No, this is not operational guidance for ISIS terrorists to use encryption
There have been some tweets suggesting that ISIS is directing their Belgian operatives to use “encryption” to protect against the impending crackdown. This is not true. Additionally, the advice is extremely low quality, not actionable, self contradictory and of dubious value at best.
Bottom Line Up Front
- The target audience is probably other ISIS fanboys in the jihobbiest community, and seems almost certainly not actual terrorist operatives.
- The OPSEC content is confused, mangled, and regurgitated privacy manual dogma, with little to no understanding of the threats it mitigates (a hallmark of ISIS jihobbiest security advice.)
- The author is apparently ignorant of how the police operate and think, or the threats ISIS operatives face.
ISIS Tech Support To The Rescue
The origin of the jihobbiest advice is an “ISIS tech support” Telegram channel.
IS tech support team calls for "brothers in Belgium" to use encryption, and "stay away from social media" pic.twitter.com/QONYS9Y2NN
— Michael S. Smith II (@MichaelSSmithII) March 22, 2016
These channels are for jihobbiest ISIS fanboys and are not used for operational control or guidance.
This advice is for an audience of ISIS supporters, not ISIS operatives.
Encryption. You keep using that word…
The author tells their audience to avoid accessing the Internet unless they are using “encryption Software[sic] — (Tor — i2P — VPN).” These tools — Tor, I2P, VPNs — mask the user’s IP address. They do not provide end to end encryption. They are privacy and anonymity tools, not encryption tools.
These are not encryption tools. These are privacy tools. This fundamental error should raise a red flag for any reader, indicating that the is author ignorant of the subject matter.
Evidence and what to do with it.
The author tells his bros they must do something with their “jihadies[sic] files.” Either encrypt them (with what?) or delete them with an anti forensic file erasure tool. Destroying evidence before it is seized is generally good practice for criminals, but here the author can’t even decide on what course of action to take.
The “jihadies[sic] files” mentioned here are magazines, manuals, pamphlets, videos, audio files, and other jihadist literature. The aspirational jihadi lifestyle magazines that the jihobbiests habitually collect, along with other jihadi related propaganda.
Lay low. Run away. Keep quiet. Tell everyone.
The author tells the bros to lay low, keep their heads down and not attract attention. The author tells the bros to drastically alter their behavior and run. The author tells the bros to go silent. The author tells the bros to warn everyone. The author can’t make up their damn mind!
These suggested tactics are mutually exclusive, for the most part, and are either impractical or more likely to attract the attention of the security forces.
Context free security protocols, what could go wrong?
ISIS jihobbiests have a long track record of repurposing cyber security content from other online manuals. They blithely copy privacy manuals written by fantasists, and happily duplicate the procedures from dark net market buyer guides. They consistently fail to grasp the deeper fundamentals of operational security, instead they cargo cult the security procedures of others.
Unfortunately for them, not all threats are created equal. Not all security tools offer the same protection against different adversaries.
ISIS supporters do not face the same adversaries as college kids buying weed from dark net markets. The protections offered by Qubes and TAILS are similar, but not identical. They are not interchangeable except in certain circumstances. The author does not appear to understand this.
Bro, do you even OPSEC, bro?
The author of this advice has created some confused and mangled security content. It is internally inconsistent, lacks clear directives, and demonstrates the author’s profound ignorance of security technologies. In fact, it demonstrates the author’s ignorance of operational terrorism in general and operational security in particular.
This is not operational guidance for ISIS terrorists. It does not recommend encryption to evade security forces. There is no practical advice here for real terrorists. It’s essentially just a statement of solidarity from the jihobbiests bros to ISIS supporters, ostensibly those in Belgium…who happen to be subscribed to an English language Telegram channel. It’s basically the jihadi equivalent of “sending thoughts and prayers.”
Update: counter terrorism experts agree, this “tutorial” is not an official ISIS statement.
As everybody went crazy regarding this IS fanboy (NOT OFFICIAL) "tutorial" for the "brother's in Belgium" yesterday pic.twitter.com/iIzBIvlmcJ
— J. Faraday (@CTstudies) March 23, 2016
Furthermore, as @rcallimachi points out, ISIS operatives receive direct hands on training. They are not left to fend for themselves using garbled juvenile tutorials disseminated via “ISIS affiliated” channels.
@thegrugq The head of the operatives who used burners in Paris trained his recruits to use encryption.
— Rukmini Callimachi (@rcallimachi) March 23, 2016
@rcallimachi and he did this on ISIS tech support with such guidance as "encrypt your jihadiest files and better delete them"?
— thaddeus e. grugq (@thegrugq) March 23, 2016
@thegrugq Nope. He did it in person in Syria according to members of his cell who were arrested
— Rukmini Callimachi (@rcallimachi) March 23, 2016