Stories about the technical proficiency of the Islamic State are abound, and it looks like the terrorist group is far more competent than the average person. US researchers have managed to obtain what appears to be an ISIS cybersecurity manual, which details methods for avoid online detection and staying safe on the internet.
Researchers from America’s West Point military academic uncovered the terrorist operational security manual from ISIS forums and chat rooms; where it was shared among the members of the group. Interestingly, it appears that ISIS has adopted their methods from a guide written by a Kuwaiti security firm. The guide was originally intended to keep the identities of journalists and political activists in Palestine safe, but now appears to be serving other uses as well.
The advice provided is unsurprisingly very complete, with handy information on what messaging and emails services are the most secure. It also provides would be terrorists with tips on securing their online accounts by using strong passwords and avoiding websites of questionable legitimacy.
Other information involves keeping terrorists updated about which phones (Blackphone is supposedly the preferred brand) and ensuring that everyone uses TOR to mask their location. There is also a warning about EXIF data stored on pictures, and ISIS members are reminded to turn off location data for all mobile devices. In other words, doing what any privacy minded individual would do.
Fortunately for companies like PlayStation and Whatsapp, there is no mention of using either of these services for communications. PlayStation was unwittingly dragged into the conversation when the Belgian Communications Minister candidly implied that it was used by terrorists for planning attacks.
Whatsapp, on the other hand, has long been at the centre of the encryption debate; with US policymakers arguing that encrypting messages would allow terrorists to hide. Interestingly, ISIS members are warned against using Whatsapp because the encryption used is not secure enough.
The original 34-page ISIS OPSEC manual was written in Arabic, although Wired has uploaded a version that has been put through Google Translate. It’s not exactly accurate, but the gist of what is being said can still be read for anyone curious about how terrorists go about hiding on the internet.