How Islamic State Teaches Tech Savvy to Evade Detection Paris attacks raise possibility that extremists have found ways around western surveillance By Margaret Coker, Sam Schechner and Alexis Flynn
http://www.wsj.com/articles/islamic-state-teaches-tech-savvy-1447720824
Terror groups have for years waged a technical battle with Western intelligence services that have sought to constrain them through a web of electronic surveillance.
The Paris attacks, apparently planned under the noses of French and Belgian authorities, raise the possibility that Islamic State adherents have found ways around the dragnet.
French authorities say two of the attackers knew each other in prison, but it isn’t clear how the group communicated in plotting and coordinating the Friday attacks. Intelligence services have monitored communications from one terror suspect, Belgian Islamist Abdelhamid Abaaoud, between Syria and alleged associates in Belgium and Morocco.
ENLARGE Low-tech methods exist for communicating off law enforcement’s radar including passing written notes or relaying messages through friends or relatives.
But law-enforcement agencies also have long warned that encrypted platforms built for gaming or other commercial purposes to safeguard privacy are being used by would-be terrorists to communicate.
Islamic State, for its part, has built a tech-savvy division of commanders who issue tutorials to sympathizers about the most secure and least expensive ways of communicating.
The bloodshed in Paris will likely exacerbate a tense debate between governments that want inside access to those encrypted tools and tech companies that say are trying to protect customer data and are wary of government overreach.
Mike Morell, the former deputy director of the Central Intelligence Agency, said terrorists’ ability to use encrypted communication is a huge problem.
“I think this is going to open an entire new debate about security versus privacy,” he told CBS television on Sunday.
Two top U.S. intelligence officials, CIA Director John Brennan and Robert Cardillo, director of the National Geospatial Intelligence Agency, said Monday that terror groups have “gone to school” on U.S. spying practices and learned ways to evade detection. Mr. Brennan blasted efforts to curb surveillance while Mr. Cardillo said agencies needed to adapt and find new ways to gather intelligence.
For more than a year, governments in Europe have pushed for companies such as Google, Facebook and Twitter to build “back doors” that allow law enforcement access into their encrypted tools.
Tech companies and security experts have resisted that push, which gained steam in Europe following the January attacks in Paris against the satirical magazine Charlie Hebdo.
Security experts say inserting back doors would weaken the encryption and undermine trust in the Internet.
Islamic State is among the most technologically sophisticated extremist groups. Its advice to followers includes an eight-minute video released last year in Arabic that discusses the surveillance capabilities of hostile governments and how phones can be tracked. Bulletins also include advice about brands of electronic equipment that appear vulnerable.
In January, a follower known online as al-Khabir al-Taqni, who identifies himself as a “technical expert,” provided would-be fighters with a list of what he determined were the safest encrypted communications systems available.
“Through this, we can break one of the strongest weapons of the Crusader governments in spying on and tracking the mujahedeen and targeting them with aircraft,” the author said, referring to the U.S.-led coalition fighting Islamic State.
The missive, authenticated by the SITE Intelligence Group which monitors and tracks radical groups online, ranked 33 applications as unsafe, moderately safe, safe, and safest.
Soon after the list was published, Islamic State started moving official communications from Twitter to Telegram Messenger, which received the second-highest safety rating from the Islamic State tech team.
That included the group’s claim of responsibility for the Paris attacks as well as the Oct. 31 Russian airline crash in Egypt.
Islamic State also has urged its followers to make use of the app’s capability to host encrypted group chats.
ENLARGE A spokesman for Telegram didn’t respond to requests to comment. Pavel Durov, the app’s founder who also created the Russian social network VKontakte, criticized recent calls by the Russian government to ban Telegram.
“I propose we ban words,” Mr. Durov wrote in a sarcastic VKontake post. “There is information that terrorists use them to communicate.”
U.K. prosecutors convicted a British teen this year in part because police had access to his Telegram chats.
The boy, inspired by Islamic State, admitted to communicating with an Australian teenager and encouraging him to attack ceremonies commemorating military veterans.
He was convicted on one terrorism charge. Police and prosecutors have declined to comment about how they accessed those communications.
Telegram was among the first apps that explicitly catered to privacy enthusiasts in the wake of reports in 2013 alleging widespread surveillance by U.S. intelligence. A similar U.S.-based app called Wickr received the highest safety recommendation in the Islamic State tech guide. Wickr didn’t respond to a request to comment.
European law-enforcement officials have also expressed concern about gaming consoles, which also allow players to communicate with each other via the Internet.
Belgium’s Interior Minister Jan Jambon told a conference in Brussels last week that Sony Corp. ’s PlayStation was a concern, calling it one of the most difficult platforms for governments to intercept.
He didn’t say whether Belgium has investigations that include monitoring of gamers or game consoles. A spokeswoman in Brussels didn’t return calls seeking comment.
In May, an Austrian court convicted a 14-year-old boy of downloading bomb-making instructions onto his PlayStation console, according to local media reports.
It is unclear whether governments have approached Sony for access to customer data. Sony said in a statement it works with local authorities as appropriate. “We take our responsibilities to protect our users extremely seriously and we urge our users and partners to report activities that may be offensive, suspicious or illegal. When we identify or are notified of such conduct, we are committed to taking appropriate actions in conjunction with the appropriate authorities,” it said.
Comments are closed.
