An analysis of activity on the Dark Web shows that jihadist groups are taking advantage of a wider range of technology tools and secure services than generally assumed for propaganda and communication purposes.

Researchers from security vendor Flashpoint recently examined data obtained from what they described as primary sources from the Deep and Dark Web to understand how those affiliated with terror groups maintain online presences without being detected.

The analysis showed that jihadist groups rely on six broad categories of digital tools and services to maintain an online presence, obscure their tracks from law enforcement, to proselytize, and to communicate with each other. The tools include secure browsers like Tor, proxy services and virtual private networks (VPNs) such as CyberGhost VPN, protected email services, and encrypted chat and messenger tools.

“Jihadists enact stringent online security measures starting with the World Wide Web’s most fundamental portal: browsers,” the Flashpoint report observed. Unlike a majority of online users who access the Web with browsers like Chrome, Safari, and Firefox, those involved in terror activities tend to use either the Tor browser or the VPN-equipped Opera browser -- both of which offer a way for users to browse relatively securely without easily revealing their IP addresses.

They tend to combine the use of secure browsers with VPN tools such as F-Secure Freedome and CyberGhostVPN to make it more difficult from law enforcement to keep tabs on their online activities, the Flashpoint report said.

When it comes to email services, pro-ISIS and Al-Qaida affiliated groups tend to use a slew of protected email services to try and remain under the law enforcement radar. Among the email services that are popular among such groups are Hush-Mail; ProtonMail, an encrypted email service developed by researchers at CERN and MIT; and GhostMail, an encrypted email service from Switzerland.

Services that offer temporary, disposable email accounts without requiring users to register for an account are also popular. One example is YOPmail, a service that was used by Al-Qaida in Yemen to release a video of a terror attack on the office of French satirical newspaper Charlie Hebdo last January, Flashpoint said.

Black Hat’s CISO Summit Aug 2 offers executive-level insights into technologies and issues security execs need to keep pace with the speed of business. Click to register.

Applications that allow terror groups to use mobile devices relatively securely are also apparently very popular on the Dark Web. Jihadist groups rely heavily on mobile technologies to communicate and stay in touch with others.

But they appear acutely aware of the risks involved in using mobile devices and are leveraging a variety of tools to make it harder for law enforcement to monitor them, Flashpoint said. Among such tools are Fake GPS, which provides a false physical location when users are using certain apps like Facebook; ISHREDDER Pro for permanently deleting files; and AFWall, an open source firewall for mobile devices.

Besides the tools, jihadists also appear to be getting plenty of support and advice on how to use technology safely, from tech savvy peers.

In one case documented in the Flashpoint report, a member of a jihadist forum distributed best practices and guidelines for using Tor. In another incident, a forum member released a manual offering details on how to mask IP addresses and browse anonymously using CyberGhost VPN. The advice covered weaknesses in VPN technology and workarounds for addressing them, like using a particular software tool to hide a computer’s disk serial number when browsing. 

Meanwhile, a jihadist organization known as Horizons released a multi-episode series on the secure use of mobile devices for jihadist purposes on Telegram, an encrypted communications platform.

“Jihadists’ reliance on technology for survival pushes the jihadist community to constantly learn, adapt, and advance through various technological tools,” Flashpoint said in its report. “[Their] unrelenting drive to adapt and conceal their online operations presents unique challenges to monitoring them.”

Related stories: