All posts from Retirely
Retirely in The things you own end up owning you,

How Terrorists Communicate – Dark Web

The horrific attacks in Paris have highlighted the increasing difficulties that western intelligence agencies are experiencing when tracking terror groups across the globe that are increasingly using sophisticated digital techniques to communicate and orchestrate mass attacks on civilians. Many believe that whistleblower Edward Snowden should shoulder some of the responsibility for the loss of life in the recent Paris attacks now that terrorists are using what they learned from his revelations having developed a much better understanding of exactly what governments can and cannot monitor.

Tor (an acronym for The Onion Router) is a web browser that is often referred to as the more sinister sounding deep or dark web, the part of the Internet that is not indexed by search engines such as Google and that encrypts connections to prevent governments or corporations from tracking any web activity.

The exact differences between the dark and deep web are complex. Chilling headlines will point out that over 90% of the information on the Internet is off the radar, though not all of it is used by criminals and terrorists.

Much of this large amount of inaccessible content consists of corporate intranet sites, academic research archives, medical records or databases that everyday browsers such as Chrome, Firefox or Internet Explorer are unable to access. It is important to recognize that not all aspects of this part of the Internet represent a virtual black market where criminals promote their ill-gotten gains.

The encrypted communications that enable terrorists to recruit, radicalize, plot and plan future atrocities are very often carried out using more familiar tools such as WhatsApp and iMessage that allow messages to be locked down and instantly erased without the authorities seeing anything. Intelligence officers have discovered encrypted messages being left on ebay where goods are offered for sale. Terrorists are leaving hex characters and prime numbers as secret codes to communicate on Reddit message boards. Chats that appear harmless are hardly that. Terrorist groups seem to have cryptologists with mastery of steganography, a highly specialized skill that allows them to hide files, messages, images, articles, shopping lists or videos within non-secret content on the vast digital Internet. Intelligence officials have found regular image files where the color of every 97th pixel was altered to match a particular letter of the alphabet.

In situations where encryption may not be possible such as for example on an insecure channel, terrorists have been using techniques such as Chaffing and Winnowing. For those of our readers that have grown up on a farm or have some knowledge of agriculture, you will recall how the grain remains mixed up with the gristly chaff even after it has been harvested and threshed, to then be separated by a process called winnowing where the chaff is thrown away. In digital communications, such a technique allows the sender to send a message without encryption, basically as readable text with the receiver and sender sharing a common secret key they use for verification. In this method, the confidentiality of the message is secured by a third person who concurrently sends an expressly manufactured message through the same channel as the sender.

It is not my place to discuss the various encryption technologies since I am no expert. Suffice to say that Governments are now hiring highly specialized encryption experts including linguistic specialists to make sense of the surge in online terrorist communication activity that seems to be going undetected. For many countries electronic warfare against cyber attacks is at the core of their counter terrorism strategy.

The finger of blame for our inability to track terrorist communications should not be pointed solely at technology in the same way that paper shredders couldn’t be blamed for damaging national security several decades ago.

The biggest problem is that our modern Internet communications are evolving quickly and outpacing the laws that allow governments to intercept lawful content. Leaders such as UK Prime Minister David Cameron appear both naive and foolish by announcing a desire to ban encryption, something that is not only impossible but also promotes the bizarre theory of protecting our freedom by taking it away.

A letter signed by technology industry leaders and advocacy organizations such as Google, Twitter, Facebook, Microsoft, Apple, Dropbox, LinkedIn & Tumblr, was sent to President Obama advising how the removal of security by encryption will actually weaken consumer protection from a countless number of crimes.

The crime scene of the 21st century leaves a trail of digital footprints rather than physical ones and the same tools that protect us are being exploited by those on the wrong side of the law to cover their tracks. I have no doubt that behind the scenes there will be someone looking into building backdoor access to our encrypted data that will also delight and horrify in equal measure depending on your point of view.

The spreading of radicalization on social media is causing increasing concern with a reported 90,000 Twitter accounts being controlled by ISIS to target and recruit young people into a war where hashtags are becoming the new weapons. In fact in a recent analysis by the Brookings Institute, the US and UK are the only two western countries in the top 10 from where the maximum number of Pro-ISIS tweets seem to have emanated.

Over in the UK Theresa May is reviving the so-called snoopers charter that will provide police and spies access to a year’s worth of your web browsing history. This is causing a heated debate between those that are willing to sacrifice their privacy for a slice of protection and those who believe that privacy both online and offline are stalwarts to their freedom.

Meanwhile the group of hackers known as Anonymous have diverted their attention to ISIS by taking down websites, tagging Twitter accounts, locating propaganda videos and infiltrating jihadi forums prompting some to wonder if a hactivist group really could take down one of the worlds deadliest terrorist organizations.

What ever your viewpoint on the rights and wrongs of surveillance and who can or cannot access your data, the one thing that we can all agree on is that it is time for everyone in the world to unite against terrorism. Ironically our biggest weapon against this enemy is our freedom itself.