Another security manual recommends using Apple iMessage: this time, ISIS
An operations security manual developed to advise journalists and political activists on how to protect their identities is now being distributed by supporters of Islamic State terrorists. One of its recommendations is to use Apple's securely encrypted iMessage service.
According to a report by Kim Zetter for Wired, the OPSEC manual, discovered by researchers at the West Point military academy in online forums used by ISIS supporters, details a variety of ways members can avoid being detected.
The manual appears to have been entirely co-opted from work done by a Kuwaiti security group to advise journalists and activists working in Gaza. However, despite being distributed among ISIS supporters, it appears that even the terrorist group's most dangerous members are not actually following it.
Abdelhamid Abaaoud, the suspected mastermind behind mass murder plots in both Belgium and France, frequently failed to use encryption in his own phone communications and also left behind a cell phone with unencrypted content including photos and videos that identified him. Others involved in the Paris attacks discarded phones with active GPS, which helped authorities track where they had been and led them back to their safe-house.
He added, "If they do it right, then they can become pretty secure. [But] there's a difference between telling somebody how to do it and then [them] doing it right."
The advice in the OPSEC manual largely mirrored the general advice given to anyone who wants to avoid being hacked, whether by government agencies, malware hackers, identity thieves, or even advertising networks that seek to profile their users.
The manual advised on using strong passwords, and warned against clicking on "suspicious" links that could enable government agencies or other hackers to breach their security. It also described how to set up ad-hoc WiFi networks to distribute photos and text messages without needing internet access.
It similarly advised against using FaceBook's WhatsApp, a chat application that makes use of encryption and which has been singled out by US government officials as being used by ISIS to avoid surveillance. Despite using encryption, Wired noted that a German security firm had earlier reported problems with how it implemented this.
Sony's Playstation console, another encryption tool specifically cited by authorities as a way for terrorists to communicate, was not found in the OPSEC guide at all, West Point researcher Brantly stated.
The EFF's report specifically called out AIM; BlackBerry Messenger; Facebook's Messenger and WhatsApp; Google Chat and Hangouts; Microsoft's Skype; Secret; SnapChat and Yahoo Messenger as failing to provide end to end encryption, while calling Apple's iMessage and FaceTime "the best of the mass-market options."
The OPSEC guide also made a notable exception to its blanket recommendation against using American products: Apple's iMessage, which got a thumbs up for using encryption in a way that neither government intelligence agencies nor Apple itself can spy upon.
However, there's no evidence that ISIS is actually using iMessage, as the OPSEC manual was written for journalists operating in Israel and Gaza by researchers in Kuwait. ISIS operates across a series of regions where iPhones have very low penetration.
Android is the platform of choice for Al-Qaeda
The primary reason Al-Qaeda likes Android is "the large availability and affordability of Android phones, especially in underdeveloped countries," the firm noted.
While Android's legendary lack of inherent security singles out its users for targeted malware attacks, the insecure nature of the platform also provides Al-Qaeda with a vast network of devices to exploit for use in distributed Denial of Service attacks or to obfuscate the source of its communications.
Apple has already come under fire from the U.S. Department of Justice and Federal Bureau of Investigations for not supporting a "backdoor" mechanism that would give governments open access to communications for surveillance purposes.
New outbreaks of terrorist attacks are being leveraged by the FBI, Central Intelligence Agency and other groups to demand more government access, even though the evidence shows that the terrorists involved commonly weren't using encryption to plot their attacks. The primary use of citizen surveillance in the U.S. targets the use of drugs and guns, noted a report by The New York Times.
Apple's chief executive Tim Cook has repeatedly maintained that adding "backdoors" to allow American or other western government agencies to surveil users is ignorant, shortsighted policy.
"To protect people who use any products, you have to encrypt," Cook told the Telegraph in an interview earlier this month. "You can just look around and see all the data breaches that are going on...we believe very strongly in end to end encryption and no back doors."
Cook warned that requiring companies to add backdoors could have "dire consequences," saying that "any backdoor is a backdoor for everyone."
He added, "It's not the case that encryption is a rare thing that only two or three rich companies own and you can regulate them in some way.
"Encryption is widely available. It may make someone feel good for a moment but it's not really of benefit. If you halt or weaken encryption, the people that you hurt are not the folks that want to do bad things. It's the good people. The other people know where to go."
Despite recognizing iMessage as a secure tool, the OPSEC obtained and distributed by ISIS members shows that Cook's statements are true. The majority of ISIS terrorists are already using open Android devices that are cheap and disposable, and can side-load homegrown encryption apps, if and when they bother to use encryption at all.
According to a report by Kim Zetter for Wired, the OPSEC manual, discovered by researchers at the West Point military academy in online forums used by ISIS supporters, details a variety of ways members can avoid being detected.
The manual appears to have been entirely co-opted from work done by a Kuwaiti security group to advise journalists and activists working in Gaza. However, despite being distributed among ISIS supporters, it appears that even the terrorist group's most dangerous members are not actually following it.
Abdelhamid Abaaoud, the suspected mastermind behind mass murder plots in both Belgium and France, frequently failed to use encryption in his own phone communications and also left behind a cell phone with unencrypted content including photos and videos that identified him. Others involved in the Paris attacks discarded phones with active GPS, which helped authorities track where they had been and led them back to their safe-house.
OPSEC advice only as good as the user
Aaron Brantly of West Point's Combating Terrorism Center told Wired that the security manual was "about as good at OPSEC as you can get without being formally trained by a government," and that its advice was "roughly what I give to human rights activists and journalists to avoid state surveillance in other countries."He added, "If they do it right, then they can become pretty secure. [But] there's a difference between telling somebody how to do it and then [them] doing it right."
The OPSEC manual largely mirrored the general advice given to anyone who wants to avoid being hacked
The advice in the OPSEC manual largely mirrored the general advice given to anyone who wants to avoid being hacked, whether by government agencies, malware hackers, identity thieves, or even advertising networks that seek to profile their users.
The manual advised on using strong passwords, and warned against clicking on "suspicious" links that could enable government agencies or other hackers to breach their security. It also described how to set up ad-hoc WiFi networks to distribute photos and text messages without needing internet access.
Facebook bad, iMessage good, No mention of Playstation
Mirroring much of the same advice given in a guide written by the Electronic Frontier Foundation, the OPSEC manual advised against using most American providers of VPNs, encrypted chat tools and other services, particularly singling out Instagram because its parent company--Facebook--has a poor track record on privacy.It similarly advised against using FaceBook's WhatsApp, a chat application that makes use of encryption and which has been singled out by US government officials as being used by ISIS to avoid surveillance. Despite using encryption, Wired noted that a German security firm had earlier reported problems with how it implemented this.
Sony's Playstation console, another encryption tool specifically cited by authorities as a way for terrorists to communicate, was not found in the OPSEC guide at all, West Point researcher Brantly stated.
The EFF's report specifically called out AIM; BlackBerry Messenger; Facebook's Messenger and WhatsApp; Google Chat and Hangouts; Microsoft's Skype; Secret; SnapChat and Yahoo Messenger as failing to provide end to end encryption, while calling Apple's iMessage and FaceTime "the best of the mass-market options."
The OPSEC guide also made a notable exception to its blanket recommendation against using American products: Apple's iMessage, which got a thumbs up for using encryption in a way that neither government intelligence agencies nor Apple itself can spy upon.
However, there's no evidence that ISIS is actually using iMessage, as the OPSEC manual was written for journalists operating in Israel and Gaza by researchers in Kuwait. ISIS operates across a series of regions where iPhones have very low penetration.
Al-Qaeda prefers Android
Last year, a report by in intelligence firm Recorded Future showed that Al-Qaeda groups have focused on developing their own encryption tools, focusing on mobile devices, with "Android as the preferred platform for these groups."Android is the platform of choice for Al-Qaeda
The primary reason Al-Qaeda likes Android is "the large availability and affordability of Android phones, especially in underdeveloped countries," the firm noted.
While Android's legendary lack of inherent security singles out its users for targeted malware attacks, the insecure nature of the platform also provides Al-Qaeda with a vast network of devices to exploit for use in distributed Denial of Service attacks or to obfuscate the source of its communications.
Like encryption, backdoors can be also used by both good and bad people
The OPSEC manual disturbed by ISIS members warned that, in general, communications on both Android and iOS are only fully secured when all their data traffic is routed through Tor, a distributed anonymizing service that obscures the source of transmissions. It specifically recommended using an Android phone with third party mobile encryption, such as Cryptophone or Blackphone.Apple has already come under fire from the U.S. Department of Justice and Federal Bureau of Investigations for not supporting a "backdoor" mechanism that would give governments open access to communications for surveillance purposes.
New outbreaks of terrorist attacks are being leveraged by the FBI, Central Intelligence Agency and other groups to demand more government access, even though the evidence shows that the terrorists involved commonly weren't using encryption to plot their attacks. The primary use of citizen surveillance in the U.S. targets the use of drugs and guns, noted a report by The New York Times.
Apple's chief executive Tim Cook has repeatedly maintained that adding "backdoors" to allow American or other western government agencies to surveil users is ignorant, shortsighted policy.
"To protect people who use any products, you have to encrypt," Cook told the Telegraph in an interview earlier this month. "You can just look around and see all the data breaches that are going on...we believe very strongly in end to end encryption and no back doors."
Cook warned that requiring companies to add backdoors could have "dire consequences," saying that "any backdoor is a backdoor for everyone."
"If you halt or weaken encryption, the people that you hurt are not the folks that want to do bad things. It's the good people. The other people know where to go" - Tim Cook
He added, "It's not the case that encryption is a rare thing that only two or three rich companies own and you can regulate them in some way.
"Encryption is widely available. It may make someone feel good for a moment but it's not really of benefit. If you halt or weaken encryption, the people that you hurt are not the folks that want to do bad things. It's the good people. The other people know where to go."
Despite recognizing iMessage as a secure tool, the OPSEC obtained and distributed by ISIS members shows that Cook's statements are true. The majority of ISIS terrorists are already using open Android devices that are cheap and disposable, and can side-load homegrown encryption apps, if and when they bother to use encryption at all.
Comments
Gizmodo: APPLE SUPPORTS TERRORISM
Just because evil people use a tool, it doesn't mean anything is wrong with the tool.
So true but there are those who will surely twist the facts. Some post right here on AI.
Gizmodo: APPLE SUPPORTS TERRORISM
"If you see a Muslim with an iPhone, arrest them.” Donald Trump
"If you see a Muslim with an iPhone, arrest them.” Donald Trump
"Muslim shouldn't be allowed to buy iPhones." Marco Rubio
It's an even playing field.
Why can't the f*cking government security agencies just do their job without somebody else doing it for them. I can't believe they are that dumb.
If you create a back door then the agencies get to spy on all the innocent people except the terrorists who will build their own encrypted networks.
Who gets the key to the back door? The US? The Brits? The Russians? Most certainly the Chinese... Who is allowed to spy on who? WTF?
"If a Muslim uses an iPhone to commit acts of terror, we should prosecute the manufacturers." - Hilary Clinton.
If governments such as the US help commit acts of terror, then we should prosecute them. That would include Bush, Cheney and company, since they ultimately created ISIS and I think Hilary Clinton probably has helped directly or indirectly helped.
"If a Muslim uses an iPhone to commit acts of terror, we should prosecute the manufacturers." - Hilary Clinton.
What basis in reality is there for your comment? Republican candidates have actually endorsed the idea of rounding up Muslims and branding them like the NSDAP did in Germany in WWII.
When has Hillary suggested anything about suing manufactures over terrorism? That idea comes from Manhattan's District Attorney Cyrus Vance Jr., who isn't running for president.
"When iPhones are outlawed, only outlaws will have iPhones..."
(or something like that)
The notion that data inside our brains might be available for inspection is going to one day be a public policy debate. Better to start that debate now, with our mobile phones and the very personal data they encrypt, acting as a proxy for our minds. I know which side of that debate I fall on; a person should have the right to private thoughts, those he/she chooses not to share with the world.
The fact that some of our thoughts are held in silicon rather than our neurons should make little difference. I say our personal devices should be seen as an extension of our minds, sacrosanct from forced inspection.
This. Is. A. Scam.
All they have to do to get what they want, is provide fake information on terrorism to get anything they want.
Evil people use guns therefore there is something wrong with guns!
Shitty analogy.
The main purpose of a gun is to kill- that's the entire point.
The main purpose of an iPhone is not to kill things.
So, Terrorists use guns... Lets ban guns... Lets see if the NRA would be all for that..
"Muslim shouldn't be allowed to buy iPhones." Marco Rubio
Only white mass murderers, which is 90% of them, should be allowed their use... (sic)
What exactly does Islam say about infidel technology? It's a stupid superstitious cult, that should be grounds enough for not getting access to computers.