Spies fighting Islamist terrorists take battle to the web

LONDON – Even as warplanes flown by the United States and its allies try to dislodge Islamic State militants from Iraq and Syria, a less visible battle is under way in remote corners of the Internet.

Since the Islamic State emerged as a powerful military force, the group has proven skilled at using secure communication channels to plot operations and recruit new fighters on the Web. That has spurred intelligence agencies to step up efforts to break encryption codes, pose as would-be terrorists online, and deploy old-fashioned spies to gather information about their digital strategy, security experts say.

Islamic extremists have become increasingly prominent in the online underworld, joining hackers who’ve attacked the likes of JPMorgan Chase and criminal gangs that sell drugs and child porn. Spies are borrowing tactics from the fight against those groups as they seek to disrupt the ability of militants to operate on the so-called ‘Dark Web’ – where they woo adherents, plan attacks, and disseminate propaganda.

“Terrorist groups have only grown savvier over time in terms of communications,” said Juan Zarate, a former U.S. deputy national security adviser and now counterterrorism analyst at the Center for Strategic and International Studies. Readily adaptable, Zarate said, they continue to “explore different techniques to ensure they are not being tracked.”

The U.S. and its allies have had some success in monitoring IS and related groups, according to a senior European government official who asked not to be identified discussing a confidential matter. Nonetheless, the ability of IS to keep its communications secure means that a successful attack on a Western country remains a real possibility, the official said.

Accessing encrypted communications like those employed by IS can be done in a few ways, according to three people familiar with investigators’ tactics who asked not to be identified because of the sensitivity of their work. The simplest involves finding the weakest link in the communication chain.

Publicly available encryption can be extremely difficult to defeat if used correctly, but a single unsecured computer along the way can be used to open up the rest, the people said. Spies are also looking for vulnerabilities in home-made software extremist groups have developed to supplement more widely available programs, and which can be similarly undermined, the people said.

Since IS and its allies use the Internet to recruit new members, another tactic involves agents who pose as aspiring terrorists, said Erin Saltman, a senior researcher at the Quilliam Foundation, a think tank in London that studies religious extremism.

The gold standard, though, is still traditional spycraft, two of the people said: finding agents or informants who can pilfer USB keys, access computers, or otherwise learn the details of encryption systems. In the case of IS, which controls much of Iraq and Syria, that’s difficult but essential, said Nigel Inkster, a 30-year veteran of Britain’s MI6 who’s now at the International Institute for Strategic Studies in London.

“Running agents in and out of that milieu is not easy,” Inkster said. Nonetheless, “intelligence agencies are undoubtedly trying to do just that.” Spymasters are also looking to local opposition groups to supplement on-the-ground eavesdropping efforts, the European government official said.

Like outlaws the world over, IS militants have benefited from Tor, a free browser that lets Web users hide their location and identity. Created a decade ago by the U.S. Naval Research Laboratory to help people in authoritarian countries evade government controls on the Internet, Tor helps ensure anonymity by bouncing traffic around a global network of relays.

“We’d assume Tor is being used by terrorists,” said Andrew Lewman, the executive director of the not-for-profit Tor Project, which maintains the software and says it doesn’t screen users. “Tor is easy to use, and any technology you’ve put out there can be corrupted.”

On top of Tor and tools like Pretty Good Privacy, used for sending encrypted messages, extremists are working hard to build electronic infrastructure of their own. The Global Islamic Media Front, an umbrella organization for Islamist groups, has developed its own encryption programs for PCs and Android smartphones with user guides in English, Arabic, Bahasa Indonesia and Urdu. Free to download and updated periodically, they provide a “weapon for our brothers for continuous communication far from the eyes and monitoring of the enemies,” according to the group’s website.

Much communication happens on password-protected online discussion forums with multiple layers of security, some of which open for new users to register for just a few hours a year, said Laith Alkhouri, who studies militant groups at Flashpoint Partners, an electronic security firm.

On the forums, users can exchange private messages, hang out in chatrooms, and get technical advice from moderators who dispense tips on “what’s good technology and what you should avoid using,” Alkhouri said.

Even though IS’s online sophistication presents novel challenges, governments have gained experience from their efforts to contain more traditional online crime.

Even when criminals take care to mask their location and identity, “a determined investigator can find that you interact in a unique way,” such as the rhythm with which a person taps keys on a keyboard, said Alex Holden of Hold Security, a consultancy in Milwaukee, Wisconsin.

Similarly, in efforts to identify the provenance of images of children being sexually abused, the U.S. government has sought the advice of botanists and ornithologists to identify locations based on background details – skills similar to those the FBI and other agencies have used to identify individuals in IS videos.

So far IS’s technical sophistication has been put to use mostly to evade spying – and not for offensive cyber-attacks like those that China, North Korea, and other governments have been accused of carrying out. That could change as it and other extremist groups become more skilled and see the success of hackers from elsewhere, said Ashar Aziz, founder of security firm FireEye Inc.

“If you have money, which unfortunately is becoming more and more available to these non-state actors,” Aziz said, then such cyber attacks “become another avenue” for disruption.