Tuesday, November 17, 2015

How jihadists ‘go dark’ to avoid detection

By Alex Spence


The West’s security services pursue an enemy that is increasingly difficult to track.

In a life-or-death digital arms race, the U.S. and European security services are chasing an enemy that is using increasingly sophisticated forms of digital communication to remain in the shadows. And they are struggling to keep up.
Terrorists linked to the so-called Islamic State are employing encrypted Internet services — including a new generation of mobile messaging apps — that the authorities do not have the technological capability to break, according to intelligence sources, public comments by senior officials, and evidence disclosed in recent criminal trials.
It is still unclear precisely how Friday night’s attacks in Paris were planned, but the assailants are likely to have used some form of electronic communication to coordinate weapons, transport, timing and targets across borders. The New York Times reported Sunday that the attackers used encryption technology to communicate with each other, although the specific service or application is not known.
Questions are already being asked about how Western security agencies could have missed digital “chatter” in the run-up to the massacre. Whatever intelligence failings emerge in the coming days, the attacks underline the difficulty that the authorities are facing in stopping determined, well-coordinated terrorist networks carrying out deadly assaults on undefended targets.
Intelligence officials around the world are worried that ISIL’s increasing use of encrypted communications is undermining their ability to keep citizens safe. One British security source told POLITICO the attacks in Paris gave them “cold sweats” and that they “had a great deal of sympathy” for their French counterparts.
Senior law enforcement and intelligence officials on both sides of the Atlantic have warned repeatedly that ISIL is exploiting developments in digital security to “go dark.” Heated political debates about how far governments can and should go in conducting surveillance on the Web were already taking place in several countries, and will take on fresh urgency after Paris.

The Snowden effect

ISIL supporters are zealous, savvy users of popular social networks such as Twitter and Facebook, using the platforms to boast about conquests, taunt their enemies, and reach out to potential new recruits. The militants also regularly use more sophisticated, secure services to cloak their conversations online.
The growth of the Internet and smartphones has led to an explosion in messaging services. Facebook’s messenger and WhatsApp, Apple’s iMessage, Twitter’s direct message function, Skype, and Snapchat have attracted millions of users, many of whom are now using the apps in place of text messages and e-mail. Even video game consoles and mobile phone games provide facilities that allow users to chat with each other directly.
Those mainstream services can be hard for the authorities to penetrate. After the intelligence disclosures of Edward Snowden, there has also been a new generation of communications apps designed to cater for greater public demand to greater privacy online. Easily available and user-friendly, those apps have legitimate uses — by investigative journalists or human rights activists in repressive countries, or even simply by law-abiding citizens who want a higher degree of security — but can also be exploited by extremists to coordinate atrocities without being detected.
“As members of the general public get preoccupied that the government is spying on them, they have adopted these applications and terrorists have found them tailor-made for their own use,” said a British security source, who spoke on condition of anonymity.
Intelligence sources are reluctant to publicly discuss specific details, to avoid encouraging the use of particular services by any would-be extremists, but a number of messaging apps are known to have been used by militants linked to Islamic State in recent months. The group used Telegram, a Berlin-based messaging service, in addition to Twitter, to distribute a statement claiming responsibility for Friday’s attacks among its followers, Time magazine reported.
“Terrorists use technology improvisationally,” J.M. Berger, the co-author of “ISIS: The State of Terror” and a nonresident fellow at the Brookings Institution, said in an e-mail. “For the most part, they rely on technologies which have features they can exploit, for instance by using encrypted messaging apps that don’t leave an electronic trail on the host company’s servers.”

‘Very, very difficult’

The extremists are not always well-informed about what security services can access, sources say, and some are careless at covering their tracks, using insecure services that they would normally use to chat with their friends. But researchers say there is also evidence of militants with sophisticated knowledge who have shared it online with other Islamic State supporters.
The threat is also constantly evolving. A service that is popular one minute may be abandoned the next, if word spreads among the jihadists that it is vulnerable to interception.
In an event hosted by POLITICO in Brussels last week, Belgium’s interior minister Jan Jambon singled out the messaging function on Sony’s PlayStation 4 gaming consoles as particularly difficult for international security services to crack.
“The most difficult communication between these terrorists is via PlayStation 4,” the minister said, three days before the Paris attacks. “It is very, very difficult for our services — not only Belgian services but international services — to decrypt the communication that is done via PlayStation 4.”
It is not known whether the Paris attackers used PlayStation consoles to communicate, and experts are doubtful. “The idea that terrorists use video games to communicate has been around for a long, long time without a lot of evidence to support it,” Berger said. Nevertheless, Jambon’s comments illustrate the vast range of technology that authorities are now monitoring in the fight against terrorism.

2001 vs. 2015

Ten years ago, security agencies could get most of what they needed to know about the activities of potential terrorists from three simple sources: phone taps, letter intercepts, and physical surveillance.
In the first decade of the 2000s, al-Qaeda operatives used e-mail “drop-boxes” to communicate. The new breed of Islamic State jihadists are far more tech-savvy, having in many cases grown up in the West using smartphones and social media.
As a result, the flow of information transmitted digitally between Syria and Islamic States’s supporters in Europe has far surpassed that of any previous conflict. Videos shared online by jihadists during the Iraq and Afghanistan wars gained a certain currency, but were never as widely circulated as the videos made by Islamic State recruits.
The Islamic State has built a formidable social media propaganda machine, utilizing groups of young jihadists with media and editing skills from colleges around Europe. Freely-available  services such as Twitter, Facebook, Instagram, YouTube and AskFM have allowed the extremists to cheaply and quickly reach vast audiences.
The extremists have posted pictures, videos, slogans and “memes” that are quickly shared across the Internet by the like-minded, just as the rest of the world shared tricolore flags in solidarity with the victims in Paris. Teenagers around the world with a curiosity about Islamic State have viewed images of real executions as easily as they would watch a horror film or play a violent video game.
If the Internet was just a propaganda tool it would be insidious enough, but Islamic State is also using it to recruit fighters, transfer money, select targets, issue instructions, and exchange operational details, experts say. It is the latter that the security services are most acutely concerned about targeting.
In July, James Comey, the head of the U.S. Federal Bureau of Investigation, testified at a Senate hearing that Islamic State was using Twitter to attract supporters and then directing them to encrypted messaging apps where more nefarious conversations could be held securely.
“Some of these conversations occur in publicly accessed social networking sites, but others take place via private messaging platforms,” Comey said. “These encrypted direct messaging platforms are tremendously problematic when used by terrorist plotters.”

Impossible to stop

Authorities in Britain have also repeatedly warned that terrorists are evading detection online. In a speech in London last month, Andrew Parker, the director-general of MI5, Britain’s domestic intelligence service, said it was impossible to “hold back the tide of technological change.”
“The idea that there are spaces where terrorists can communicate safely and increasingly out of sight of the intelligence agencies — going dark, as it is known — is not something that anyone either intended or voted for,” Parker said.
“Information gathered from the technology terrorists use, often in the same way as the rest of us, may sometimes be the only way to stop them. We use data to save lives.”
In January, after the Charlie Hebdo attacks, David Cameron said extremists should not be allowed a “safe space” to communicate online.
Newspaper reports have since claimed that the U.K. government looked at restricting the use of services such as Skype and WhatsApp because of their use of strong encryption. That prompted a backlash from privacy campaigners, businesses and computer security experts, who argued that weakening encryption would harm legitimate Internet commerce and create new, unintended security threats.
The U.K. government is, however, pushing ahead with legislation designed to give the authorities greater surveillance powers, including requiring internet service providers to retain information about the websites their users visit.
In a speech two weeks ago, Robert Hannigan, head of GCHQ, the British surveillance agency, said “information needed for national security and serious crime purposes should not be beyond the lawful, judicially warranted reach of the state when the need arises.”
The authorities’ push for greater powers to intercept digital data is highly controversial, however. Clashing with the urgent need to stop potential attacks is a heightened public concern about the state prying indiscriminately into its citizen’s private business. The U.K.’s Draft Communications Data Bill, dubbed the “snooper’s charter” by critics, has already been delayed and watered-down because of criticism that the authorities were asking for too much.
Already since Friday, senior legal and political figures in Britain have called for new powers to be pushed through as soon as possible. It’s a debate that will continue with new urgency across the West in the coming weeks.

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home