The commercial Internet has always been a diverse dangerous neighbourhood, with its fair share of malicious actors and dangerous characters. In recent years, though, it has gained a new voice – an anti-western version of the jihadi movement.
To vast numbers of peaceful muslims, jihad means ‘exerted effort’ and can be interpreted simply as a means of changing or bettering oneself. Some more aggressive groups have interpreted it as a form of holy war against the west. We’ve seen the appalling results in the headlines.
Julie Gommes spends her time studying how these latter groups communicate. Increasingly, they’re doing it online.
A cybersecurity consultant at DEVOTEAM, Gommes first became interested in how jihadists were using electronic communication tools when teaching a university course in Egypt in 2009. She became interested in cryptography in 2011, and has been monitoring jihadist communication techniques ever since.
If there’s one overriding trend in the use of online communication by aggressive jihadists, it’s velocity. It has evolved “crazy fast,” explained Gommes, who documented around 28 jihadist websites globally in 1997. “In 2005, there were 5,000 web sites, and in 2015, there are more than 20,000,” she added.
Another significant development has been in social media.
“They stayed for a long time using video and old-school communication,” said Gommes, speaking from Paris. “They arrived really late on social networks. It was like an explosion at the beginning in 2014.”
The majority of jihadist Twitter accounts (78%) use Arabic, with the rest scattered between English and French, she said.
The crazy, the anti-western and the technically savvy
Gommes divides aggressive jihadist crypto users into three main groups. “The first are crazy religious people, using really bad tools,” she said. The French slang for them translates loosely to ‘coded with feet’. “You can sell anything to them,” she suggests, adding that these actors are based largely in the middle east.
The second set are vehemently anti-western, and therefore use home-rolled cybersecurity tools as much as possible. These groups are more global, she suggested.
Finally, there are more sophisticated groups that use conventional, well-established tools. “They’re using traditional tools used by hackers, because they’re sure that’s working,” she said. Tor, web proxies, Pidgin messaging, and operating systems like Tails feature heavily in their toolsets, she explained.
Online forums are a distinct part of the communication system for holy war-style jihadism, but some reports suggest that for particularly sensitive communications, tools such as the open source crypto tool TrueCrypt come into play.
For an in-depth account of what these communication chains look like, check out the Reply All podcast’s interview with New York Times journalist Rukmini Callimachi, who also spends her time tracking these people. She gives a fascinating account of the difficulty that ISIS players in particular sometimes have in getting their OPSEC to work properly.
The crypto back doors
Gommes’ research into terrorist encryption couldn’t be more timely. In the US, politicians have been pushing for legislation that would have forced technology companies to implement encryption back doors for their own products, following the spat between Apple and the FBI. The Cupertino-based firm refused to help the feds break into an iPhone owned by one of the attackers in the San Bernardino shootings earlier this year, citing a need for customer privacy.
The US legislation was narrowly voted down in the Senate, although lawmakers are seeking for a review. Gommes’ native France is also pushing for similar measures.
This marks the latest turn in a long, tense battle over encryption between governments and technology companies. France has a chequered history with encryption. In the 1990s, the country had strict laws that essentially outlawed the use of strong crypto unless permission was explicitly granted.
In the US in 1993, the Clinton government tried to introduce the Clipper Chip, a crypto chip with a backdoor, created by the NSA, which would have been mandatory in certain communication devices. It failed after strong opposition from the tech sector. Then, there was the battle between Phil Zimmerman, the creator of the encrypted PGP communications protocol, and the US government, which viewed crypto as a munition and wanted to prosecute him for publishing it on Usenet, in a place where overseas actors could get it. The case was dropped.
Why are governments so antsy over encryption? By viewing it as a weapon, they force themselves to participate in an arms race. Consequently, they must stay ahead in that race. But even though she sees militant jihadists use it on a regular basis, Gommes is no fan of encryption back doors.
“I think that privacy must be respected, and I think that is maybe more important than security. You can’t have privacy, you can’t have your own life, you can’t be different in a world without privacy,” she said. “We have intelligence with lots of powers in our countries and I think that they can do their job without back doors.”
Ultimately, having countries that address these issues with local legislation miss the bigger point, she warned. “The Internet is global,” she concluded. “It’s not my French Internet, or your American Internet.” What’s needed is some big picture thinking.
Julie Gommes will take a deep dive into jihadist crypto and tech culture in her talk at the SecTor conference in Toronto this October 17-19 at the Metro Convention Centre. Register here to hear her talk, and more.