How Cyber-Jihadists Protect Their Identities and Their Posts

By Laith Alkhouri

Laith Alkhouri is a co-founder and Director at Flashpoint. Mr. Alkhouri, a native Arabic speaker, heads Flashpoint's counterterrorism desk and directs the jihadist threat intelligence service. His team works on identifying the latest trends in the Deep Web used by terror groups and their supporters. He's assisted law enforcement in terror investigations and delivered presentations with original research to DoD, DoJ and State Department audiences. Mr. Alkhouri is frequently cited by national and international media outlets and serves as an on-air NBC News counterterrorism analyst.

ISIS has become infamous for using the Internet to radicalize and recruit individuals worldwide. Lesser known, however, are the tech-savvy ISIS supporters who dedicate their time and resources not only to advancing the group’s goals but also to safeguarding its online operations.

The cumulative efforts of these supporters represent arguably the most impactful factor in spiderwebbing ISIS material – especially given the unrelenting scrutiny to which their online presence is frequently subjected.

Indeed, cyber jihadists are constantly pursued by law enforcement, their content is regularly suspended by social media companies, and their forums and message boards are routinely targeted in cyber attacks. Herein comes the role of jihadist information security or infosec channels: a decentralized group of tech-savvy jihadists who advise their comrades on protecting and anonymizing their online presence – which, conceivably, is the most critical element in the longevity of cyber jihadism.

Today, jihadists’ overt abuse of social media and various Western cyber technologies plays an integral role in advancing ISIS’s goals. Despite the group’s robust online footprint, however, thousands of jihadists lack a nuanced understanding of information security. Most jihadists’ use of the Internet is rudimentary and typically revolves around using social media and message boards – often without taking necessary precautions to anonymize their identities or protect against adversarial scrutiny. This widespread lack of infosec awareness among jihadists has led to the emergence of numerous pro-ISIS “techies” – individuals who provide infosec advice to help under-sophisticated jihadists protect themselves.

Over the last two years, specialized jihadist infosec groups have published manuals in multiple languages on topics like virtual private networks (VPNs), encrypted messengers, secure browsers, and the deep and dark webs. Such advice is what has helped many jihadists bypass scrutiny and operate online with ease.

Among the various jihadist infosec groups, one known as Horizons has become the most noteworthy. Horizons has published dozens of manuals on encryption, the dark web, mobile security applications, and other relevant topics in which most jihadists’ lack expertise. Although they cover a wide range of topics, all Horizons manuals serve the same purpose: promoting infosec tools and practices in an effort to protect jihadists.

For instance, in November 2016, Horizons took note of jihadists’ increasing usage of smartphones despite concerns over the extent to which many devices could compromise users’ anonymity.  The group exclaimed, “The smarter the phone, the more dangerous. And we suggest asking the older brothers about the scale of the destruction that befell some of the mujahideen as a result of using mobile phones, and how the microphone can be more dangerous than the camera, and the camera can be more dangerous than GPS.”

In other words, using smart technology is not smart unless infosec procedures are set in place.

Horizons has produced similar advice pertaining to encrypted communication platforms. Telegram, the primary application used by many jihadist groups and their supporters worldwide, provides a secure avenue for jihadists away from sites that could potentially expose their identity. The platform offers an array of features for the jihadist-on-the-go; a pool of resources from explosives manuals to direct access to ISIS propaganda. And yet, Horizons has gone the extra mile to recommend alternative encrypted communication apps that may be even more secure than Telegram, such as Signal, Conversations, Pidgin, Gajim, and Threema, among others. By publishing detailed guidebooks on each one of these technologies, Horizons has raised the bar in educating the layman jihadist on what’s in store should they not use, or misuse, these applications.

Another infosec channel is run by a prominent jihadist known by his catchy moniker “Caliphate Technologist.” Since 2014, this individual has not only released manuals on various infosec topics, he’s also been known to exchange messages with jihadists seeking advice. In fact, the perpetual need for such advice led him to create his own password-protected deep web forum, which until going offline recently, provided content to hundreds of users.

Furthermore, expanding the “shelf life” of jihadi content has become increasingly important in light of various social media platforms’ active suspension of accounts linked to jihadist activity. In response, jihadist infosec services have provided guidebooks on avoiding suspension and growing one’s social media footprint. Horizons and other services suggest using so-called “virtual phone numbers,” online services that offer American phone numbers for receiving text messages — which are required for registering social media accounts.

Indeed, social media’s critical role in supporting ISIS’s goals has given rise to the so-called “Supporters Bank,” a pro-ISIS group that provides social media access credentials for jihadists. As of March 2017, the group claims to have provided more than 5,000 ISIS supporters with social media accounts to use. Showcasing its increased activity lately, “Supporters Bank” has also claimed to have created 12,000 Twitter accounts and nearly 3,000 Facebook accounts between April and May of this year. Jihadists struggling to maintain their Facebook and Twitter accounts worry no more.

As ISIS faces hardships on the ground, it has issued multiple messages to its supporters to amplify their social media activities and ensure that its propaganda is constantly circulating online. Due to the suspension on Twitter and Facebook, confining jihadists to limited-audience platforms like Telegram, ISIS has invited its followers to “break the chains” and “operate on the social media networks they created” – further necessitating the need for the aforesaid infosec groups.

A central part of ISIS’ campaign over the past year  is to focus more on inspiring individuals abroad to commit acts of terrorism rather than dispatching operatives. In other words, ISIS is decentralizing its terrorism; focused more on using the Internet to reach individuals at home and preach personal responsibility than on orchestrating attacks themselves. Killing an idea will require more than military action, thus, understanding how infosec groups help lone-wolf actors avoid scrutiny will be key in understanding the future of terrorism. 


Related Articles

Search

Close