Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

5/9/2016
07:07 AM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Terror Groups Using Legit, Home Grown Tools To Communicate, Proselytize

Trend Micro says its research shows that terror, cybercrime groups often use same tools to operate

Terrorist organizations are leveraging a slew of legitimate and home grown applications and services—some of them sophisticated, some less so—to communicate with each other and to spread propaganda, a new report from Trend Micro shows.

The security vendor’s report is based on research into how cybercriminals and terrorists are abusing online technologies and tools to conduct their activities. The research showed that while the motivations in each case are different, there is considerable overlap between the two groups as far as their use of certain technologies are concerned.

For instance, both cybercriminals, defined in the report as those motivated by financial gain, and terror groups, defined as entities labeled as such by at least seven nations, heavily use encryption and anonymizing tools such as Tor to hide their tracks.

Similarly many of the communication tools that both groups use are the same. Terror groups and cybercriminal frequently tap secure email services, underground forums and social media forums like Facebook and Twitter to stay connected with members of their respective groups, the Trend Micro report said.

The only difference is that while cybercrooks use these platforms more for conducting commerce and negotiating price, terror groups use it to proselytize and to spread propaganda.

The Trend Micro report offers a glimpse at some of the other tools and services favored by terror groups. For example, the vendor’s research showed that groups labeled as terror organizations heavily favor secure email services such as SIGAINT, Mail2Tor and RuggedInbox for cloaking their communications. All three are so-called darknet email services that hide the identities and location of people sending or receiving emails.

Trend Micro’s research showed that instant messaging service Telegram Messenger is a popular choice among terror groups. More than a third of some 2,300 terror-group affiliated accounts that the security vendor studied listed a Telegram address as their primary contact info.

The report does not offer any explanation on the reasons for Telegram’s popularity. But it is more than likely it has to do with Telegram’s claims of being more secure than services like WhatsApp, and also its use of strong server-side encryption and client-side encryption to protect text, media and other data types. Telegram’s support for secret end-to-end encrypted chats and a self-destruct feature that causes messages, video, images and files to be wiped clean after a specific period also might help explain its apparently popularity in terror circles.

In addition to such tools, groups labeled as terror organizations also use a collection of home-brewed technologies in daily operations, Trend Micro’s research showed. The company’s report lists six such tools, which it says are commonly used.

Among them are Mojahedeen Secrets, an encryption tool released in 2007 as a PGP alternative. “This application encrypts email and file transfers using RSA public/private encryption systems. In addition to allowing users to create private keys to use when sending emails, the application also supports messaging and a file shredder feature to delete files safely,” the Trend Micro report said.

Three of the other tools listed in the report—Tashfeer al-Jawwal, Asrar al-Dardashah, Amn al-Mujahed—are also encryption applications for messaging and mobile platforms.

Two of them are Android applications—Alemarah and Amaq—that are being used for information dissemination. The remaining application listed in the Trend Micro report is a DDoS tool of what appears to be of dubious quality. The app was initially thought to be a fake but later tests confirmed that it could be used to launch limited, DDoS SYN flood attacks, the security vendor said. “While this application is not particularly advanced, it shows that there is active exploration into disruptive technology,” among terror groups, Trend Micro said.

Related stories:

 

 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11289
PUBLISHED: 2021-05-07
Out of bound write can occur in TZ command handler due to lack of validation of command ID in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapd...
CVE-2020-11293
PUBLISHED: 2021-05-07
Out of bound read can happen in Widevine TA while copying data to buffer from user data due to lack of check of buffer length received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Vo...
CVE-2020-11294
PUBLISHED: 2021-05-07
Out of bound write in logger due to prefix size is not validated while prepended to logging string in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
CVE-2020-11295
PUBLISHED: 2021-05-07
Use after free in camera If the threadmanager is being cleaned up while the worker thread is processing objects in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
CVE-2021-1891
PUBLISHED: 2021-05-07
A possible use-after-free occurrence in audio driver can happen when pointers are not properly handled in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdrago...