New reports detailing the activities of ISIS, which is responsible for the recent attacks on Paris, Beirut and for taking down a Russian passenger jet, reveal that the organization employs a 24-hour customer support service that can help out with various digital problems its members may have. The same tech-savvy group manning the round-the-clock service from locations around the world also created a manual the describes best-practices ISIS members should follow to thwart surveillance and hide their tracks online.
Counterterrorism analysts affiliated with the U.S. Army told NBC News that the ISIS help desk is staffed by half a dozen senior operatives who have extensive IT experience. These core members have at least collegiate or even masters level training in IT and are helped by “layers of other associates” from around the world. These people can respond to questions in real time and assist with operational support for the various cells in different regions of the world, including Paris.
NBC says the ISIS IT experts stay on top of the many new kinds of security software and encryption as they’re made available, producing materials to train operatives at large. The Combat Terrorism Center, which is an independent research organization at the U.S. Military Academy at West Point, has studies the Jihadi Help Desk closely, producing a report on how it works.
“They answer questions from the technically mundane to the technically savvy to elevate the entire jihadi community to engage in global terror,” CTC’s Aaron F. Brantly said. “Clearly this enables them to communicate and engage in operations beyond what used to happen, and in a much more expeditious manner. They are now operating at the speed of cyberspace rather than the speed of person-to-person communications.”
The CTC obtained more than 300 pages of documents that show the help desk trains in digital operational security everyone from novice militants to the most experienced followers.
As recent events have shown, not all of the attackers involved in the attacks on Paris are technically savvy. One individual tossed an unencrypted, unlocked smartphone in a dumpster near the Bataclan concert hall, allowing French special forces to conduct a massive raid on an apartment building hiding a second ISIS cell operating in Paris. The alleged ringleader of the Paris attacks was reportedly killed in that raid.
A Wired report further details the special OPSEC manual (available at this link) that shows how ISIS members are supposed to handle cybersecurity. Uncovered by Brantly, the 34-page manual contains many tips on how to conceal communications and what online services to use in order to avoid detection.
The ISIS manuals say that its followers should use the Tor browser, the Tails operating system, Cryptocat, Wickr, Telegram and iMessage to chat, Hushmail and ProtonMail for email, RedPhone and Signal for encrypted online communications, and Gmail (but only on fake accounts and when used with Tor).
On iOS and Android, ISIS members are advised to keep using Tor at all times, disable GPS features, and avoid WhatsApp, Instagram and Dropbox. Cryptophone and BlackPhone are also advertised as good choices for protecting chats.
Other tips include using VPNs, choosing strong passwords and avoiding suspicious links.
If these recommendations seem reasonable and sound like something any Internet user should consider in order to guard his or her privacy, that’s because some of them really are useful tips.
“This is about as good at OPSEC as you can get without being formally trained by a government,” Brantly told WIRED. “This is roughly [the same advice] I give to human rights activists and journalists to avoid state surveillance in other countries. If they do it right, then they can become pretty secure. [But] there’s a difference between telling somebody how to do it and then [them] doing it right.”
There’s no trace in the report suggesting ISIS used the PlayStation 4 for communicating, or that it created its own encryption technology to protect communications.