Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

7/22/2016
05:00 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
100%
0%

How Jihadists Operate Online And Under The Radar: Report

Secure browsers, VPNs, protected email apps, and mobile security apps are just tip of iceberg, Flashpoint report shows.

An analysis of activity on the Dark Web shows that jihadist groups are taking advantage of a wider range of technology tools and secure services than generally assumed for propaganda and communication purposes.

Researchers from security vendor Flashpoint recently examined data obtained from what they described as primary sources from the Deep and Dark Web to understand how those affiliated with terror groups maintain online presences without being detected.

The analysis showed that jihadist groups rely on six broad categories of digital tools and services to maintain an online presence, obscure their tracks from law enforcement, to proselytize, and to communicate with each other. The tools include secure browsers like Tor, proxy services and virtual private networks (VPNs) such as CyberGhost VPN, protected email services, and encrypted chat and messenger tools.

“Jihadists enact stringent online security measures starting with the World Wide Web’s most fundamental portal: browsers,” the Flashpoint report observed. Unlike a majority of online users who access the Web with browsers like Chrome, Safari, and Firefox, those involved in terror activities tend to use either the Tor browser or the VPN-equipped Opera browser -- both of which offer a way for users to browse relatively securely without easily revealing their IP addresses.

They tend to combine the use of secure browsers with VPN tools such as F-Secure Freedome and CyberGhostVPN to make it more difficult from law enforcement to keep tabs on their online activities, the Flashpoint report said.

When it comes to email services, pro-ISIS and Al-Qaida affiliated groups tend to use a slew of protected email services to try and remain under the law enforcement radar. Among the email services that are popular among such groups are Hush-Mail; ProtonMail, an encrypted email service developed by researchers at CERN and MIT; and GhostMail, an encrypted email service from Switzerland.

Services that offer temporary, disposable email accounts without requiring users to register for an account are also popular. One example is YOPmail, a service that was used by Al-Qaida in Yemen to release a video of a terror attack on the office of French satirical newspaper Charlie Hebdo last January, Flashpoint said.

Black Hat’s CISO Summit Aug 2 offers executive-level insights into technologies and issues security execs need to keep pace with the speed of business. Click to register.

 

Applications that allow terror groups to use mobile devices relatively securely are also apparently very popular on the Dark Web. Jihadist groups rely heavily on mobile technologies to communicate and stay in touch with others.

But they appear acutely aware of the risks involved in using mobile devices and are leveraging a variety of tools to make it harder for law enforcement to monitor them, Flashpoint said. Among such tools are Fake GPS, which provides a false physical location when users are using certain apps like Facebook; ISHREDDER Pro for permanently deleting files; and AFWall, an open source firewall for mobile devices.

Besides the tools, jihadists also appear to be getting plenty of support and advice on how to use technology safely, from tech savvy peers.

In one case documented in the Flashpoint report, a member of a jihadist forum distributed best practices and guidelines for using Tor. In another incident, a forum member released a manual offering details on how to mask IP addresses and browse anonymously using CyberGhost VPN. The advice covered weaknesses in VPN technology and workarounds for addressing them, like using a particular software tool to hide a computer’s disk serial number when browsing. 

Meanwhile, a jihadist organization known as Horizons released a multi-episode series on the secure use of mobile devices for jihadist purposes on Telegram, an encrypted communications platform.

“Jihadists’ reliance on technology for survival pushes the jihadist community to constantly learn, adapt, and advance through various technological tools,” Flashpoint said in its report. “[Their] unrelenting drive to adapt and conceal their online operations presents unique challenges to monitoring them.”

Related stories:

 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
lorraine89
50%
50%
lorraine89,
User Rank: Ninja
9/27/2016 | 9:34:19 AM
Cyber security
Though it is evident that VPN technology has been exploited by the industry by ust too many times be it by hackers themselves or jihadists. Although it may sound like what's the purpose left then, it is important for ordinary net user to not under estimate the importance of vpn technology. I have been using purevpn to secure my important files and folders and to avoid those phishy scams and hacking attempts that have marred the internet in recent tmes. 
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
7/27/2016 | 11:28:37 AM
Better option needed
 

There will be those who will be abusing technology on hand and using it for their benefits and harming others. Not advancing technology is not a solution to these problems. Countries should find a better way to deal with the dark web. 
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
7/27/2016 | 11:25:11 AM
Virtual private networks (VPNs)
 

Virtual private networks (VPNs) such as CyberGhost VPN are not secure. People miss-understand what VPN is. Unless it is tied to your corporate network, it is somebody else's network and could not be considered as secure for public consumption.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
7/27/2016 | 11:22:37 AM
Re: Operating Online
"My online activity is no one else's business "

I generally agree but there should be some constraints around it in my view, we should not be abusing the technology and harm others with it.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
7/27/2016 | 11:20:19 AM
Re: In my humble opinion
"the terrorists would be to have direct access to the smartphone or computer of the sender or the recipient of the messages"

Agree. Most likely they do. Whether is it Apple or other companies, they all work with the agencies as needed basis, I am just assuming, that is what makes sense. The same is true in all other countries.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
7/27/2016 | 11:16:20 AM
Dark Web
 

Enjoyed the article. Obviously Dark web is growing, this is not of the disadvantages of advanced technologies, the technology could be used for different purposes. 
biggsy
0%
100%
biggsy,
User Rank: Apprentice
7/26/2016 | 3:22:28 AM
Operating Online
My online activity is no one else's business -- neither the NSA nor GCHQ nor any of the other bad actors on the internet have any right to read or record my stuff.  A very high percentage of the internet traffic which is being read and recorded by these bad actors is the traffic of citizens and businesses engaging in lawful activities.  More ordinary people need to read this article and take similar precautions to keep their lawful activities private.
Olaf Barheine
100%
0%
Olaf Barheine,
User Rank: Apprentice
7/23/2016 | 4:06:04 AM
In my humble opinion
And the only chance of the secret services to watch the communication between the terrorists would be to have direct access to the smartphone or computer of the sender or the recipient of the messages. Therefore I do not understand why our politicians always claim more control of the telecommunication infrastructure. It makes not really sense and in my opinion it is just a sign of helplessness. That's not comforting.
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3460
PUBLISHED: 2021-04-13
The Motorola MH702x devices, prior to version 2.0.0.301, do not properly verify the server certificate during communication with the support server which could lead to the communication channel being accessible by an attacker.
CVE-2021-3462
PUBLISHED: 2021-04-13
A privilege escalation vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could allow unauthorized access to the driver's device object.
CVE-2021-3463
PUBLISHED: 2021-04-13
A null pointer dereference vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could cause systems to experience a blue screen error.
CVE-2021-3471
PUBLISHED: 2021-04-13
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
CVE-2021-3473
PUBLISHED: 2021-04-13
An internal product security audit of Lenovo XClarity Controller (XCC) discovered that the XCC configuration backup/restore password may be written to an internal XCC log buffer if Lenovo XClarity Administrator (LXCA) is used to perform the backup/restore. The backup/restore password typically exist...