Wednesday, 25 May 2016

On 05:27 by admin   No comments
Since the Paris attacks in November, the San Bernardino shootings in December, and the subsequent brawl between Apple and the FBI, there’s been a growing obsession around the technical capabilities of terror group ISIS. How does it use encryption? Is it building a cyber warfare arm? The current answers: like the organization itself, its hacking skills and use of cryptography are patchy but developing at a trajectory that’s concerning enough to cause anxiety amongst intelligence specialists.

Hints of the operational security of ISIS, or ISIL as it’s often called, can be found in literature aimed at jihadis. This week saw the release of the ninth edition of the Dar Al-Islam, an official ISIS publication written in French. In a section dedicated to technology, there’s a warning about using anonymizing network Tor, which sends users through a number of randomly-selected servers and encrypts traffic. Concerns were raised by Dar Al-Islam about “malicious nodes”, the points at the distributed Tor network controlled by spies, often used to intercept traffic and pilfer data from users. The article recommended users not enter sensitive or personal data on any website, “in particular when accessed with Tor”.

It should come as no surprise terrorists are concerned about Tor use. US law enforcement and academics have shown themselves adept at undoing protections offered by Tor. To ensnare users of Tor-hosted child pornography website Playpen, the FBI last year took control of the site’s server and hacked thousands of visitors, all with a single warrant (courts across America are now furiously arguing over the legality of that operation). In 2014, Carnegie Mellon researchers were asked to provide a Tor surveillance trick that led to the shut down of a swathe of major Tor websites, including drugs bazaar Silk Road 2.


Post a comment