Terrorist organizations are leveraging a slew of legitimate and home grown applications and services—some of them sophisticated, some less so—to communicate with each other and to spread propaganda, a new report from Trend Micro shows.
The security vendor’s report is based on research into how cybercriminals and terrorists are abusing online technologies and tools to conduct their activities. The research showed that while the motivations in each case are different, there is considerable overlap between the two groups as far as their use of certain technologies are concerned.
For instance, both cybercriminals, defined in the report as those motivated by financial gain, and terror groups, defined as entities labeled as such by at least seven nations, heavily use encryption and anonymizing tools such as Tor to hide their tracks.
Similarly many of the communication tools that both groups use are the same. Terror groups and cybercriminal frequently tap secure email services, underground forums and social media forums like Facebook and Twitter to stay connected with members of their respective groups, the Trend Micro report said.
The only difference is that while cybercrooks use these platforms more for conducting commerce and negotiating price, terror groups use it to proselytize and to spread propaganda.
The Trend Micro report offers a glimpse at some of the other tools and services favored by terror groups. For example, the vendor’s research showed that groups labeled as terror organizations heavily favor secure email services such as SIGAINT, Mail2Tor and RuggedInbox for cloaking their communications. All three are so-called darknet email services that hide the identities and location of people sending or receiving emails.
Trend Micro’s research showed that instant messaging service Telegram Messenger is a popular choice among terror groups. More than a third of some 2,300 terror-group affiliated accounts that the security vendor studied listed a Telegram address as their primary contact info.
The report does not offer any explanation on the reasons for Telegram’s popularity. But it is more than likely it has to do with Telegram’s claims of being more secure than services like WhatsApp, and also its use of strong server-side encryption and client-side encryption to protect text, media and other data types. Telegram’s support for secret end-to-end encrypted chats and a self-destruct feature that causes messages, video, images and files to be wiped clean after a specific period also might help explain its apparently popularity in terror circles.
In addition to such tools, groups labeled as terror organizations also use a collection of home-brewed technologies in daily operations, Trend Micro’s research showed. The company’s report lists six such tools, which it says are commonly used.
Among them are Mojahedeen Secrets, an encryption tool released in 2007 as a PGP alternative. “This application encrypts email and file transfers using RSA public/private encryption systems. In addition to allowing users to create private keys to use when sending emails, the application also supports messaging and a file shredder feature to delete files safely,” the Trend Micro report said.
Three of the other tools listed in the report—Tashfeer al-Jawwal, Asrar al-Dardashah, Amn al-Mujahed—are also encryption applications for messaging and mobile platforms.
Two of them are Android applications—Alemarah and Amaq—that are being used for information dissemination. The remaining application listed in the Trend Micro report is a DDoS tool of what appears to be of dubious quality. The app was initially thought to be a fake but later tests confirmed that it could be used to launch limited, DDoS SYN flood attacks, the security vendor said. “While this application is not particularly advanced, it shows that there is active exploration into disruptive technology,” among terror groups, Trend Micro said.
- Pro-ISIS Hacking Groups Growing, Unifying, But Still Unskilled
- US Cyber Command Hacks ISIS
- How Hackers Have Honed Their Attacks