Encryption Technology Embraced By ISIS, Al-Qaeda, Other Jihadis Reaches New Level With Increased Dependence On Apps, Software – Kik, Surespot, Telegram, Wickr, Detekt, TOR: Part IV – February-June 2015

By: Steven Stalinsky and R. Sosnow*

June 16, 2015

“The administration firmly supports the development and robust adoption of strong encryption. The President himself has acknowledged that it can be a strong tool to secure commerce and trade, safeguard private information, and promote free expression and association.  At the same time, we’re also understandably concerned about the use of encryption by terrorists and other criminals to conceal and enable crimes and malicious activity.” – White House Press Secretary Josh Earnest, June 9, 2015

Table Of Contents

  • Introduction
  • ISIS Video Details Impact Of Cyber Jihad, Mocks FBI Cyber Activity Against It
  • Encryption Apps – Surespot, Kik, Telegram, Wickr – Increasingly Used By Pro-ISIS, Al-Qaeda Elements on Twitter; WhatsApp Falls Out Of Favor
  • Pro-ISIS Group Gives Advice On Android Security
  • E-Book Distributed Via Twitter Titled ‘How To Survive In The West– A Mujahid Guide’ Includes Tips On Hiding Online Identity, Evading Surveillance, Using TOR; Continued Use Of TOR
  • British ISIS Fighter Pens Guide To Islamic State – Including Chapters On Technology; Says “Apps Such As Skype, Kik, WhatsApp And Telegram… Are Great”
  • British ISIS Fighter In Syria Tweets Warning On Honey Traps And Surveillance, Shows ISIS Electronic Lab
  • American Female ISIS Member Tweets About Life In The Islamic State, Talks To Other Jihadis About Western Authorities Monitoring Them With GPS And Google Maps
  • Pro-ISIS ‘Jihadi Media Platform’ Provides Tutorial On Cyber Security Using Detekt Tool To Identify Spyware 
  • Jihadis Continue To Move To Newest Apps, Platforms 
  • Taliban English-Language Magazine Warns Users Contacting It To Avoid Using Their Personal Email Accounts And Personal Computers

Introduction

Encrypted Messaging With Fighters In Syria Or Iraq, Or Lone Wolf Jihadis In The West – One Click Away

Anyone can now communicate securely via an untraceable throwaway smartphone, purchased online, including on Amazon. Installing an encrypted messaging app such as Kik or another of the apps highlighted in this report takes a few moments, and after that, chatting securely and secretly with an Islamic State (ISIS) fighter in Syria or Iraq, with an ISIS supporter in the West, or with one of the individuals or groups in this report is one click away. The photos below show one such phone with contacts with pro-ISIS Kik accounts; jihadis frequently share their Kik accounts on their Twitter pages.

23767
Smartphone purchased from Amazon with Kik installed gives direct, immediate access to jihadis via encrypted messaging app.  

Al-Qaeda’s Use Of Encryption – Revelations From The May 2015 Release Of The Abbottabad Documents – Bin Laden Recommends Encryption Using Al-Qaeda’s “Mujahideen Secrets” Software

As research from the MEMRI Jihad & Terrorism Threat Monitor has extensively documented, since January 2007 Al-Qaeda has been using encryption tools for its online activities, particularly for communication efforts, often utilizing security software based on military grade technology. Their goal has been to hide messages and to protect data transferred via networks, the Internet, mobile phones, e-commerce, Bluetooth, and the like. This development was in direct response to various security breaches of its websites over the years by Western government agencies.

Following the killing of Osama bin Laden in May 2011, more information on the extent of Al-Qaeda’s use of encryption became known, as it was revealed that much of the material seized at bin Laden’s compound was encrypted and stored electronically on computers, laptops, hard drives, and storage devices. Previously, Nasir Al-Wuheishi, thought to be deputy to Al-Qaeda leader Ayman Al-Zawahiri, known to have been bin Laden’s secretary, and currently a top Al-Qaeda in the Arabian Peninsula (AQAP) leader, had discussed the organization’s use of encryption software and its use for talking to recruits, planning attacks, and other strategic purposes: “For our part, we will make contact with anyone who wants to wage jihad with us, and we will guide him to a suitable means to kill the collaborators and the archons of unbelief – even in his bedroom or workplace. Anyone who wants to give support to [Al-Qaeda in the Arabian Peninsula’s] operational side and to give tithes [to the organization] can contact us through a special email [set up] for this purpose, using the ‘Mujahideen Secrets’ software and employing the proper security measures…”

The May 20, 2015 release of additional Abbottabad documents recovered from the special operations raid that killed bin Laden shed light how security conscious he and his followers were and set the tone for today’s embrace of encryption. In one letter, an individual identified as “brother Azmarai” writes, “We should be careful not to send big secrets by email. We should assume that the enemy can see these emails and [we should] only send through email information that can bring no harm if the enemy reads it. Computer science is not our science and we are not the ones who invented it.”

Also, in a letter to another sheikh, bin Laden wrote: “We will do what you said regarding the brother in the couriers: We will question him and check his background and his qualifications, may God keep you all. I previously wrote to you my opinion that we should reduce our correspondence. I have another recommendation, which is that we should encrypt our correspondence. Is it possible for the people on your end to learn the Mujahideen Secrets program? I will attach it, along with an explanation of it. Perhaps your assistants can learn it and use it in their correspondence.”

23700

As MEMRI research in this series has highlighted, Al-Qaeda’s emphasis on encryption technology has markedly increased following media accounts of Edward Snowden’s revelations of U.S government tapping into electronic communications of U.S. technology companies. In addition, jihadis have expressed hesitancy to use certain platforms and to communicate as openly as they had previously. This was especially true in the first six months following the disclosures.

ISIS Continues To Expand Its Cyber Jihad Capabilities

In previous reports, MEMRI highlighted how Al-Qaeda as well as ISIS were relying heavily on jihadis’ own encryption software. However, since the most recent MEMRI report, published in February 2015, distribution of this software among jihadis has slowed, and reliance on new Western social media apps, particularly encrypted ones, has increased.

Since its beginnings, ISIS has embraced technology and has used encryption, incorporating these as part of its daily activity and actively recruiting individuals with skills in these areas. For example, in an interview published June 4, 2015, a former computer science student from Madagascar spoke about his conversion to Islam and his decision to join ISIS: “I was studying computer science in Antananarivo university and met some brothers from India who were Muslims… After reading the Koran and the Sirah i.e. biography of Prophet Mohammad, I came to this conclusion that the Islamic State have the true methodology and truth… I decided to join Islamic State Caliphate… Now I am asked by Ameer Abu Qubaisa Al-Anbari to join the IT department because I have degree in BCS.”

On June 15, 2015, an ISIS Twitter account tweeted photos of the computer command in the “ongoing battle in jazal area,” in rural Homs, Syria.

23806

On June 13, 2015, ISIS posted photos on the Shumoukh Al-Islam jihadi forum of several suicide attackers, including a German and a Briton, who had the previous night carried out attacks in Salah Al-Din province, Iraq. One of the photos showed the fighters planning an attack on their computers.

23797

Additionally, an April 11, 2015 ISIS tweet and post on the pro-ISIS Shumoukh Al-Islam jihadi forum by the information bureau of ISIS in Iraq’s Salah Al-Din province showed the cyber operations center from which its recent attack on the Baiji oil refinery was coordinated.

23766Cyber operations center from which attack on oil refinery was coordinated.     

U.S. Government Warns About Use Of Encryption By Jihadi Groups 

Over the past month, the debate on the National Security Administration’s collection of data under the Patriot Act has included the issue of terrorists using encryption technology. At the Committee on Homeland Security’s June 3, 2015 hearing on “Terrorism Gone Viral: The Attack in Garland, Texas and Beyond,” House Committee on Homeland Security Chairman Michael McCaul gave the best description by a government official of the importance ISIS now places on encryption, specifically naming social media and messaging apps: Twitter, YouTube, Instagram, Justpaste.it, Ask.fm, Kik, WhatsApp, Wikr, SureSpot. He stated: “Aspiring fanatics can receive updates from hardcore extremists on the ground in Syria via Twitter; watch ISIS blood-lust on YouTube; view jihadi selfies on Instagram; read religious justifications for murder on Justpaste.it; and find guides to the battle field on Ask.fm. Jihadis and recruiters are mastering the ability to monitor and prey on Western youth susceptible to the twisted message of Islamist terror. They seek out users who have questions about Islam or to know what life is like inside the so-called ‘Islamic State.’ They engage established bonds of trust and assess the dedication of potential recruits.

“From there, the extremists direct users to more secure apps or secure communications, to hide their messages from our intelligence agencies. Such communications can include advice on travelling to terrorist safe-havens; contact information for smugglers into Turkey; or the membership process for joining ISIS itself. I know the officials sitting before us today are disturbed by these trends. Mobile apps like Kik and WhatsApp, as well as data-destroying apps like Wikr and SureSpot, are allowing extremists to communicate outside of the view of law enforcement. Equally worrisome are ISIS attempts to use the dark and deep web, these websites hide IP addresses and cannot be reached by search engines – giving terrorists covert means by which they can recruit fighters and intelligence, raise funds and potentially plot and direct attacks undetected.”

On May 19, 2015, a letter signed by technology industry leaders and advocacy organizations was sent to President Obama; the letter responding to statements by administration officials who it said had “suggested that American companies should refrain from providing any products that are secured by encryption unless those companies also weaken their security in order to maintain the capability to decrypt their customers’ data at the government’s request” and that “Congress should ban such products or mandate such capabilities.” The signatories – among them many of the social media companies used and relied on by ISIS, Al-Qaeda, and other jihadi groups – urged Obama to reject any proposal that U.S. companies deliberately weaken the security of their products; they included Google, Twitter, Facebook, Internet Archive, Microsoft, Apple, Dropbox, LinkedIn, Tumblr, Wikimedia Foundation, and Yahoo, as well as the ACLU, the Council on American-Islamic Relations (CAIR), and the American-Arab Anti-Discrimination Committee (ADC).

In May 20, 2015 statements at the third annual Georgetown Cybersecurity Law Institute, FBI Director James Comey called this letter “depressing,” because it “contains no acknowledgement that there are societal costs to universal encryption.” Saying that he deals every day with the threat of ISIS – where “cyber and counterterrorism merge” – he discussed the potential consequences to law enforcement of the default encryption of communications on mobile devices and computers. “The logic of universal encryption is inexorable that our authority under the Fourth Amendment… is going to become increasingly irrelevant,” Comey said.

At his May 11, 2015 State of the Cybersecurity Union talk at the Center for Cyber & Homeland Security (CCHS) at George Washington University, U.S. Cyber Command head and NSA director Adm. Michael S. Rogers said in a response to a question  about encryption and jihadi use of it: “A whole set of actors out there is increasingly using encryption as a vehicle to attempt to evade the legal and lawful framework we use both from an intelligence framework, as well as from the law enforcement side.”

Jihadi Paranoia Driven By Snowden Leaks

According to many government, military, and intelligence leaders, the data leaks by former NSA contractor Edward Snowden have emboldened jihadis online. Michael J. Morell, former deputy director and acting director of the CIA, blamed Snowden’s leaks for empowering ISIS. He wrote in his recently published book The Great War of Our Time, “ISIS was one of the terrorist groups that learned from Snowden, and it is clear his actions played a role in the rise of ISIS. In short, Snowden has made the United States and our allies considerably less safe. I do not say this lightly: Americans may well die at the hands of terrorists because of Edward Snowden’s actions.”

A February 22, 2015 tweet by “Jihadi John” – who took the name of the infamous British ISIS executioner – noted: “The NSA revelations are of extreme academic value, they’re really useful and we do operate in accordance with their uncoverings.”

23702

The Snowden leaks have also generated an extraordinary level of paranoia among jihadis. For example, on December 13, 2014, the Islamic State (ISIS) issued an order banning all of its fighters from using devices equipped with GPS, particularly Apple devices, since those, it said, were particularly “dangerous.” Also, on May 20, 2015, warnings were tweeted about GPS in the battery of Samsung Galaxy smartphones: “#Warning, #Very_Urgent, beware… Oh lions of the Islamic State, Galaxy’s battery has a GPS, #Retweet_To_Reach_Everyone.” and “Batteries of galaxy has gps please inspect your phone asap if you’re in the Khilafah.”

23807

The following report highlights how jihadis have been using encryption technology since the publication of Part III of this series in February 2015. This includes greater reliance on encryption apps such as the Ontario-based Kik, the Colorado-based Surespot, the Berlin-based Telegram, and the San Francisco-based Wickr, and on software such as Detekt, which identifies surveillance malware and was developed in partnership with Amnesty International.

See also:

The full text of this report is available to MEMRI’s Jihad and Terrorism Threat Monitor Subscribers. 

Subscription information is available at this link.

JTTM subscribers can visit this page to view the report.