Pages

Monday, November 23, 2015

The Secret ISIS Cyber Guide Was Actually Just An Arabic Guide For Activists

An image from the original Cyberkov blog post on cybersecurity.

Cyberkov / Via blog.cyberkov.com

SAN FRANCISCO – A Kuwaiti cybersecurity company was startled this week when a guide they wrote to help journalists and activists stay safe online was cited as a "secret ISIS manual" to online security.

Cybercov, a private company based in Kuwait, told BuzzFeed News that they originally published the guide in July 2014, and that it still available on their site with the headline: "Operational security for Journalists, Activists, and Human Rights Workers in the Gaza Strip." Yet last week, news organizations including the Telegraph, Yahoo News, and Wired, published the guide with the headlines touting the secret online protocols used by ISIS. "ISIS' OPSEC Manual Reveals How It Handles Cybersecurity," Wired's original headline read. The Islamist group, it appears, had stolen the text and was circulating it among online activists, known as the cyber caliphate.

"Our guide is based on publicly available tools, instructions and best practices. The guidelines in our manual are sourced from the EFF [Electronic Frontier Foundation] and other sources of privacy organizations," wrote CyberKov CEO Abdullah AlAli to BuzzFeed News in an email. He said his organization had no idea its guide had been repurposed by ISIS. He was surprised to see it cited in articles, many of which have been updated since they were originally posted to note the document's origin, and "even more shocked to see the Combating Terrorism Center at West Point simply Google-Translated it and claimed it as ISIS’s."

A link to a JustPasteIt page with a modified version of the guide was widely circulated by Twitter accounts linked to ISIS in the last few months. It includes tips such as making sure to disable GPS, and avoiding Instagram and Facebook due to their poor track records on privacy. Many of the apps recommended — such as Signal, CryptoCat and RedPhone — are those which privacy advocates and civil liberty groups in the U.S. also include on their list of secure communication programs.

Since ISIS took credit for the Nov. 13 attack on Paris which left 130 people dead and over 350 wounded, Western officials have struggled to explained the intelligence failure which led to a complex attack being carried out on a major European city. American and European officials have blamed encrypted communication networks, which they said ISIS to plan and organize the attack while circumventing law enforcement officials.

In the weeks since the attack, however, it appears unclear that ISIS used any encrypted programs to communicate, including those promoted on their so-called secret guide. The New York Times reports that at least one of the men behind the Paris attacks used Facebook to communicate with ISIS operatives in Syria, and a cell phone found near the location of one of the attacks showed phone calls and SMS messages sent between the attackers on open channels.


via IFTTT

No comments:

Post a Comment