This article is more than 1 year old

How to evade the NSA: OpSec guide for journalists also used by terrorists

No iPhones apparently a rule. Imagine that

Privacy guides meant for journalists are being re-purposed by terrorist groups, Trend Micro researchers say.

The guides are designed to help hacks avoid surveillance by nation-states and well-resourced adversaries focusing on encryption, operational security, recommended and untrusted platforms.

It is one finding of dozens from the report Dark Motives Online, which analyses the similarities and differences between terrorist and criminal communications.

"... terrorists [are] adopting and distributing anonymising (sic) guides originally meant for activists and journalists … evidently to teach new or uninitiated members ways to avoid being spied on," the researchers say.

"Some of these guides even mention the National Security Agency and how to avoid surveillance."

The most privacy-preaching of these guides urges readers to avoid Android and iOS phones - claiming they are crawling with NSA spies.

Trend Micro did not name the studied terror group but said it was listed as a designated group by at least seven nations. That limits choices to less than a dozen groups including Hezbollah; al-Qaeda; Islamic State; Al-Nusra Front; and the Kurdistan Workers' Party.

Criminals including carders and data thieves use similar applications and services to terrorists with the need for propaganda the most distinguishing factor that sees some of the latter making phone calls and tweeting to spread the word.

Terrorists use regular email services along with allegedly secured services SIGAINT, Ruggedinbox, and Mail2Tor and - according to reviews of 2,301 terrorism-linked accounts - run instant messaging apps favouring Telegram with Signal, WhatsApp, and Wickr having equal second share.

Favoured document drop services of terror sympathisers include Share, Sendspace, and SecureDrop, preferably those based in the Middle East.

The most OpSec-tastic jihadi, however, drops propaganda documents on SIM cards and USB sticks.

Trend researchers go on to list several 1990s-coloured encryption applications and plugins that serve as alternative to mainstream offerings.

  • Mujahideen Secrets is the first professional alternative to PGP;
  • Tashfeer al-Jawwal is one of the first mobile "Islamic" encryption applications released on Jihadi forums in 2013;
  • Amaq is an Android application known to be used by terrorist organizations to disseminate information;
  • Alemarah is a new Android application serves as a news distributor for terrorist-related actions;
  • Asrar al-Dardashah was released in 2013. This plugin was developed for the instant messaging application Pidgin;
  • Amn al-Mujahed is an encryption software program developed by Al-Fajr Technical Committee

None of the named Android apps could be found on the official Google Play store.

The research is paired with a mammoth series in which Trend Micro researchers crawled through criminal forums in five countries, documenting the nuances of each. ®

More about


Send us news

Other stories you might like