Analysts Reveal Arsenal of Cyber Tools Used by Islamic Terrorists

Jihadist groups use a variety of digital tools and online services that allow them to maintain a strong online presence, while also helping them remain undetected by adversaries, a recent report from Flashpoint reveals.

In a new report (PDF) called Tech for Jihad: Dissecting Jihadists’ Digital Toolbox, the intelligence firm reveals the findings of an analysis of the tools employed by various jihadist groups, including the Islamic State (also known as IS, ISIS, ISIL, and Daesh).

According to the report, the online activity of these groups remains relatively unknown to the general public, although their use of social media has attracted significant attention over the past months.

Overall, Flashpoint provided analysis of 36 specific tools and services used by radical Islamic terrorist groups.

According to Flashpoint, which recently raised $10 million to expand its business, Jihadists use complex ways to maintain robust yet secretive online presences, given that confidentiality and privacy are paramount to their survival. However, the report also points out that mainstream communication applications do not offer the sophistication these groups require for their security needs, meaning that jihadists are constantly forced to seek alternative ways to communicate.

Some of the tools and tactics used by these groups in their operations include secure browsers, Virtual Private Networks (VPNs) and proxy services, protected email services, mobile security applications, and encrypted messaging services. On top of that, they employ mobile propaganda applications designed to help supporters disseminate and view propaganda with greater ease, speed, and accessibility.

Highly secure browsers such as Tor Browser and Opera allow jihadists to operate online clandestinely without divulging their IP addresses and risking third-party surveillance, while the use of VPNs such as CyberGhostVPN and F-Secure Freedome, along with proxy services, help them further obfuscate their identities during online activities.

The use of protected email services prevent intelligence agencies to monitor actors, and jihadists are leveraging these services too, because they offer security features such as end-to-end encryption and temporary, anonymous account capabilities. The protected email services preferred by jihadists include Hush-Mail, ProtonMail, Tutanota, GhostMail, and YOPmail.

These groups also use specialized mobile applications to enhance security on smartphones, including Locker, FAKE GPS, D-Vasive Pro, AMC Security, ESET Mobile Security, and many more, Flashpoint reports. Some of these apps are also meant to ensure increased device performance and longer battery life.

Over the years, terrorist groups have expanded their online presence through the use of social mediaand jihadists have increasingly turned to encrypted messenging tools to communicate. The Telegram app appears to be their top choice currently, despite a broad range of similar apps and services also available. Threema, WhatsApp, and Asrar al-Dardashah are also among the jihadists preferred apps.

 “In order to both gain popularity among potential supporters and instill fear in their adversaries, jihadists need consistent channels through which they can release propaganda, and technology is crucial for this,” said Laith Alkhouri, a co-author of the report and the Director of Middle East/North Africa Research and a co-founder at Flashpoint. “Jihadists’ reliance on technology for survival is a proven, powerfully motivating force, pushing the community to constantly learn, adapt, and advance through various technological tools.”

In April, Flashpoint released a report which concluded that the cyber capabilities of the Islamic State and its supporters are still relatively weak and appear to be underfunded and poorly organized.

Last summer, the FBI warned U.S. lawmakers of the challenges in monitoring encrypted online communications among Islamic State terrorists, while calling for new laws requiring technology firms to provide backdoors to decrypt messages among jihadists.

In April, U.S. Defense Secretary Ashton Carter said the U.S. Cyber Command (CYBERCOM) was working to destroy the Islamic State group’s Internet connections and leave the jihadists in a state of “virtual isolation.” 

Related: ISIS Cyber Capabilities Weak, Poorly Organized: Report

Related: US Military Conducts Cyber Attacks on IS

*Ionut Arghire contributed to this report

view counter

For more than 10 years, Mike Lennon has been closely monitoring and analyzing trends in the enterprise IT security space and the threat landscape. In his role at SecurityWeek he oversees the editorial direction of the publication and manages several leading security conferences.

Previous Columns by Mike Lennon:

Tags: