14 February 2016

Islamic State uses detailed security manual, revealing its cyber strategy


A security manual co-opted by the Islamic State has been found, containing instructions ranging from avoiding Instagram, to using tools like anonymous browser Tor to avoid detection 

Armed police arrive in the street in Paris, after Isil attacked the city Photo: Paul Grover

Researchers have discovered that the Islamic State of Iraq and the Levant (Isil), which claimed responsibility for the Paris attacks, has been using a 34-page operational security manual that shows how tech-savvy the extremist terror group really is. 

In a translation given to WIRED magazine by the Combating Terrorism Centre at West Point’s military academy, the manual provides digital guidelines on using everything from social media, to encrypted Internet browsers like Tor and keeping your emails private. 

The guide was originally written in 2014 by Cyberkov, a Kuwaiti cyber-security firm for journalists and activists in Gaza, as a guide to protecting security. It was also found to be circulated in Isil chat rooms. 

One of the researchers told WIRED that the plan was one of the best amateur security manuals. 

Earlier this week Isil issued specific advice on how to avoid being hacked by members of the hacktivist collective Anonymous, whom it referred to as "idiots." 

The warning was put out via Telegram, an encrypted instant messaging app, on the Khilafah news channel, which is thought to be an unofficial pro-ISIS news source, and discovered by researchers at the International Centre for the Study of Radicalisation, a London think tank which studies extremism and terrorism. 

The Khilafah channel on Telegram was reportedly shut down this week by the chat service, saying it was "disturbed" that its channels were being used to distribute terrorist propaganda. 

These newly discovered cyber-behaviour guidelines and Isil's use of apps like Telegram illustrate how the group adopts widely-used social media and mobile apps that we are all familiar with to communicate. It also demonstrates the Isil attackers' wide-range knowledge of the encryption, privacy and security practices of popular technology services like Facebook
Social Media 

Isil places great emphasis on the use of Twitter over other social networks. Hacktivist group Anonymous claimed to have taken down more than 6000 Isil-affiliated Twitter accounts last week. The guide recommends a login verification option to double-secure your Twitter password, and to make sure GPS tagging is not active when you are taking or posting a photo. It also contains a link to a blog on how to keep Twitter private messages secure. 

Isil has previously hacked an official US government Twitter account

It warns against the use of services like Instagram, because it is owned by Facebook which has "a bad reputation in the protection of privacy." 
Mobile phone encryption 

Discussing mobile phone security, the manual recommends encrypted phones like the Blackphone and CryptoPhone because they "contain applications to maintain the security of your communications like Silent Circle." The software is made by a 3-year-old Swiss company that allows fully encrypted calls and texts via phones running iOS, Android and their own operating system. 

Isil recommends the Blackphone (above) as a secure mobile device
How to communicate if the Internet is cut off 

The guide recommends the Firechat app for iOS and Android, which works even without an internet connection. It automatically connects groups of up to 80 people, creating your own network for private communications. The document recommends it "to share photos and conversations in the vicinity of 200 metres." 
Safe browsing 

The guide contains several links to download encrypted browser Tor, which it says "hides your identity and protects from tracking." The browser has been used for several illegal web operations in the past, including the drugs marketplace Silk Road 2.0. Other browsers it highlights for mobile include the Onion browser and Opera mini. 

Shopping for guns on the Dark Net Photo: Flickr
Secure email 

Email is "one of the most important means of private communication". Services it points to include ProtonMail, a new secure email service with servers in Switzerland, "supervised by scientists of physics...at Harvard University and MIT." 
Instant messaging 

The guide recommends the use of instant messenger Wickr, where messages are instantly destroyed like Snapchat; Apple's iMessage which is "end-to-end" encrypted, as the guide rightly points out and Russian chat app Telegram, which recently shut down Islamic State propoganda channels on its service. 

Isil's warning about Anonymous hackers, on Telegram Photo: Huffington Post UK

No comments: