How Terrorists Communicate

One of the first questions many security experts had about the Paris terrorist attacks was: How is it possible that such a well-planned and coordinated attack could fly under the intelligence radar? The answer to this question was quite surprising. It was, according to some in the intelligence community, that they had too much intelligence.

Most security experts might question whether too much intelligence is, in fact, possible. It’s sort of like being too happy. The real answer was probably that they had too much of the wrong intelligence. Terrorists and other subversives have long ago figured out that they were being observed in all the normal ways. They long ago realized that, if they didn’t want to be caught, they would have to pursue unique ways to circumvent observation. On the other hand, governments have no choice but to keep monitoring normal communication channels, such as Twitter and Facebook, because you just never know. In addition, they must monitor every new method of communication that has the potential to be used by terrorists. In short, they really are overwhelmed with data.

For some, it may have come as a bit of a surprise when it was posited that the Paris terrorists might have used Sony’s Playstation 4 to communicate, even though this story was later retracted. Is this even possible? Not only is it possible, but it would be a difficult medium to monitor effectively. There are numerous games, chat rooms, and messaging boards that could be used. This simply shows that there are, and always will be, novel ways to communicate that are difficult, if not impossible, to monitor. In the end, the best governments can do is stay one step behind those trying to hide their communications, and one step, in these cases, is much too far.

Actually, the most difficult communications to monitor are old-fashioned analogue ones. By this, I mean face-to-face conversations. Certainly, unless your terrorist group has been infiltrated, no one is going to be able to monitor these. You may also notice that many of these terrorist cells are formed of family members and relatives. This increases the trust factor. After all, if you can’t trust your family members, who can you trust? There clearly must be an all-pervading sense of paranoia among those involved in such plots. All risks need to be avoided. However, there must be times when they need instructions or information from outside of their group, and the Paris terrorists certainly needed some form of communication to coordinate their attacks in geographically separated locations. This is probably why they all appeared to have had cell phones in their possession.

The only reason that these particular terrorists would have needed technology to communicate with individuals outside of their geographic area (apparently a Belgian neighborhood) would have been to get expert instructions and advice. Nonetheless, even Bin Laden was reduced to using trusted, human couriers to transfer information. Maybe these terrorists did the same. However, if they did have to rely on technology to launch their coordinated attack, they would most likely have had to use some sort of encrypted communication. The latest version of the Apple iPhone would be good for this as it automatically encrypts all messages with keys only available to the user. As far as I know, the brand of cell phones found with the terrorists was not reported. If they were only using the phones to launch the attack, they could have used any disposable brand because the communication would be too close to the time of the attack for authorities to undermine it.

Those who want to remain hidden have a number of other communication options at their disposal. There are numerous chat apps that come with encryption, for example. Some are more secure than others. WhatsApp offers encrypted communication but it has, unfortunately, recently had its encryption compromised. Probably the best way to communicate without detection would be to use the Tor browser with TorChat. The Tor browser would hide a person’s location and TorChat would allow for encrypted communication and file transfers. Nonetheless, it was recently found that the Tor browser was compromised by the Massachusetts Institute of Technology and the Qatar Computing Research Institute. More recently still, a report surfaced that the FBI paid Carnegie Mellon University $1 million to help them crack Tor’s anonymity. Since that time, Tor has purportedly fixed the vulnerability, yet, if a terrorist wanted guaranteed anonymity, such news stories as these may make them shy away from using Tor.

The above information ignores one key factor. Most of these terrorists are (how can I say this in the most politically correct manner) stupid. The alleged ‘mastermind’ of the Paris attack, Abdelhamid Abaaoud, left a smartphone behind in Syria with unencrypted photos and videos on it. He also had had a previously planned attack on the Belgian police undermined for the same reason. He didn’t use encryption. The attackers’ safe house was found by analyzing a discarded smartphone which let them track its previous locations. The reason these ISIS terrorists use a variety of messaging apps is because they lack the understanding of why some encryption is better than others. Their tendency to brag about their accomplishments on certain web sites leaves those web sites open to monitoring. In fact, their own hubris often leads them down the road to blundering and exposure.

However, probably the stupidest move ISIS made was distributing a manual on how to communicate safely online. This manual, based on one originally developed by the Kuwaiti security firm, Cyberkov, gives information on which apps to use, what smartphones are most secure, which browsers to use, and what email services are safest. In other words, it gives anti-terrorist teams a guide on where they should concentrate their surveillance efforts. Thanks ISIS. (You can find a Google Translate version of the manual here.)

However, there is one area of communication in which ISIS and other terrorists groups, like Al Qaeda, seem to excel. This is an area known as steganography. Steganography is the technique of digitally hiding messages within other digital files. A secret map of an attack plan could be hidden in a picture of a cat, for example. Steganography makes it possible to leave such messages on publicly accessible web sites and no one, except those who have the necessary decoding programs, will be able to tell that a secret message has been posted. There may be a key word in the title of an image or some time stamp that would alert those for whom the message is intended to pick it out of hundreds of other similar images. As one writer on the topic has noted, “for an investigating officer detecting steganography is a nightmare. There is absolutely no record to show that the sender and the receiver had ever communicated. They do not exchange calls or emails.”

What makes steganographic messages more difficult to detect is that there are so many programs available to use for this purpose, each of which can do something different. Many of these are free. If you and the sender don’t share the same program (decoding algorithm), it is difficult, if not impossible, to determine what the secret message is. The bottom line is that just about any type of digital file can be hidden in any other type of digital file.

Image files, because of their relatively large size, are often used for hiding messages. There is no way a person can see the difference between an original image and the same image with a hidden message in it. Even analyzing the properties of the two images will give you no clues. To those unfamiliar with steganography, this may sound impossible. In fact, I also had doubts, so I created my on steganographic image.

To avoid the possibility that an image I chose could have been previously altered, I used my own photographs. I used a free stenography program called Xiao Stenography for no particular reason. There were some limitations in the program. I had to change the original jpg file into a bmp file. Below, you will see the original bmp file on the left and the file with the secret jpg file within it on the right. (WordPress does not allow bmp files so I had to do a screen capture on this.)

steg image

You will not see any differences. However, within the right image is another image. I purposely chose one that was completely different from the original and one that I thought might be detectable. Here is that hidden image.

IMG_2754

You’ll simply have to take my word for it that this image is hidden in the right photo. Simple analysis of the properties will show no differences. However, I did find that archiving the two files as rar files found a difference. The original can be compressed to 19.3 mb, while the one with the hidden image could be compressed to 19.6 mb, showing that the two files are only identical on the surface. The bad news for investigators is that they do not usually have access to the original file.

One limitation of the Xiao software is that only image files and wave files can be hidden in the bmp image. In other words, I could have left an audio message. However, if I really wanted to leave a written message, I could have just added text to an image file. I also have the option of protecting any hidden message with a password or encryption to make things even more difficult for investigators.

Clearly, anti-terrorist agencies must be working overtime on ways to detect files that contain hidden images. The FBI published an in-depth look at steganography and steganographic detection in 2004 and much of the information in it remains valid today. Now, however, the focus seems to be on steganography search engines; search engines which can determine which images, for example, have the highest probability of containing hidden messages. Of course, the hidden messages would then have to be deciphered.

The recent Black Hat Europe conference seems to indicate that steganography is becoming a more popular way to deliver malware, as if we didn’t have enough troubles. In any event, there now seems to be even more incentive to come to grips with this particular communication channel. At the moment, this seems a long way off. Until that time, traditional monitoring and dependable ISIS blundering remain the investigators’ best weapons for thwarting terrorist plans.

 

 

 

 

 

About Steve Mierzejewski

Marketing consultant for InZero Systems, developer of the next generation in hardware-separated security, WorkPlay Technology. I've worked in Poland, Japan, Korea, China, and Afghanistan. I'm a writer, technical editor, and an educator. I also do some work as a test developer for Michigan State University.
This entry was posted in Uncategorized and tagged , , , . Bookmark the permalink.

3 Responses to How Terrorists Communicate

  1. Pingback: Facebook Messenger and Linkedin Users: You are Being Targeted | Secure Your Workplace Network

  2. Pingback: Facebook Messenger and Linkedin Users: You are Being Targeted – "What You Talking About Willis?"

  3. Pingback: Hammertoss: The Russian Government Malware that Uses Twitter to Steal Information | Secure Your Workplace Network

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s