User Of Pro-Islamic State (ISIS) Encrypted Chat Warns Against Trusting Infosec Advice From Jihadi Forums, Recommends Encrypted Messaging Apps Rather Than Email

February 1, 2024

On January 26, 2024, a user of the Islamic State (ISIS)-operated Rocket.Chat server published a post warning against trusting technical and information security (infosec) guidance published by anonymous online jihadis.

The user previously claimed to be an ISIS insider who was involved in the organization's official media activity in its capital of Raqqa, Syria, prior to the city's capture by the Syrian Democratic Forces (SDF) in 2017.

Infosec Guidance On Jihadi Forums Is Unreliable

The user wrote that reliable technical information can only be found in English-language scientific publications, and that one should not take advice from unknown sources on a jihadi forum. He noted that the "enemies of Islam" have more knowledge in this field, and advised other ISIS supporters that jihadi forums are only useful for getting news about the group, since that is the only information coming from ISIS "directly".

Recommendation To Avoid Email In Favor Of Encrypted Messaging Apps

In a January 11 post, the user provided some of his own infosec advice. He encouraged supporters to use encrypted chat software rather than email to communicate. He recommended communicating using the OMEMO extension to the Extensible Messaging and Presence Protocol (XMPP), such as the Conversations app, or the Gajim messaging app together with OMEMO on Linux or Windows operating systems, adding the caveat that he never recommends using Windows.

For those who must use email, the user recommended less popular services such as Tutanota or, advising supporters to regularly change their accounts and switch providers. For "high security" activities he advised using open-source peer-to-peer (p2p) encrypted messaging apps at appointed times coordinated by the parties communicating and reminded supporters to hide their IP address.

The user noted that "if you have only a mobile phone then you can get no real security," adding that if one breaks the phone's camera and removes its microphone, it can be used to communicate via TOR together with Jami, Trifa, or other encrypted p2p apps. However, if one of the parties is arrested, law enforcement will be able to surveil the other by following the communication path.

In December 2023, the user published a post in which he criticized the pro-ISIS media group Electronic Horizons Foundation (EHF) and accused it of violating official ISIS directives and promoting unsecure apps, while detailing some of the security measures official ISIS media operatives in Raqqa allegedly took.

The full text of this report is available to MEMRI Jihad and Terrorism Threat Monitor subscribers.

Subscription information is available at this link.

JTTM subscribers can visit this page to view the report.

Jihad and Terrorism Threat Monitor

JTTM subscribers receive daily updates on imminent and potential threats posed by terrorists, extremist organizations, and individuals worldwide.
For subscription information, click here

Share this Post:

Help Fight Extremism - Support MEMRI

MEMRI is a 501(c)3 organization. All donations are tax-deductible and kept strictly confidential.