On: March 12th, 2017] [Originally Added On: March 12th, 2017]
- Viber launches secret chats to go beyond encryption - SlashGear [Last Updated On: March 13th, 2017] [Originally Added On: March 13th, 2017]
- Zix wins 5-vendor email encryption shootout - Network World [Last Updated On: March 13th, 2017] [Originally Added On: March 13th, 2017]
- A lesson from the CIA WikiLeaks dump: Encryption works - The Seattle Times [Last Updated On: March 13th, 2017] [Originally Added On: March 13th, 2017]
- What the CIA WikiLeaks Dump Tells Us: Encryption Works - NewsFactor Network [Last Updated On: March 18th, 2017] [Originally Added On: March 18th, 2017]
- Panicked Secret Service Says It Lost Encrypted Laptop But It's Fine, Everything's Fine - Gizmodo [Last Updated On: March 18th, 2017] [Originally Added On: March 18th, 2017]
- Google Cloud adds new customer-supplied encryption key partners ... - ZDNet [Last Updated On: March 18th, 2017] [Originally Added On: March 18th, 2017]
- Preseeding Full Disk Encryption - Linux Journal [Last Updated On: March 18th, 2017] [Originally Added On: March 18th, 2017]
- Bypassing encryption: 'Lawful hacking' is the next frontier of law enforcement technology - Boston Business Journal [Last Updated On: March 18th, 2017] [Originally Added On: March 18th, 2017]
- SecurityBrief NZ - Gemalto introduces on-prem encryption key solution for 'highly regulated' organisations - SecurityBrief NZ [Last Updated On: March 21st, 2017] [Originally Added On: March 21st, 2017]
- 'Always Be Concerned': US Court Slaps Down Fifth Amendment Defense of Encryption - Sputnik International [Last Updated On: March 21st, 2017] [Originally Added On: March 21st, 2017]
- Quantum Key System Uses Unbreakable Light-Based Encryption to Secure Data - Photonics.com [Last Updated On: March 21st, 2017] [Originally Added On: March 21st, 2017]
- Wikileaks Only Told You Half The Story -- Why Encryption Matters More Than Ever - Forbes [Last Updated On: March 21st, 2017] [Originally Added On: March 21st, 2017]
- EPA Sued For Withholding Info On Encrypted Text Messages | The ... - Daily Caller [Last Updated On: March 22nd, 2017] [Originally Added On: March 22nd, 2017]
- Opinion Data encryption efforts ramp up in face of growing security threats - Information Management [Last Updated On: March 22nd, 2017] [Originally Added On: March 22nd, 2017]
- Bypassing encryption: Lawful hacking is the next frontier of law enforcement technology - Salon [Last Updated On: March 22nd, 2017] [Originally Added On: March 22nd, 2017]
- NeuVector Announces Container Visualization, Encryption, and Security Solution for NGINX Plus - DABCC.com [Last Updated On: March 23rd, 2017] [Originally Added On: March 23rd, 2017]
- Is encryption one of the required HIPAA implementation specifications? - TechTarget [Last Updated On: March 23rd, 2017] [Originally Added On: March 23rd, 2017]
- Paper Spells Out Tech, Legal Options for Encryption Workarounds - Threatpost [Last Updated On: March 23rd, 2017] [Originally Added On: March 23rd, 2017]
- Encryption debate needs to be nuanced, says FBI's Comey - TechTarget [Last Updated On: March 25th, 2017] [Originally Added On: March 25th, 2017]
- Comey Renews Debate Over Encryption - 550 KTSA [Last Updated On: March 25th, 2017] [Originally Added On: March 25th, 2017]
- UK minister says encryption on messaging services is unacceptable - Reuters [Last Updated On: March 28th, 2017] [Originally Added On: March 28th, 2017]
- The why and how of encrypting files on your Android smartphone - Phoenix Sun [Last Updated On: March 28th, 2017] [Originally Added On: March 28th, 2017]
- UK targets WhatsApp encryption after London attack - Yahoo News [Last Updated On: March 28th, 2017] [Originally Added On: March 28th, 2017]
- Critical flaw alert! Stop using JSON encryption | InfoWorld - InfoWorld [Last Updated On: March 28th, 2017] [Originally Added On: March 28th, 2017]
- SecureMyEmail is email encryption for everyone - TechRepublic - TechRepublic [Last Updated On: March 28th, 2017] [Originally Added On: March 28th, 2017]
- Apple iOS 10.3 will introduce encryption which makes it MORE difficult for cops and spooks to crack into ISIS nuts ... - The Sun [Last Updated On: March 29th, 2017] [Originally Added On: March 29th, 2017]
- How to Analyze An Encryption Access Proposal - Freedom to Tinker [Last Updated On: March 29th, 2017] [Originally Added On: March 29th, 2017]
- Questions for the FBI on Encryption Mandates - Freedom to Tinker [Last Updated On: March 29th, 2017] [Originally Added On: March 29th, 2017]
- Justice Department anti-terror chief keeps pressing on encryption - Politico (blog) [Last Updated On: March 29th, 2017] [Originally Added On: March 29th, 2017]
- UK government can force encryption removal, but fears losing, experts say - The Guardian [Last Updated On: March 29th, 2017] [Originally Added On: March 29th, 2017]
- Encryption FAQs [Last Updated On: March 29th, 2017] [Originally Added On: March 29th, 2017]
- Why isn't US military email protected by standard encryption tech? - Naked Security [Last Updated On: April 9th, 2017] [Originally Added On: April 9th, 2017]
- How have ARM TrustZone flaws affected Android encryption? - TechTarget [Last Updated On: April 9th, 2017] [Originally Added On: April 9th, 2017]
- Keeping the enterprise secure in the age of mass encryption - Information Age [Last Updated On: April 9th, 2017] [Originally Added On: April 9th, 2017]
- Lack of encryption led to Dallas siren hack - WFAA [Last Updated On: April 12th, 2017] [Originally Added On: April 12th, 2017]
- Internet Society tells G20 nations: The web must be fully encrypted - The Register [Last Updated On: April 12th, 2017] [Originally Added On: April 12th, 2017]
- Make Encryption Ubiquitous, Says Internet Society - Infosecurity ... - Infosecurity Magazine [Last Updated On: April 12th, 2017] [Originally Added On: April 12th, 2017]
- Can we encrypt the web while giving governments a backdoor to snoop? - SC Magazine UK [Last Updated On: April 12th, 2017] [Originally Added On: April 12th, 2017]
- Why we need to encrypt everything - InfoWorld [Last Updated On: April 12th, 2017] [Originally Added On: April 12th, 2017]
- Hacked Dallas sirens get extra encryption to fend off future attacks - Computerworld [Last Updated On: April 12th, 2017] [Originally Added On: April 12th, 2017]
- SHA-1 Encryption Has Been Broken: Now What? - Forbes [Last Updated On: April 14th, 2017] [Originally Added On: April 14th, 2017]
- Hewlett Packard Enterprise touts encryption tool for federal clients - The Hill [Last Updated On: April 14th, 2017] [Originally Added On: April 14th, 2017]
- Encryption on the Rise in Age of Cloud - Infosecurity Magazine - Infosecurity Magazine [Last Updated On: April 14th, 2017] [Originally Added On: April 14th, 2017]
- Lawmaker Pushes Bill That Requires Encryption by Pennsylvania State Employees - Government Technology [Last Updated On: April 14th, 2017] [Originally Added On: April 14th, 2017]
- Disk encryption - Wikipedia [Last Updated On: April 14th, 2017] [Originally Added On: April 14th, 2017]
- The apps to use if you want to keep your messages private - Recode [Last Updated On: April 15th, 2017] [Originally Added On: April 15th, 2017]