Isis opens 24/7 helpdesk to teach good encryption and cybersecurity practice
In the biggest irony of all, now even Islamic State (Isis) apparently has its very own technical help desk that runs 24 hours a day, seven days a week to help train terrorists on good cybersecurity and privacy practices, such as using encryption services to stay undetected.
Counter-terrorism analysts working with the US Army say the helpdesk is manned by six senior tech-savvy operatives around the clock and is a recent development that has only come about in the last year.
The helpdesk's responsibilities include offering support to members of the terrorist group on how to properly use encryption services in order to keep their tracks hidden online as they plan secret operations, as well as recruiting would-be extremists from social media and even creating step-by-step educational tutorials exclusively for IS operatives.
"They've developed a series of different platforms in which they can train one another on digital security to avoid intelligence and law enforcement agencies for the sole purpose of recruitment, propaganda and operational planning," Aaron F Brantly, a counter-terrorism analyst at the Combating Terrorism Center, an independent research organisation at the US Military Academy, West Point told NBC News.
"They also post YouTube Videos, going step-by-step over how to use these technologies. Imagine you have a problem and need to solve it and go to YouTube; they have essentially established the same mechanism [for terrorism]."
Spies relying on terrorists to be stupid online
Officials in both the US and UK are calling for privacy protections to be relaxed and surveillance powers increased following the Paris attacks, while NSA whistleblower Edward Snowden has been blamed for encouraging ordinary citizens to start anonymising their activities online to prevent governments from spying on them.
To this end, on 17 November, Chancellor of the Exchequer, George Osborne announced he would be spending an additional £1.9bn ($2.9bn) a year on cybersecurity, to enable intelligence agencies hire an additional 1,900 staff and build the first-ever National Cyber Centre to combat increasing international terrorism attempts.
One reason for IS' sudden keen interest in encryption is the fact that its efforts to recruit and communicate with potential foot-soldiers happen over social networks which are publicly accessible, and it is the first place Western intelligence agencies usually turn to for information on IS activities.
In fact, an FBI criminal complaint filed in October showed that alleged IS hacker Ardit Ferizi was caught because he used his real name on all his social media accounts and publicly declared that he was the head of a Kosovo hacking collective, and he hacked a company in the US without encrypting his internet traffic, meaning that his IP address was clearly visible to investigators.
He is not the only case of a hacker displaying incredible stupidity – in September, a group of security researchers outed the alleged Chinese state-sponsored hacker Ge Xing who posted his entire life on publicly-accessible social media, making it easy to tie him to malware attacks on multiple countries.
The cybersecurity equivalent of radar is needed
It seems that finally even the extremist group is learning, as IS put out cybersecurity tips on the encrypted messaging app Telegram, specifically warning operatives to stay off Twitter, encrypt their web traffic and use more than one username for their social media accounts and email addresses.
The problem is that Western intelligence agencies have based too much of their cyber intelligence-gathering strategy on the presumption that the terrorists are either stupid or do not understand cybersecurity, and that the tech industry will always be willing to give governments a back-door into their services to spy on users.
As I mentioned in a critique of the UK Snooper's Charter, truly evil people are clever and will always find a way around detection. You cannot depend on them to be stupid and put their activities on social media. Yes, probably the UK does really need to invest more into cybersecurity, but Western governments should be working with the cybersecurity industry to devise new technologies so that they can stay one step ahead, similar to the British invention of radar which turned the tide during WWII.
© Copyright IBTimes 2024. All rights reserved.