Almost Any Messaging App Will Do—If You're ISIS
Photo: Eduardo Woo/Flickr

FYI.

This story is over 5 years old.

Tech

Almost Any Messaging App Will Do—If You're ISIS

There is no consensus within IS over which encrypted applications to use, whether it be for migration or coordinating attacks.

On July 1, five Islamic State fighters stormed the Holey Artisan Bakery in Bangladesh's capital, Dhaka, ultimately claiming 28 lives in a 12-hour siege. Before IS (ISIS, or Daesh) officially released the claim, the group's 'Amaq News Agency released ongoing updates from inside the restaurant through its Telegram channel.

The first message stated that IS "commandos" attacked the restaurant, which was "frequented by foreigners," and an update minutes later reported that over "20 people of different nationalities [were] killed." 'Amaq then increased the number of casualties to 24 with 40 wounded, and followed up with photos of the bloody scene inside the restaurant.

Advertisement

It was clear that this direct, uninterrupted communication the attackers had with 'Amaq was facilitated by a smartphone app. Five days later, The Times of India reported that the app was Threema, an end-to-end encrypted messaging service.

This reported confirmation of yet another messaging app used in a terror attack echoed other reports from this past year. The Paris attackers are known to have communicated with WhatsApp and Telegram apps prior to their operations on November 13, 2015. Najim Laachraoui, the bomb maker and co-attacker in the March 22, 2016 Brussels attacks, reportedly used Telegram, while fugitives connected to the aforementioned Paris attacks used WhatsApp, the mobile app Viber, and even Skype to talk to IS leaders in Syria before authorities located them.

Bangladeshi police stand guard outside the Holey Artisan Bakery cafe under a hostage siege by armed gunmen in Dhaka, Bangladesh on July 02, 2016. Photo: zakir hossain chowdhury/Anadolu Agency/Getty Images

As IS fighters and recruiters hunt for new followers on social media, they move their discussions to messaging apps, which are often promoted on their social media accounts. These apps, used or promoted by top IS recruiters Neil Prakash ("Abu Khalid al-Cambodi"), Mohamed Abdullahi Hassan ("Mujahid Miski"), and Farah Mohamed Shirdon ("Abu Usamah as-Somali"), include Wickr, Kik, SureSpot, ChatSecure, Telegram, and WhatsApp, among others.

Despite the group's strict enforcement of uniform activity on social media, there is a starkly contrasting lack of consistency in its choices regarding apps. Why?

Discord on Applications

Advertisement

Since the catastrophic expansion of IS in 2014, the terrorist group has been a complex but organized machine on social media—from its long stay on Twitter, temporary stays on lesser-known platforms like Friendica and Diaspora, and its recent exploitation of Telegram. And on these platforms, users demonstrate simultaneous "blackouts," responses, and use of talking points. But when it comes to IS attackers and coordinators' use of encrypted messaging programs, things suddenly get chaotic.

The use of apps by IS fighters, recruiters, and followers has been the group's main method of private communication and coordination in recent years. With an ever-growing menu of encrypted chat programs to choose from, IS-supporting recruiters, tech experts, and fighters have used, endorsed, and warned against almost any messaging app you can think of. However, in this array of messages and activity are contradictions. Though tech-savvy IS supporters have voiced privacy concerns with many of these apps, IS fighters, attackers, recruits, and migrants continue using them.

There is no consensus within IS over which encrypted applications to use, whether it be for migration or coordinating attacks.

Consider the Facebook-owned instant messaging program WhatsApp, which is one of the more popular apps among IS members and recruiters. It was not surprising that even the Paris and Brussels attackers used this app. (Of note is that the aforementioned Paris attack fugitives used the app before it was encrypted—i.e. their communications could have been intercepted.)

Advertisement

Though many such individuals have used and shared their WhatsApp usernames as points of communication in recent years, there has always been a push against the program from within the IS community online. In January, the Twitter account of "Al-Khabir al-Taqni," a jihadi supporter and self-described security expert, ranked 33 mobile messaging applications from unsafe, moderately safe, safe, and safest. WhatsApp landed in the lowest of these tiers along with 15 other programs, all of which Al-Khabir advised against using: "We warn everyone to be cautious to even install these applications on phones…for they pose too great a risk."

Al-Taqni claimed that Whatsapp, along with other programs like Viber, are "unsafe" due to them being closed-source and having "very weak" or no encryption.

Despite all such warnings, IS fighters and supporters continued using the app. For example, in a post dated November 27, 2015, "Shams" (AKA "Bird of Jannah"), an IS migrant and recruiter allegedly from Malaysia, stated that she used WhatsApp even though she was "aware it's not safe."

Even after WhatsApp announced that it would be implementing end-to-end encryption this past April, pro-IS "Muslims Safety Tips," a Telegram channel that focuses on OPSEC-related matters, claimed that other supporters "cannot trust" the program:

Now WhatsApp have updated to encrypted chats end to end….we cannot trust WhatsApp since WhatsApp is the most easiest application for hacking and also one of the social messaging app purchased by the Israeli Facebook program!

Advertisement

Yet, IS recruiters disregard the warning and continue to use the app for migration purposes. This past May, the Telegram channel "Life of a Muhajira," which belongs to a woman who has given an ongoing narrative of her travels to IS from Germany with her husband, stated that while in Turkey, her husband contacted smugglers using multiple programs including WhatsApp. She described her husband pursuing smugglers while they were stranded in Turkey, stating, "My husband tried to get numbers from Brothers who were already there on the internet, more precisely with Whatsapp."

Later in her narrative, she mentioned of her husband's communication with another contact, "He gave my husband his number, they communicated over voice messages in WhatsApp."

Similar discord is seen among IS members regarding other encrypted messaging apps. Among these are SureSpot and Kik, which are widely used by top IS fighters and recruiters. Both of these apps were used by Junaid Hussain ("Abu Hussain al-Britani"), who was known to have communicated with Texas attacker Elton Simpson and Boston jihadi Usaama Rahim.

At the time of his communication with Simpson, Hussain was using Kik for his private communication.

Hussain commenting on attack in Garland, Texas as the event unraveled, indicating his involvement.

A month later, Hussain would urge his followers for attacks in the West, only this time using the Surespot app as a point of contact.

Kik and SureSpot, similarly to WhatsApp, were not recommended for use by tech-focused IS supporters. Warning about the programs were constantly posted by IS users. The OPSEC-focused IS supporter "Abu Suleymaan" had even worse reservations about Kik. On his Tumblr blog, Abu Suleymaan Security News, he wrote:

Advertisement

After a US drone strike killed Hussain in the IS-held Syrian city of Raqqa in August 2015, IS supporters continued voicing even more aggressive concerns about SureSpot. Among the loudest of these individuals was also "Abu Suleymaan," who posted a series of warnings, stating, "Brothers and sisters…It was Surespot that got Abu Hussain killed. Take heed and adopt. This is my last warning. May Allah protect us."

Meanwhile, veteran IS member and recruiter "Qa'qa al-Baritani" refuted such sentiments:

1) Concerning those who say surespot isn't safe and other applications are not safe, we help in hundreds of brothers and sisters using..

2) ..these very same applications you all claim are not safe. The problem isn't the applications, the problem is yourselves!

In May 2015 a British IS fighter published a guide to life under the group, presenting it as a potential-rich experience under a "blossoming empire." In it, the author stated:

The examples are abundant, but the idea is clear at this point: There is no consensus within IS over which encrypted applications to use, whether it be for migration or coordinating attacks.

***

Though it would be reasonable to consider that this encrypted app disorganization might be a tactic to keep government agencies confused, or not to draw attention to one specific program, that's not the reason. We constantly hear that IS and jihadists are urged to use secure communication methods to keep governments in the dark in using different apps. Their priorities, however, are much more geared toward individual circumstances and, at times, convenience.

The main difference between apps and other means of online communication is the fact that all members of the cell must be able to use the same app. When in the past Al-Qaeda and other jihadi operatives used emails for communications, they could send messages across Yahoo, Hotmail, and other email providers. They can still send/receive emails despite the usage of different email providers. However, using apps requires all the other cell members or operatives to use the exact same app.

The requirement makes matters even more complicated when you look at the IS cells operating in different locations in the world, as not all the same apps are used (or sometimes even available) in all countries. While WhatsApp remains the most popular app in countries like Germany and Britain, Facebook Messenger remains the most popular in countries like the US and Australia. Some governments even attempt to block certain programs by working with local internet service providers, which can regulate how residents connect to the internet. (Though this doesn't always work; Bangladesh had reportedly banned Threema to no apparent effect given its reported use in the Dhaka attack).

Considering these variables, along with fugitive terrorists' use of Skype and (then-unencrypted) WhatsApp, how "safe" or well-fitted an encrypted messaging app is to jihadi communication seems like a secondary concern to IS.

This any-app-will-do tendency by IS and its minions adds further complication to fighting terror in the age of smartphones, not to mention a bit of a wrench into already-empty arguments for regulating encrypted messaging platforms. As IS evolves, adapts, and wreaks havoc, it keeps getting clearer: The digital world is too complex for cheap, ineffective solutions like backdoor access to messaging programs and regulated internet access. If IS' any-app-will-do approach to communication teaches us anything, it's that we need to look a lot more at what's happening in broad daylight to better understand what's happening in the places we cannot see.