print
memri
May 17, 2018 No.
160

Western Governments Fail To Address Cyber Jihad And Terrorist Use Of Encryption – Which Has Moved From American To European Platforms

The following is an op-ed by MEMRI Executive Director Steven Stalinsky that was originally published in The Wall Street Journal on April 12, 2018.


Right now Islamic State and its followers around the world are using mobile devices to choose targets, discuss methods and timing, and even raise funds. With the aid of encrypted messaging apps—most of which are developed by Western companies—these terrorists can communicate fully out of sight of intelligence and law-enforcement agencies. The murders of countless innocent people have been planned this way, and most Western leaders seem unsure about how to stop it.

Counterterrorism officials are overwhelmed by the sheer number of potential terrorists using these apps on mobile devices. They are further handicapped by their inability to access the encrypted information, which could help them stop attacks. In a January speech at the International Conference on Cyber Security, FBI Director Christopher Wray called the threat from terrorist use of encrypted apps "an urgent public safety issue." He revealed that, as part of lawful investigations, the FBI had tried and failed to access encrypted information on nearly 8,000 devices in 2017. Appealing to the technology sector for help, Mr. Wray said: "I'm open to all kinds of ideas, because I reject this notion that there could be such a place that no matter what kind of lawful authority you have, it's utterly beyond reach to protect innocent citizens."

In response, Sen. Ron Wyden (D., Ore.) wrote a highly critical letter. He called Mr. Wray's speech "ill-informed" and damaging to America's security, economy and freedom: "Building secure software is extremely difficult . . . and introducing vulnerabilities would likely create catastrophic unintended consequences that could debilitate software functionality and security entirely."

Terrorist groups play close attention to these debates. They learn from Western leaders' words and actions and adjust their behavior accordingly. Many groups rely on secure communications for maintaining their global networks and recruitment efforts. ISIS members, affiliates and sympathizers are constantly sharing information, tutorials and recommendations about encryption. Over the past year, jihadist propaganda operations such as the Al-Hayat Media Center and the Al-Naba newsletter have published how-to articles on encryption.

The number of encryption apps used and experimented with by terrorist groups is constantly increasing. Many of the companies responsible for developing and disseminating these apps are based in Europe, where officials have been quick to criticize American social-media companies like Facebook, Twitter and YouTube for hosting terrorist content. These same officials have been notably slow in addressing the terrorists' affinity for platforms based in their own countries.

Telegram, currently the terrorists' app of choice, states on its website that most of its developers "originally come from St. Petersburg," but "had to leave Russia due to local IT regulations." In recent years, Telegram "has tried a number of locations as its base, including Berlin, London and Singapore." The company is now based in Dubai until "local regulations change." Telegram CEO Pavel Durov earlier created the popular Russian social-media platform VK, which offers its own internal encryption setting and is widely used by Russian-speaking jihadists.

The editors of the online English-language jihadist magazine Al-Haqiqa accept reader comments and suggestions via Tutanota, a Hannover, Germany-based encrypted email platform. Switzerland-based ProtonMail, which brags that its encrypted email service is "NSA-proof," is frequently used by the pro-ISIS hacking group United Cyber Caliphate.

In 2016, five ISIS-linked terrorists used Threema, another Switzerland-based encrypted app, to plan an attack on a bakery in Dhaka, Bangladesh, that left 29 people dead. The suicide bomber who killed 22 and injured more than 500 at a May 2017 Ariana Grande concert in England used the Austin, Texas-based encrypted app Zello to communicate with his ISIS handlers. Before being killed by a U.S. drone strike in Syria, the 21-year old ISIS hacker Junaid Hussain reportedly used the encrypted Canadian mobile messaging app Kik to coordinate cyberattacks on Defense Department computer servers.

After the 2015 mass-shooting attack at the Inland Regional Center in San Bernardino, Calif., the FBI sought to force Apple to help it unlock an iPhone belonging to perpetrators Syed Farook and Tashfeen Malik.[1] That spawned a debate about terrorist use of encryption technology, which has since gone global. Even as Silicon Valley social-media giants are cooperating with government officials to help keep bad actors off their platforms, a new generation of messaging services based outside the U.S. are—wittingly or unwittingly—catering to the terrorists' need for electronic secrecy.

In a world of increasingly cyber-savvy terrorist threats, the developers of encrypted apps for mobile devices need to take greater responsibility for the uses to which their technologies are being put. At the same time, Western leaders need to find ways to work productively with the developers of encrypted app technology to help keep their citizens safe. The FBI can't do it alone.

Mr. Stalinsky is executive director of the Middle East Media Research Institute and author of "American Traitor: The Rise and Fall of Al-Qaeda's U.S. Born Leader Adam Gadahn."

 

[1] Technically, the iPhone was issued to Syed Farook by his employer, the county public-health department, which consented to allow the phone to be searched and to obtain Apple's assistance in the matter. The Washington Post, February 17, 2016.