It really was less than two months ago that we noted that, having lost the immediate battle for US legislation to backdoor encryption, those in the intelligence community knew they just needed to bide their time until the next big terrorist attack. Here was the quote from Robert Litt — the top lawyer for the Office of the Director of National Intelligence from September:
Although “the legislative environment is very hostile today,” the intelligence community’s top lawyer, Robert S. Litt, said to colleagues in an August e-mail, which was obtained by The Post, “it could turn in the event of a terrorist attack or criminal event where strong encryption can be shown to have hindered law enforcement.”
International hacking collective Anonymous declared war this weekend on ISIS, the extremist militant group that claimed responsibility for the attacks in Paris on November 13 which killed 129 people and left another approximately 350 injured.
Release of private information: retrieval and dissemination of information considered private by ISIS.
“Doxxing” members: revealing personal, private information about members of ISIS.
“DDoS” attacks: flooding servers with information requests.
Hack accounts: Take over social media accounts used by ISIS.
“Google Bomb” / “Googlewashing” searchable terms with links to anti-ISIS websites.
Prank calls: flood ISIS phone networks with spam phone calls.
On Friday night following the attacks, Facebook switched on two lesser-known features: Safety Check and Temporary Profiles. The former was a way for people in Paris to let family and friends know they were safe; the latter splashed an overlay of the French flag on top of profile pictures. (I’ve seen the same effect offered to me on certain weekends asking if I want a green and yellow filter to show my enthusiasm for the University of Oregon Ducks.)
Almost immediately, the check-ins and red, white, and blue profile pictures rolled in. It was automatic, really: If someone asked you to participate in something meant to ease the pain and worry of a crisis, you would say yes. So people checked in and other people talked about it and yes, people changed their profile photos.
And then people started asking questions: Why wasn’t Safety check turned on for the people of Beirut, where suicide bombings Thursday killed 43? Or Syria? Or Kenya? Why weren’t there temporary flag filters for these countries, similarly ravaged by tragedy? What was it that set Paris apart?
“Until yesterday, our policy was only to activate Safety Check for natural disasters,” Zuckerberg wrote. “We just changed this and now plan to activate Safety Check for more human disasters going forward as well …”
It’s not surprising that in the wake of the Paris terrorist attacks last Friday, US government officials would renew their assault on encryption and revive their efforts to force companies to install backdoors in secure products and encryption software.
Just last month, the government seemed to concede that forced decryption wasn’t the way to go for now, primarily because the public wasn’t convinced yet that encryption is a problem. But US officials had also noted that something could happen to suddenly sway the public in their favor.
With more than 120 people killed last week in Paris and dozens more seriously wounded, government officials are already touting the City of Light as that case. Former CIA deputy director Michael Morell said as much on CBS This Morning, suggesting that recalcitrant US companies and NSA whistleblower Edward Snowden are to blame for the attacks.
“We don’t know yet, but I think what we’re going to learn is that [the attackers] used these encrypted apps, right?,” he said on the show Monday morning. “Commercial encryption, which is very difficult, if not impossible, for governments to break. The producers of this encryption do not produce the key, right, for either them to open this stuff up or for them to give to governments to open this stuff up. This is the result of Edward Snowden and the public debate. I now think we’re going to have another public debate about encryption, and whether government should have the keys, and I think the result may be different this time as a result of what’s happened in Paris.”
CIA Director John Brennan said something similar
No solid information has come out publicly yet about what communication methods the attackers used to plot their assault.
On Sunday, the New York Times published a story stating that the Paris attackers “are believed to have communicated [with ISIS] using encryption technology.” The paper’s sources were unnamed European officials briefed on the investigation. It was not clear, however, “whether the encryption was part of widely used communications tools, like WhatsApp, which the authorities have a hard time monitoring, or something more elaborate,” the paper noted.
Twitter users harshly criticized the Times story, and it has since disappeared from the site (though it is archived)
A Yahoo news story on Saturday added to the theme, declaring that the Paris attacks show that US surveillance of ISIS is going dark.
Numerous other news stories have suggested that attackers like the ones who struck Paris may be using something other than WhatsApp.
A source told the paper that they are using it because “Playstation 4 is even more difficult to monitor than WhatsApp.”
US Law enforcement and intelligence agencies have been warning for years that their inability to decrypt communication passing between phones and computers—even when they have a warrant or other legal authority to access the communication—has left them in the dark about what terrorists are planning.
But there are several holes in the argument that forcing backdoors on companies will make us all more secure. While doing this would no doubt make things easier for the intelligence and law enforcement communities, it would come at a grave societal cost—and a different security cost—and still fail to solve some of the problems intelligence agencies say they face with surveillance.
1. Backdoors Won’t Combat Home-Brewed Encryption.
Forcing US companies and makers of encryption software to install backdoors and hand over encryption keys to the government would not solve the problem of terrorist suspects’ products that are made in countries not controlled by US laws.
“There’s no way of preventing a terrorist from installing a Russian [encryption] app or a Brasilian app,”
2. Other Ways to Get Information. The arguments for backdoors and forced decryption often fail to note the many other methods law enforcement and intelligence agencies can use to get the information they need. To bypass and undermine encryption, intelligence agencies can hack the computers and mobile phones of known targets to either obtain their private encryption keys or obtain email and text communications before they’re encrypted and after they’re decrypted on the target’s computer.
“We’re still living in an absolute Golden Age of surveillance,” says Cardozo. “And there is always a way of getting the data that is needed for intelligence purposes.”
3. Encryption Doesn’t Obscure Metadata. Encryption doesn’t prevent surveillance agencies from intercepting metadata and knowing who is communicating with whom. Metadata can reveal phone numbers and IP addresses that are communicating with one another, the date and time of communication and even in some cases the location of the people communicating. Such data can be scooped up in mass quantities through signals intelligence or by tapping undersea cables. Metadata can be extremely powerful in establishing connections, identities and locating people.
4. Backdoors Make Everyone Vulnerable. As security experts have long pointed out, backdoors and encryption keys held by a service provider or law enforcement agencies don’t just make terrorists and criminals open to surveillance from Western authorities with authorization—they make everyone vulnerable to the same type of surveillance from unauthorized entities, such as everyday hackers and spy agencies from Russia, China, and other countries. This means federal lawmakers on Capitol Hill and other government workers who use commercial encryption would be vulnerable as well.
“If Snowden has taught us anything, it’s that the intel agencies are drowning in data,” Cardozo says. “They have this ‘collect it all mentality’ and that has led to a ridiculous amount of data in their possession. It’s not about having enough data; it’s a matter of not knowing what to do with the data they already have. That’s been true since before 9/11, and it’s even more true now.”
Inside Sources reports that the New York Times has quietly pulled a story from its website alleging the attackers used encrypted technology. The original piece which has since been removed, can be found on the Internet Archive and stated. “The attackers are believed to have communicated using encryption technology, according to European officials who had been briefed on the investigation but were not authorized to speak publicly.”
NBC News has learned that ISIS is using a web-savvy new tactic to expand its global operational footprint — a 24-hour Jihadi Help Desk to help its foot soldiers spread its message worldwide, recruit followers and launch more attacks on foreign soil.
Counterterrorism analysts affiliated with the U.S. Army tell NBC News that the ISIS help desk, manned by a half-dozen senior operatives around the clock, was established with the express purpose of helping would-be jihadists use encryption and other secure communications in order to evade detection by law enforcement and intelligence authorities.
The relatively new development — which law enforcement and intel officials say has ramped up over the past year — is alarming
Authorities are now homing in on the terror group’s growing cyber capabilities after attacks in Paris, Egypt and elsewhere for which ISIS has claimed credit.
“They’ve developed a series of different platforms in which they can train one another on digital security to avoid intelligence and law enforcement agencies for the explicit purpose of recruitment, propaganda and operational planning,”
The existence of the Jihadi Help Desk has raised alarm bells in Washington and within the global counterterrorism community because it appears to be allowing a far wider web of militants to network with each other and plot attacks. A senior European counterterrorism official said that concerns about the recent development are especially serious in Europe, where ISIS operatives are believed to be plotting major attacks, some of them with direct assistance from ISIS headquarters in Syria.
“While some of the contacts between groups like ISIL and potential recruits occur in publicly accessible social networking sites,”
“They are very decentralized. They are operating in virtually every region of the world.”
The help desk workers closely track all of the many new kinds of security software and encryption as they come online, and produce materials to train others in how to use them. The CTC has obtained more than 300 pages of documents showing the help desk is training everyone from novice militants to the most experienced jihadists in digital operational security.
And once the help desk operatives develop personal connections with people, ISIS then contacts them to engage them in actual operational planning — including recruiting, fundraising and potentially attacks.
The comparison of the Nov. 14, 2015, attacks on Paris to the Sept. 11, 2001, attacks on the United States evokes not just a profound level of violence and terror, but of an interruption in history, a bookmark in a timeline when the country shifted politically and allowed for an unprecedented level of government intrusion and surveillance into the private lives of its citizens.
In the wake of the Charlie Hebdo massacre in January, France introduced its first surveillance legislation since 1991 — a bill that would allow the government to wiretap communications, install secret surveillance cameras and sweep up metadata. Privacy advocates called it “highly intrusive” and said it posed a “grave new threat” to protected professions like journalism. The bill was passed in a landslide vote in French Parliament, 438-86.
In exchange for security, we’re told we must trade our privacy, whether to the government or private corporations. And with every passing incident of aberrant violence, we’re left asking when that promised security is meant to arrive.
Government officials and commentators are already trotting out Edward Snowden as an indirect cause of the Paris attacks by reasoning it could have been prevented if the terrorists didn’t know the extent of government surveillance.
Legislators in the United States, as well as the prime minister of the U.K., have been asking for the weakening of encryption standards across the board so that state-level actors can peer into any potential threat. Meanwhile, the near-unanimous objection of the technology community is that weakening encryption on behalf of law enforcement would provide minor gains for the government and enormous gains for hackers and criminals.
For now, encryption works: But where privacy standards remain intact, intelligence authorities are brute-forcing their own solutions.
Criminals are most certainly using these systems to their benefit — there’s very little question about that. Former law enforcement officials told Yahoo News that Apple’s iMessage and WhatsApp, two messaging systems that offer encrypted communications that can be erased after they’ve been sent, have allowed terrorists and criminals to plan attacks while evading detections. If the attackers in Paris used these kinds of communications, it’s unlikely we’ll recover the intimate details of their plotting.
Between bitcoin and gold, the “Islamic State” is experimenting with currency, marking a new step in its state-crafting ambitions. But will the latest move further embed it amid international efforts to uproot the group?
The technology behind the digital currency bitcoin makes it difficult to trace, with a single unidentifiable wallet – or account – having received around $23 million (20.3 million euros) worth of bitcoin in the past month.
The EU Institute for Security Studies (EUISS) published a report in June detailing IS’ use of digital currencies and encrypted platforms, noting that such practices makes it “particularly hard to trace” the flow of finances and black market goods.
“Sadaqa (private donations) constitute one of ISIL’s main sources of revenue, and its supporters around the world have allegedly used digital currencies such as bitcoin to transfer money quickly to accounts held by ISIL militants while minimizing the risk of detection,” wrote EUISS junior analyst Beatrice Berton, referring to IS by an alternate acronym.
Thousands of dollars worth of bitcoin has been sent to accounts purportedly affiliated with “Islamic State,” with the one of the accounts registering its first transaction in 2012.
Softpedia is reporting that Anonymous, along with social media users, have identified several thousand Twitter accounts allegedly linked to ISIS members. “Besides scanning for ISIS Twitter accounts themselves, the hacking group has also opened access to the [takedown operation] site to those interested. Anyone who comes across ISIS social media accounts can easily search the database and report any new terrorists and supporters. The website is called #opIceISIS [slow right now, but it does load] and will index ISIS members based on their real name, location, picture, Twitter, Facebook, and YouTube accounts.” Anonymous crowdsourcing their operations… welcome to the brave new world, ISIS.
An article at The Independent reminds everyone that this information has not been independently confirmed, and that Anonymous is certainly capable of misidentifying people.
Organising under #opISIS and #opParis, the group is attempting to take down the websites and social media accounts of people associated with the group — as well as apparently release personal details of those involved in recruitment
Natasha Lomas / TechCrunch:
In the aftermath of Paris attacks, intelligence agencies scapegoat encryption to mask the failures of mass surveillance — Encryption Is Being Scapegoated To Mask The Failures Of Mass Surveillance — Well that took no time at all. Intelligence agencies rolled right into the horror …
Well that took no time at all. Intelligence agencies rolled right into the horror and fury in the immediate wake of the latest co-ordinated terror attacks in the French capital on Friday, to launch their latest co-ordinated assault on strong encryption — and on the tech companies creating secure comms services — seeking to scapegoat end-to-end encryption as the enabling layer for extremists to perpetrate mass murder.
There’s no doubt they were waiting for just such an ‘opportune moment’ to redouble their attacks on encryption after recent attempts to lobby for encryption-perforating legislation foundered. (A strategy confirmed by a leaked email sent by the intelligence community’s top lawyer, Robert S. Litt, this August — and subsequently obtained by the Washington Post — in which he anticipated that a “very hostile legislative environment… could turn in the event of a terrorist attack or criminal event where strong encryption can be shown to have hindered law enforcement”. Et voila Paris… )
Speaking to CBS News the weekend in the immediate aftermath of the Paris attacks, former CIA deputy director Michael Morell said: “I think this is going to open an entire new debate about security versus privacy.”
Elsewhere the fast-flowing attacks on encrypted tech services have come without a byline — from unnamed European and American officials who say they are “not authorized to speak publicly”. Yet are happy to speak publicly, anonymously.
The NYT published an article on Sunday alleging that attackers had used “encryption technology” to communicate — citing “European officials who had been briefed on the investigation but were not authorized to speak publicly”. (The paper subsequently pulled the article from its website, as noted by InsideSources, although it can still be read via the Internet Archive.)
The irony of government/intelligence agency sources briefing against encryption on condition of anonymity as they seek to undermine the public’s right to privacy would be darkly comic if it weren’t quite so brazen.
Here’s what one such unidentified British intelligence source told Politico: “As members of the general public get preoccupied that the government is spying on them, they have adopted these applications and terrorists have found them tailor-made for their own use.”
“Seeking to outlaw technology tools that are used by the vast majority of people to protect the substance of law-abiding lives is not just bad politics, it’s dangerous policy.”
In the same Politico article, an identified source — J.M. Berger, the co-author of a book about ISIS — makes a far more credible claim: “Terrorists use technology improvisationally.”
Of course they do. The co-founder of secure messaging app Telegram, Pavel Durov, made much the same point earlier this fall when asked directly by TechCrunch about ISIS using his app to communicate. “Ultimately the ISIS will always find a way to communicate within themselves. And if any means of communication turns out to be not secure for them, then they switch to another one,” Durov argued. “I still think we’re doing the right thing — protecting our users privacy.”
Bottom line: banning encryption or enforcing tech companies to backdoor communications services has zero chance of being effective at stopping terrorists finding ways to communicate securely. They can and will route around such attempts to infiltrate their comms, as others have detailed at length.
Here’s a recap: terrorists can use encryption tools that are freely distributed from countries where your anti-encryption laws have no jurisdiction. Terrorists can (and do) build their own securely encrypted communication tools. Terrorists can switch to newer (or older) technologies to circumvent enforcement laws or enforced perforations. They can use plain old obfuscation to code their communications within noisy digital platforms like the Playstation 4 network, folding their chatter into general background digital noise (of which there is no shortage). And terrorists can meet in person, using a network of trusted couriers to facilitate these meetings, as Al Qaeda — the terrorist group that perpetrated the highly sophisticated 9/11 attacks at a time when smartphones were far less common, nor was there a ready supply of easy-to-use end-to-end encrypted messaging apps — is known to have done.
Point is, technology is not a two-lane highway that can be regulated with a couple of neat roadblocks — whatever many politicians appear to think. All such roadblocks will do is catch the law-abiding citizens who rely on digital highways to conduct more and more aspects of their daily lives. And make those law-abiding citizens less safe in multiple ways.
US Rep. Joe Barton (R-Texas) has a plan to stop terrorists: shut down websites, including social media networks.
Barton today asked Federal Communications Commission Chairman Tom Wheeler if the commission can shut down websites used by ISIS and other terrorist groups. Barton didn’t name any specific sites but said that “we need to do something” because of the terrorist attack in Paris.
“ISIS and the terrorist networks can’t beat us militarily, but they are really trying to use the Internet and all of the social media to try to intimidate and beat us psychologically,” Barton said. Addressing Wheeler during an FCC oversight hearing held by the Subcommittee on Communications and Technology, Barton continued:
Isn’t there something we can do under existing law to shut those Internet sites down, and I know they pop up like weeds, but once they do pop up, shut them down and then turn those Internet addresses over to the appropriate law enforcement agencies to try to track them down? I would think that even in an open society, when there is a clear threat, they’ve declared war against us, our way of life, they’ve threatened to attack this very city our capital is in, that we could do something about the Internet and social media side of the equation.
Wheeler answered, “I’m not sure that our authority extends to picking and choosing among websites, but I do think there are specific things that we can do,” with Barton interrupting to ask, “Do we need on a bipartisan basis to give additional authority to shut sites down?”
Rep. Joe Barton (R-Texas) wants the federal government to shut down the Internet — or at least, the parts of it that are being used by the Islamic State.
“They are really trying to use the Internet and all the social media to intimidate and beat us psychologically,” Barton said during a House committee hearing Tuesday. “Isn’t there something we can do to shut those Internet sites down?”
Barton conceded that censoring the Web sites might be difficult — “I know they pop up like weeds” — but plowed ahead with his proposal, suggesting that the Federal Communications Commission attempt to shut down the sites.
“They’re using the Internet in an extremely offensive and inappropriate way against us,”
There’s just one problem with Barton’s plan: The Internet may be a little more complicated than he thinks.
The FCC doesn’t have the authority to regulate individual Web sites, agency chairman Tom Wheeler replied. And the commission likely won’t want even a temporary authority to censor the Web. Here’s why.
Critics of the commission have complained that the FCC’s net neutrality rules are simply a backdoor way for the agency to regulate the Internet. Even if it were technically feasible for the government to find and shut down every single ISIS Web site (it’s not), for the FCC to do so would simply lend credence to those attacks. And it would undermine the spirit of the net neutrality rules, which are aimed at allowing all (legal) speech — for better or for worse — to flourish online without interference by anybody.
Congress could probably get around that by ruling ISIS-affiliated speech illegal. But then we’d have an even bigger First Amendment problem on our hands.
Encrypted messaging app Telegram announced today that it has shut down access to several public channels that people have used to communicate about ISIS. The news comes after days after the terrorist group waged attacks in Paris that killed more than 100 people. Since then, reports have surfaced about how terrorists have used encrypted messaging in their operations.
“We were disturbed to learn that Telegram’s public channels were being used by ISIS to spread their propaganda,” Telegram wrote today in a publicly visible post in the Telegram app
This week the company will be rolling out an easier way to report on “objectionable” content that’s visible to any user, according to the post.
In the wake of the Paris attacks, US government officials have been vocal in their condemnation of encryption, suggesting that US companies like Apple and Google have blood on their hands for refusing to give intelligence and law enforcement agencies backdoors to unlock customer phones and decrypt protected communications. But news reports of the Paris attacks have revealed that at least some of the time, the terrorists behind the attacks didn’t bother to use encryption while communicating, allowing authorities to intercept and read their messages.
Reports in France say that investigators were able to locate some of the suspects’ hideout this week using data from a cellphone apparently abandoned by one of the attackers in a trashcan outside the Bataclan concert hall where Friday’s attack occurred, according to Le Monde. Authorities tracked the phone’s movements prior to the attack,
Other reports indicate that a previous ISIS terrorist plot targeting police in Belgium was disrupted in that country last January because Abdelhamid Abaaoud—suspected mastermind of both that plot and the Paris attacks—had failed to use encryption.
All of this suggests that the attackers were guilty of major OPSEC failures—that is, if it weren’t for the fact that some of them still managed to pull off the Paris attacks without prior detection. This suggests they either did use encryption during earlier planning stages of their attacks, or that authorities were so overwhelmed tracking other suspects—French investigators claim they recently thwarted six other attacks—that they overlooked the suspects who pulled off the Paris attacks. This indeed might be the case since Turkish authorities have said they tried to warn French authorities twice about one of the suspects but never got a response.
Despite this, US authorities have flooded the media this week with stories about how ISIS’ use of encryption and other anti-surveillance technologies has thwarted their ability to track the terrorists. But authorities have also slyly hinted that some of the encryption technologies the terrorists use are not as secure as they think they are, or are not being configured and used in a truly secure manner. So what exactly are ISIS attackers doing for OPSEC?
It turns out that a 34-page guide to operational security (.pdf) that ISIS members advise recruits to follow, offers some clues.
The guide was originally written about a year ago by a Kuwaiti security firm known as Cyberkov to advise journalists and political activists in Gaza on how to protect their identities, the identity of their sources and the integrity of information they report. But members of ISIS have since co-opted it for their own use as well.
The guide offers a handy compilation of advice on how to keep communications and location data private, as well as links to dozens of privacy and security applications and services, including the Tor browser, the Tails operating system; Cryptocat, Wickr, and Telegram encrypted chat tools; Hushmail and ProtonMail for email; and RedPhone and Signal for encrypted phone communications. Gmail, the guide notes, is only considered secure if the account is opened using false credentials and is used with Tor or a virtual private network. Android and iOS platforms are only secure when communications are routed through Tor.
The manual advises disabling the GPS tagging feature on mobile phones to avoid leaking location data when taking photos—a mistake that a Vice reporter made in 2012 when interviewing murder suspect John McAfee who was on the lam. Alternatively, operatives and journalists can use the Mappr app can be used to falsify location data and throw intelligence agencies off their trail.
The OPSEC manual used by ISIS also advises against using Instagram because its parent company, Facebook, has a poor track record on privacy, and it warns that mobile communications can be intercepted, even though GSM networks are encrypted. It advises readers to use encrypted phones like Cryptophone or BlackPhone instead.
There are no surprises among the documents. Most of the recommendations are the same that other civil liberties and journalist groups around the world advise human rights workers, political activists, whistleblowers and reporters to use to secure their communications and obscure their identity or hide their location.
“This is about as good at OPSEC as you can get without being formally trained by a government,” Brantly, a cyber fellow with the West Point center, told WIRED. “This is roughly [the same advice] I give to human rights activists and journalists to avoid state surveillance in other countries. If they do it right, then they can become pretty secure. [But] there’s a difference between telling somebody how to do it and then [them] doing it right.”
The documents warn that followers should use strong passwords and avoid clicking on suspicious links, to prevent intelligence agencies and everyday hackers from breaching their systems.
It advises users to always use a VPN online to encrypt data and prevent ISPs and spy agencies from reading their communication. But it cautions users to stay away from American providers of VPNs and encrypted chat tools and instead use ones like Telegram and Sicher, instant messaging apps made by companies based in Germany, or the Freedome, a VPN from the Finish computer security firm F-Secure. Apple’s iMessage, an end-to-end encryption service, also gets a thumbs-up
Although US government officials have repeatedly cited WhatsApp as a tool ISIS uses to thwart surveillance, the Kuwaiti manual actually puts the chat application on a “banned” list.
He also says they’ve seen no sign yet that ISIS is using home-brewed encryption programs that its members created themselves. “Al Qaeda developed their own encryption platform for a while. But ISIS right now is largely using Telegram [for encrypted communication],”
“There’s a whole section on hacking [in the ISIS forums],” Brantley says. “They’re not super-talented hackers, but they’re reasonable.”
Washington Post:
How the media division of ISIS creates a dual image as a benevolent destination and a menacing, violent domain — Inside the surreal world of the Islamic State’s propaganda machine — CONFRONTING THE ‘CALIPHATE’ | This is part of an occasional series about the rise of the Islamic State militant group …
What they described resembles a medieval reality show. Camera crews fan out across the caliphate every day, their ubiquitous presence distorting the events they purportedly document. Battle scenes and public beheadings are so scripted and staged that fighters and executioners often perform multiple takes and read their lines from cue cards.
Cameras, computers and other video equipment arrive in regular shipments from Turkey. They are delivered to a media division dominated by foreigners — including at least one American, according to those interviewed — whose production skills often stem from previous jobs they held at news channels or technology companies.
“It is a whole army of media personnel,”
“The media people are more important than the soldiers,” he said. “Their monthly income is higher. They have better cars. They have the power to encourage those inside to fight and the power to bring more recruits to the Islamic State.”
The United States and its allies have found no meaningful answer to this propaganda avalanche.
David Uberti / Columbia Journalism Review:
The Paris-Beirut debate: Why news organizations paid more attention to the attacks in France — The Friday attacks in Paris that killed more than 120 left many American news organizations racing to get pieces in place for wall-to-wall coverage over the weekend.
The Friday attacks in Paris that killed more than 120 left many American news organizations racing to get pieces in place for wall-to-wall coverage over the weekend.
The story still dominated The New York Times’ front page on Monday, with four stories exploring various angles of the ISIS-planned strikes, their aftermath in France, and global ramifications. But it was a piece on an ISIS attack Thursday in Lebanon, tucked on page A6, that garnered more than 210,000 shares on social media by Tuesday, five times more than the four Paris-related stories combined.
The latter story focused on the aftermath of bombings that killed 43 people last week in Beirut, particularly residents’ “anguish over the fact that just one of the stricken cities—Paris—received a global outpouring of sympathy.”
Indeed, the Times story on a “forgotten” Beirut highlighted a mounting critique of how news organizations and the public alike divvy up precious resources and attention in a time of concurrent acts of violence.
Journalists, the commentary goes, assign different value to different lives. That’s hard to dispute, given spotty coverage of regions such as the Middle East and Africa when American interests aren’t at stake
“I do think Paris was more newsworthy than Beirut for a host of reasons, including the death toll, the scale of the attack, and the challenge to intelligence agencies in the US and abroad that tend to work closely together,” Kahn says. “It is also true that coverage of terrorist attacks does vary according to other, more subtle factors, such as how surprising the attack is, how likely it is to impact policy among the Western powers, and how likely it is to resonate with large numbers of our readers.”
Francesco Guarascio / Reuters:
In the wake of the Paris attacks, EU ministers urge European Commission to propose measures to improve checks on Bitcoin and other non-banking payment methods
The European Union will increase controls on pre-paid cards, money remittances and bitcoin in a bid to curb terrorism funding after the attacks in Paris that killed 129 people.
EU interior and justice ministers agreed on Friday in Brussels to tighten checks on payment methods that may be conducted anonymously and might be used by terrorist organizations to finance attacks.
Read more at Reutershttp://www.reuters.com/article/2015/11/20/us-france-shooting-eu-terrorism-funding-idUSKCN0T922D20151120#trSJzKTuhXpsrdpT.99
Given that ISIS and other terrorist organizations have proven adept at using social media to disseminate propaganda and incite fear, it seems obvious that platforms like Facebook and Twitter would aggressively and mercilessly delete such content and ban those who post it.
It may seem equally obvious that those companies would move quickly to do just that when presidential candidates appear to call for them to help out and as US Representative Joe Barton asks the Federal Communications Commission, “Isn’t there something we can do under existing law to shut those Internet sites down?” But it’s not that simple, and social media platforms have grappled with the issue in some ways since at least the days when Al Qaeda affiliates started uploading videos to YouTube.
The problem lies in the global nature of social media, the reliance upon self-policing by users to identify objectionable content, and the fact that many of those banned simply open a new account and continue posting their hatred. A blanket policy of banning anything that might be seen as inciting violence also could lead to questions of censorship, because one person’s hateful propaganda could be another’s free speech. That’s not to say companies like Facebook and Twitter aren’t taking this seriously and trying to draw a distinction between the two. But it’s not as simple as you might think.
‘No Place for Terrorists’
Facebook says any profile, page, or group related to a terrorist organization is shut down and any content celebrating terrorism is removed. “There is no place for terrorists on Facebook,” says Facebook spokesman Andrew Souvall. “We work aggressively to ensure that we do not have terrorists or terror groups using the site, and we also remove any content that praises or supports terrorism.”
It seems to broadly work. Facebook has deleted posts and blocked accounts in such a way that ISIS-related newsletters, videos, and photos don’t seem to crop up as much as elsewhere on the web, says Steve Stalinsky, executive director of Middle East Media Research.
In the past few years, the use of Twitter, on the other hand, has grown. ISIS supporters embraced the platform
Until last fall, Twitter had largely taken a more detached stance on ISIS-related content. It began taking a more aggressive approac
While an active social network typically grows over time, Berger says that the suspensions on Twitter have helped to keep the size of the network “roughly flat.” Moreover, users whose accounts are repeatedly suspended come back with new accounts with fewer followers.
“The good news is that this limits the reach of their propaganda and recruiting, and makes it harder for ISIS to accomplish its goals online,” Berger says.
Propaganda or Political Speech
But the challenge for sites like Facebook and Twitter goes beyond tracking down content that promotes terrorism. It also requires defining “promoting terrorism.” In a sense, the two platforms are global communities, each engaged in a constant process of determining community norms as the use of the platforms evolves.
“While it’s true that companies legally can restrict speech as they see fit, it doesn’t mean that it’s good for society to have the companies that host most of our everyday speech taking on that kind of power.”
This week, most major security news connected to the Paris terrorist attacks, which government officials eagerly used as an opportunity to renew their assault on encryption. After the attacks, it’s likely that encryption will be a key issue in the 2016 election. Although it turns out that the Paris attackers did not encrypt their communications at least part of the time, a look at an OPSEC manual used by ISIS gave the world insight into the terror group’s security protocols
HONG KONG — The Chinese government is shutting down the mobile service of residents in Xinjiang who use software that lets them circumvent Internet filters, escalating an already aggressive electronic surveillance strategy in the country’s fractious western territory.
Starting last week, shortly after terrorist attacks in Paris, the local police began cutting the service of people who had downloaded foreign messaging services and other software, according to five people affected.
The people, who spoke on the condition of anonymity over concerns about retaliation from local security forces for speaking to foreign news media, all said their telecommunications provider had told them to go to a local police station to have service restored.
Continue reading the main story
Related Coverage
A monitor at a Beijing Internet cafe displayed a police message on the proper use of the Internet.
China Ranks Last of 65 Nations in Internet FreedomOCT. 29, 2015
President Xi Jinping, center, meets Mark Zuckerberg, Facebook’s chief executive, as Lu Wei, China’s top Internet regulator looks on.
Mark Zuckerberg Courts China With Speech on People and PerseveranceOCT. 26, 2015
Protesters at a rally against Chinese censorship in front of the New York Public Library ahead of a BookExpo America event in May. A large delegation of publishers from China attended the trade gathering as guests of honor.
Sinosphere Blog: American Publishers Take a Stand Against Censorship in ChinaOCT. 15, 2015
President Xi Jinping of China, front row center, with senior technology company executives at a conference held at Microsoft in Redmond, Wash., in September.
U.S. Tech Giants May Blur National Security Boundaries in China DealsOCT. 30, 2015
An Apple Store in Hong Kong. Apple News app users in China are alerted: “News isn’t supported in your current region.”
Apple Is Said to Deactivate Its News App in ChinaOCT. 10, 2015
“Due to police notice, we will shut down your cellphone number within the next two hours in accordance with the law,” read a text message received by one of the people, who lives in the regional capital of Urumqi. “If you have any questions, please consult the cyberpolice affiliated with the police station in your vicinity as soon as possible.”
The person said that when she called the police, she was told that the service suspensions were aimed at people who had not linked their identification to their account; used virtual private networks, or V.P.N.s, to evade China’s system of Internet filters, known as the Great Firewall; or downloaded foreign messaging software, like WhatsApp or Telegram.
Everyone is concerned about how the Islamic State communicates, both in general and to orchestrate violent acts. The attacks in Paris have motivated fresh debates weighing the privacy and safety implications of digital services that encrypt communications but do not provide backdoors for law enforcement. But there is a far less complicated way to deal with both digital propoganda and clandestine communication channels: Shut them down!
Barton asked the Federal Communications Commission, “Isn’t there something we can do under existing law to shut those Internet sites down?”
In a statement Tuesday afternoon, the Washington Post reports, Barton explained that he was “in no way suggesting we shut down the Internet.” And added, “I am very mindful of privacy and First Amendment issues on the Internet.” FCC chairman Tom Wheeler also clarified that the agency doesn’t have the authority to shut websites down.
Encrypted messaging app Telegram, which has been in the news lately because of its use within the terrorist group ISIS, today announced a few new features aimed at people who use the app to chat in groups.
Now it’s possible for certain users to be designated as admins of a given group. Admins can add people to and remove people from the group. They can also change the name and photo of the group, according to a blog post on the updates.
The other big change is a good indicator of how popular Telegram is becoming: Groups can now contain a maximum of 1,000 members, up from 200 until now, thanks to the launch today of new supergroups. You’re only able to turn an existing group into a supergroup once you’ve reached the 200 mark.
Decent people see tragedy and barbarism when viewing a terrorism attack. American politicians and intelligence officials see something else: opportunity.
Bodies were still lying in the streets of Paris when CIA operatives began exploiting the resulting fear and anger to advance long-standing political agendas. They and their congressional allies instantly attempted to heap blame for the atrocity not on Islamic State but on several preexisting adversaries: Internet encryption, Silicon Valley’s privacy policies and Edward Snowden.
The real objective is to depict Silicon Valley as terrorist-helpers for the crime of offering privacy protections to Internet users.
The CIA’s former acting director, Michael Morell, blamed the Paris attack on Internet companies “building encryption without keys,” which, he said, was caused by the debate over surveillance prompted by Snowden’s disclosures. Sen. Dianne Feinstein (D-Calif.) blamed Silicon Valley’s privacy safeguards, claiming: “I have asked for help. And I haven’t gotten any help.”
Former CIA chief James Woolsey said Snowden “has blood on his hands” because, he asserted, the Paris attackers learned from his disclosures how to hide their communications behind encryption.
In one sense, this blame-shifting tactic is understandable. After all, the CIA, the NSA and similar agencies receive billions of dollars annually from Congress and have been vested by their Senate overseers with virtually unlimited spying power. They have one paramount mission: find and stop people who are plotting terrorist attacks. When they fail, of course they are desperate to blame others.
The CIA’s blame-shifting game, aside from being self-serving, was deceitful in the extreme.
To begin with, there still is no evidence that the perpetrators in Paris used the Internet to plot their attacks, let alone used encryption technology.
CIA officials simply made that up. It is at least equally likely that the attackers formulated their plans in face-to-face meetings. The central premise of the CIA’s campaign — encryption enabled the attackers to evade our detection — is baseless.
The claim that the Paris attackers learned to use encryption from Snowden is even more misleading. For many years before anyone heard of Snowden, the U.S. government repeatedly warned that terrorists were using highly advanced means of evading American surveillance.
Then-FBI Director Louis Freeh told a Senate panel in March 2000 that “uncrackable encryption is allowing terrorists — Hamas, Hezbollah, Al Qaeda and others — to communicate about their criminal intentions without fear of outside intrusion.”
Or consider a USA Today article dated Feb. 5, 2001, eight months before the 9/11 attack. The headline warned “Terror groups hide behind Web encryption.”
Within the Snowden archive itself, one finds a 2003 document that a British spy agency called “the Jihadist Handbook.” That 12-year-old document, widely published on the Internet, contains instructions for how terrorist operatives should evade U.S. electronic surveillance.
In sum, Snowden did not tell the terrorists anything they did not already know. The terrorists have known for years that the U.S. government is trying to monitor their communications.
What the Snowden disclosures actually revealed to the world was that the U.S. government is monitoring the Internet communications and activities of everyone else: hundreds of millions of innocent people under the largest program of suspicionless mass surveillance ever created, a program that multiple federal judges have ruled is illegal and unconstitutional.
IRON FIST HOME SECRETARY Theresa May has been accused of leaning on the attacks in Paris to fast track the Investigatory Powers Bill and its considerations.
May is backing the legislation like a desperate man backs a horse. She is very keen on a vice-like grip on communications, and has some support and some opposition. It is perhaps because of this tough situation, and possibly because of the threat of terrorism, that she wants a fire lit under it.
May has asked that the committee considering the 300-page bill pulls its finger out and gets things in order by the end of the year. This has not gone down well with the opposition.
The Don’t Spy On Us coalition has already thrown up its arms at the shifting deadline
“The last major piece of legislation to extend surveillance in the UK, the draft Communications Data Bill, was given five months of parliamentary scrutiny before parliamentarians decided the powers were too sweeping and went too far.”
All rights groups want a chance to oppose the bill
An Islamic State (Isis) propaganda website on the dark web has been taken down by hacktivists and replaced with an advert for a site selling Prozac and a message telling would-be IS supporters to calm down. Ghost Sec, a faction of the hacktivist collective Anonymous (unaffiliated with the counter-terrorism organisation Ghost Security Group), targeted the Isdarat website after it appeared on the Tor anonymity network last week.
Members of bulletin board 4chan superimpose duck heads on to images of Isis fighters, setting off craze that has spread to Twitter and Facebook
If it looks like a duck, swims like a duck and quacks like a duck, could it in fact be an Islamic State militant?
As world leaders scratch their heads about the best method to defeat the terror of Isis, internet users have come up with their own way to take the sting out of the group’s feathery tail.
Members of the image-based bulletin board 4chan began superimposing rubber duck heads on to images of Isis fighters, setting off a craze that has spread to Twitter, Facebook and elsewhere.
“How about castrating the image of Isis by replacing the faces on ALL the propaganda photos with bath ducks?” a 4Chan user wrote on Shit4chanSays (/s4s/) board.
IRON FIST HOME SECRETARY Theresa May has been accused of leaning on the attacks in Paris to fast track the Investigatory Powers Bill and its considerations.
May is backing the legislation like a desperate man backs a horse. She is very keen on a vice-like grip on communications, and has some support and some opposition. It is perhaps because of this tough situation, and possibly because of the threat of terrorism, that she wants a fire lit under it.
May has asked that the committee considering the 300-page bill pulls its finger out and gets things in order by the end of the year. This has not gone down well with the opposition.
Italian counter-terror agents are to monitor Sony’s PlayStation Network for jihadi chatter, according to the nation’s justice minister, following alarmingly silly reports that a PS4 was used to coordinate the terrorist attacks in Paris.
Andrea Orlando told Italian broadsheet Il Messaggero that the government would be investing €150m (£105m) in a reformation of the nation’s security services, with the aim of allowing them to monitor “any form of communication”, with the PlayStation gaming console receiving specific attention.
The Italian plans follow an article in Forbes, cited by the Telegraph and the New York Times, which claimed, “An ISIS agent could spell out an attack plan in Super Mario Maker’s coins and share it privately with a friend, or two Call of Duty players could write messages to each other on a wall in a disappearing spray of bullets.”
That report, in turn, appears to have been prompted by statements made by the Belgian deputy prime minister, Jan Jambon. Jambon complained that Belgian security services and their international partners were unable to decrypt communications made through the PlayStation Network.
It is not the first time that gaming platforms have come under suspicion from counter-terrorist powers. An NSA briefing note leaked by whistleblower Edward Snowden and titled “Exploiting Terrorist /use of Games & Virtual Environments” showed the spooks had discussed infiltrating the platforms
Last week, the UK’s Chancellor of the Exchequer George Osborne laid out plans for more capabilities for law enforcement and intelligence agencies in response to a “cyber threat” from ISIS.
But it looks like the threats made by some apparent pro-ISIS hackers over social media are overstated.
Recently, a group that calls itself the “Islamic Cyber Army” has been dumping the supposed personal details of government employees and other data on Twitter. However the majority of the information appears to have been sourced from very simple Google searches.
This isn’t the first time pro-ISIS hackers have exaggerated their own hacking capabilities. Junaid Hussain, who moved to Syria to join the terrorist organization, published the names and personal information of 100 US military members. He claimed he had obtained these by hacking Pentagon servers, but it seemed more likely that he also just Googled for them.
Hussain did reportedly have some technical skills, however, with the Wall Street Journal reporting he had developed spyware for ISIS. Hussain was killed in a drone strike in August.
Large-scale cyberattacks that have been linked to pro-ISIS hackers have also turned out to be misattributed. According to researchers from cybersecurity firm FireEye, a hack on the French television channel TV5Monde that was widely reported as the work of a pro-ISIS outfit was actually that of a group of Russian hackers.
In all, it’s worth treating the claims of “ISIS hackers” on social media with a heavy dose of scepticism.
There’s little evidence that “mass surveillance” catches potential terrorists, but it does risk catching innocents. More conventional police methods are more effective against terrorism.
The Friday 13 events in Paris were horrendous – bloody and heartless attacks without warning on innocent civilians enjoying a warm November evening, in restaurants and bars, at a concert and a soccer game. A few days before, I had been walking through neighbouring districts, taking in the sights and sounds of a great city.
Anyone who knows about security-and-surveillance could guess what would happen. Security authorities would want more powers and governments would gauge how far they could go. Of course, it’s understandable that any government in that position will wish to reassure the population with visible signs of security. But governments do tend to rush headlong into new counter-terrorism measures after a major attack like that in Paris. Sometimes they are desperate to show that they are doing something.
Unfortunately, French responses thus far follow a familiar pattern… So border checks were increased with ramped-up databases and reinforced surveillance.
Events like these are also viewed as ideal opportunities to make policy changes. As Naomi Klein shows in Shock Doctrine, some governments have for many years exploited crises to push through controversial law or policy
Learning from the past
While tightened security may seem like a good plan, changing the rules and demanding greater powers for security and intelligence services in the wake of attacks may not be wise. Sober judgment, not knee-jerk responses, is called for. After the Charlie Hebdo attacks earlier in 2015, the French introduced new laws for warrantless searches, ISPs to collect communications metadata, and trimmed oversight for agencies. This time – in November – some borders were temporarily closed and a 3-month state of emergency was declared.
We saw it, classically, in the US after 9/11, but also in the UK after 7/7
The evidence that what Snowden and others call “mass surveillance” produces better ways of tracking terrorists is hard to find.
Does mass surveillance work?
Does allowing intelligence agencies to collect more data – what Snowden and others call “mass surveillance” – or increasing powers of arrest and detention, and removing checks and balances, really improve things? The evidence that these produce better ways of tracking terrorists is hard to find. More is not necessarily better when it comes to data. In 2013, the White House claimed that more than 50 terror plots had been uncovered by the NSA’s methods. But in 2014 two independent reviews showed that in 255 terrorism cases investigated by the NSA, only four were the result of using phone metadata and none of the four prevented attacks.
Edward Snowden is clear about this. Reflecting on the Charlie Hebdo attacks in Paris, he pointed out that these occurred despite the mass surveillance programs introduced there in 2013. Observing that French law was now one of the most intrusive and expansive laws in Europe, he commented that it still didn’t stop the attack. They’re simply “burying people under too much data,” he said.
After the November attacks in Paris, American agencies were quick to blame Snowden – along with internet encryption and Silicon Valley privacy policies.
The New York Times argued that in fact Paris was a case of failure to act on information the authorities already had. As for encryption, the Paris attackers used none.
By and large, conventional police work, based on targeted surveillance of suspects, is what produces results.
In case after case, we have seen that intelligence agencies knew about those who committed atrocities but failed to – as they say – connect the dots.
Collateral damage
At the same time, indiscriminate surveillance creates new risks; innocent “suspects,” the chilling effects of everyone being tracked and checked and the denial of democracy – which ironically is a victory for terrorists. Terrorism arises, it seems, from groups that despise diversity and who seek national, political or religious homogeneity.
Security-driven surveillance today is very enamoured of big data ‘solutions’ – seen especially in the application of new analytics to seeking out suspects.
While there may well be appropriate ways of using the so-called ‘data deluge’ created by internet and particularly social media use, the current trend is towards prediction and preemption.
Fears and futures
After 9/11, I argued that one of the worst outcomes of the various responses to terrorism is the fomenting of fear. Without for a moment discounting the appalling suffering and loss associated with the Paris attacks – or any others – it must be said that some responses to such atrocities are also highly dangerous. At the far end of fear-mongering is the proposal from US presidential contender Donald Trump to establish a database of American Muslims. If he were not so popular this could be discounted as fascist fanaticism.
But the trouble with many surveillance responses is that they do so well what marks surveillance today – a process of social sorting that classifies populations in order to treat different groups differently. Thus what is done requires utmost care. Categories have consequences.
When security agencies make their case for more data, more sophisticated analytics, they often make it sound as if these were neutral technologies.
Making a difference
Snowden insists – and proves it by his own example – that any and all can help to make a difference. These are not problems that can be solved overnight by some hastily concocted laws or a furious rush to foreclose freedoms. Indeed, these exacerbate our situation. Surveillance today touches us all and we all need to take action, however small, to change things for the better.
Rarely has a public debate been ignited so fast as the one about whether to ban online encryption after the tragic Paris attacks two and a half weeks ago. And rarely has the coverage of such a debate been so lacking in facts—especially considering that encryption is a tool reporters increasingly need to do their jobs.
The deplorable terrorist attacks in Paris occurred on the evening of Friday, Nov. 13. By the end of that weekend, news organizations had published dozens of articles linking the Paris attackers with the use of encrypted messaging apps that prevent the companies that make them—and therefore governments—from easily accessing the messages their users send back and forth. By the following Monday, there were literally thousands of articles questioning whether such apps should be outlawed, spurred on by the Sunday talk shows that gave intelligence officials license to speculate on the “likely” use of encryption as a catchall excuse for why the attacks had not been detected, and to condemn the technology without a single skeptical follow-up.
Why were officials saying it was “likely”? Not because they had actual evidence, but because they assumed that if authorities didn’t know about the plot in advance, the terrorists must have used encryption.
Meanwhile, an early New York Times article on the attackers’ supposed use of encryption—sourced to anonymous European officials, whose assertions became the launchpad for many of the weekend’s think pieces—was quickly rewritten and the anonymous reference to encryption removed (without a note to readers about why).
By Monday night, the Times made clear in its lead story about the still-raging encryption debate that there was “no definitive evidence” that encrypted communications had been used by any of the attackers, but by then the terms of the discussion were already set, and the CIA had no problem continuing its epic game of blame deflection throughout the week.
To this day, there’s hardly any publicly available evidence that the Paris attackers used encrypted communications to plan their attack. It’s important to point out, as journalist Dan Gillmor astutely writes, that whether these particular terrorists did use such technology should not matter in the debate over whether to ban it. But it does prove how easily the CIA can still mislead and steer the media while diverting attention from its own potential failures.
What have we learned since the “ban encryption” movement gained full steam on the first weekday after the attack? It turns out that most of the attackers were already known to intelligence agencies. Within a week of the attack, we found out they had used Facebook to communicate, as well as normal SMS text messaging.
By this week, The Wall Street Journal was reporting that the Paris attack had been “hatched in plain sight”: The terrorists used their real names and identification cards for hotel and rental car reservations and did not noticeably try to cover their tracks.
But cable news, which sadly often reflects the national agenda more than print, had no interest in the truth, and as Glenn Greenwald wrote, “neither CNN nor MSNBC has put a single person on air to dispute the CIA’s blatant falsehoods about Paris despite how many journalists have documented those falsehoods.”
Part of the problem is that many reporters—television anchors in particular—apparently don’t understand the basics of how encryption works and what it does and does not do.
First, even if terrorists do use encryption, that doesn’t mean a giant black cape has been thrown over them so they can work in complete secrecy. Far from it: Authorities can still track the precise location of terrorists 24/7 if they carry a mobile device. Even if suspects encrypt their communications, intelligence agencies can get information about who they’re talking to, when, and for how long. They can also hack into individual terrorists’ computers or phones and read their messages, no matter what type of encrypted apps they are using. (For more, read Nathan Freitas’s “6 Ways Law Enforcement Can Track Terrorists in an Encrypted World.”)
Ask any national security reporter who has tried to completely switch to encrypted and anonymous communication with a source and you’ll find that it is virtually impossible unless you have weeks or months of training.
While end-to-end encryption certainly gives us an extra layer of privacy protection at a time when our rights are constantly being eroded, this is actually a security vs. security debate. Encryption’s main purpose is to protect us from hackers of all sorts
The government is complaining that companies cannot unlock certain communications because only the sender and the receiver hold the key—the company itself does not. When tech companies do not have a way to access all their customers’ data at once, neither do hackers. As a commentator said last week in response to the new push to ban encryption in the name of “security”: “Weakening security with the aim of advancing security simply does not make sense.”
There are, of course, many questions reporters can and should be asking intelligence officials: Don’t you still have many other ways to track terrorists, even if they use encrypted messaging apps? If the terrorists planned so much of this out in the open, and they were known to intelligence agencies, why didn’t you catch them with the resources you already had?
Encryption is not an issue about which reporters should be “neutral”—it directly affects their wellbeing. Encryption is increasingly an important tool for journalists of all stripes
After the recent Paris terror attacks, French law enforcement wants to have several powers added to a proposed law, including the move to forbid and block the use of the Tor anonymity network, according to an internal document from the Ministry of Interior seen by French newspaper Le Monde.
That document talks about two proposed pieces of legislation, one around the state of emergency, and the other concerning counter-terrorism.
Regarding the former, French law enforcement wish to “Forbid free and shared wi-fi connections” during a state of emergency. This comes from a police opinion included in the document: the reason being that it is apparently difficult to track individuals who use public wi-fi networks.
As the latter, law enforcement would like “to block or forbid communications of the Tor network.” The legislation, according to Le Monde, could be presented as early as January 2016.
It is used by journalists, whistleblowers and people who just want to protect their privacy online, as well as terrorists, pedophiles, and cybercriminals.
The first proposal, according to Le Monde, would forbid free and shared Wi-Fi during a state of emergency. The new measure is justified by way of a police opinion, saying that it’s tough to track people who use public hotspots.
The second proposal is a little more gnarly: the Ministry of Interior is looking at blocking and/or forbidding the use of Tor completely. Blocking people from using Tor within France is technologically quite complex, but the French government could definitely make it difficult for the average user to find and connect to the Tor network. If the French government needs some help in getting their blockade set up, they could always talk to the only other country in the world known to successfully block Tor: China, with its Great Firewall.
The main problem with such a ban on Tor is that it wouldn’t achieve a whole lot. Would-be terrorists could still access Tor from outside the country, and if they manage to access Tor from within France I doubt they’re concerned about being arrested for illegal use of the network. There is evidence to suggest that the recent Paris attacks were planned via unencrypted channels, too: the Bataclan “go” message was sent in the clear via SMS.
On the other hand, criminalising and/or blocking Tor might affect many other legitimate users of the network, such as whistleblowers, journalists, and anyone else who wants to surf the Web privately.
French police found an unencrypted, unlocked phone in a trash bin outside the Bataclan concert hall in Paris that contained a text sent in the clear: “On est parti on commence.” (“Let’s go, we’re starting”).
This lead may have led French authorities to an apartment in Saint-Denis
According to the French newspaper Libération, the police also located a map of the Bataclan on the same phone. However, authorities were unable to identify the recipient of the phone message.
Many American government officials have used the terrorist attacks in Paris as a way to revive calls for increased government access to encrypted communications. Former CIA Director James Woolsey even said in multiple interviews that National Security Agency whistleblower Edward Snowden “has blood on his hands.”
Woolsey elaborated that the changes made by the Obama administration to surveillance as a result of the Snowden leaks and the changes that terrorists made in communicating with each other based on the leaks had led directly to the inability of the intelligence community in the United States and in France to stop the Paris attacks from happening.
Hours after the Saint-Denis raid, the Manhattan district attorney called for new federal legislation that would require that smartphone makers like Apple and Google put backdoors into their software.
David E. Sanger / New York Times:
Hillary Clinton Urges Silicon Valley to ‘Disrupt’ ISIS — WASHINGTON — Hillary Clinton said on Sunday that the Islamic State had become “the most effective recruiter in the world” and that the only solution was to engage American technology companies in blocking or taking down militants’ websites, videos and encrypted communications.
WASHINGTON — Hillary Clinton said on Sunday that the Islamic State had become “the most effective recruiter in the world” and that the only solution was to engage American technology companies in blocking or taking down militant websites, videos and encrypted communications.
“You are going to hear all the familiar complaints: ‘freedom of speech,’ ”
In a reference to Silicon Valley’s reverence for disruptive technologies, Mrs. Clinton said, “We need to put the great disrupters at work at disrupting ISIS,” an acronym used for the militant group.
Much of Mrs. Clinton’s speech was closely aligned with Mr. Obama’s recent arguments about confronting the Islamic State. She spoke of the need to make sure that anyone on a “no-fly” list also could not purchase a gun — a position several Republican candidates took issue with on Sunday — and to explicitly avoid blaming the American Muslim community for the acts of a small number of extremists.
Advertisement
Continue reading the main story
Advertisement
Continue reading the main story
“Declaring war on Islam, or demonizing the Muslim community, is not only counter to our values; it plays right into the hands of the terrorists,” she said.
Reuters:
Source: Obama administration to lean on social media services to flag “active terrorist plotting”, prevent encryption from providing “a dark space” for plotting
Obama appeals to Silicon Valley for help with online anti-extremist campaign
Read more at Reutershttp://www.reuters.com/article/california-shooting-cyber-idUSKBN0TQ0A320151207#q6gILpECSE1r1L6i.99
Alexandra Valasek / The Twitter Blog:NEW
Most influential moments on Twitter 2015 include: #ParisAttacks, #RefugeesWelcome, #FIFAWWC #TheDress, #IStandWithAhmed #PlutoFlyby, #MarriageEquality
There’s little evidence that “mass surveillance” catches potential terrorists, but it does risk catching innocents. More conventional police methods are more effective against terrorism.
When: December 11 // All Day What: We ask you to show your support and help against ISIS by joining us and trolling them // Do not think you have to be apart of Anonymous, anyone can do this and does not require any special skills Where: We ask to take part of this on Facebook // Twitter // Instagram // Youtube // In the “Real World”
Patrick Howell O’Neill / The Daily Dot:
Senator Dianne Feinstein to seek legislation to “pierce” through encryption with warrant, working with Judiciary Committee Chairman Richard Burr, others
A leading Democratic senator will seek legislation requiring the ability to “pierce” through encryption. The potential bill would allow American law enforcement to read protected communications with a court order.
Sen. Dianne Feinstein (D-Calif.) told the Senate Judiciary Committee on Wednesday that she would seek a bill that would give police armed with a warrant based on probable cause the ability “to look into an encrypted Web.”
“I have concern about a PlayStation that my grandchildren might use,” she said, “and a predator getting on the other end, and talking to them, and it’s all encrypted. I think there really is reason to have the ability, with a court order, to be able to get into that.”
The Federal Bureau of Investigation is actively warning America’s biggest technology companies about the “public safety and national security risks” of encryption, according to FBI Director James Comey.
Deadly terrorist attacks in Paris, San Bernardino, California, and elsewhere around the world have reignited a major U.S. debate about encryption. Feinstein cited Paris as a reason the debate against encryption had evolved so quickly. Despite these concerns, the attackers in both of Paris and San Bernardino did not use encryption to organize or execute the deadly strikes, according to authorities.
Most Internet and gadget users encounter encryption without ever knowing it. The “HTTPS” connection that allows users to safely buy products on Amazon or access their bank account uses one category of encryption, while newer Apple iOS and Android devices apply strong encryption whenever a user locks her phone
“The tech companies and the FBI both care about safety on the Internet,” Comey told the Senate Judiciary committee in an FBI oversight hearing. “We understand that encryption is a very important part of being secure on the Internet. We also all care about public safety. We also see a collision course between those two things.”
Comey said that use of encryption by terrorists and criminals is growing. He offered one example.
Comey knew the shooter spoke to an overseas terrorist means that metadata revealed the extensive communications.
Metadata is data surrounding communications that includes phone numbers, times of calls, and identities of callers, or the subject lines of emails. It’s unencrypted and relatively easy for law enforcement to collect.
Over the last two years, Comey has been one of the most prominent figures in the American debate over encryption, increasingly known as the new “Crypto Wars.” He’s consistently warned of terrorist and criminal communications “going dark,” which he says is a “continuing focus for the FBI.”
“There’s no way we solve this entire problem,” Comey said. “Encryption is always going to be available to the sophisticated user. The problem is, post-Snowden, it’s moved to become default.”
Privacy advocates and technologists have long fought against the idea of a legally-mandated “backdoor” into encryption that would give the government the ability to read any encrypted message, with or without a court order.
Objections vary, including that doing so would violate and chill free speech.
The FBI director explained his hopes for the encryption debate by saying that “government doesn’t want a backdoor.”
Instead, Comey said, “if a judge issues an order, the company figures out how to supply that information to the judge and figures out on its own what would be the best way to do that. The government shouldn’t be telling people how to operate their systems.”
When Comey argued that “encryption is part of terrorist tradecraft now,” he received a lot of pushback from online observers.
The Obama administration plans to clarify its stance on strong encryption before Washington shuts down for the holidays.
Administration officials met Thursday with the civil-society groups behind a petition urging the White House to back strong, end-to-end encryption over the objections of some law-enforcement and intelligence professionals.
A senior administration official confirmed that an encryption response was forthcoming but did not comment on the deadline. “The response we posted was an interim one,” the official said of the brief reply to the petition, “and we will have a more fulsome response soon.”
FBI Director James Comey, the staunchest advocate for making tech companies modify their products to facilitate investigations, has warned that criminals are “going dark” by encrypting their communications in indecipherable ways.
Security experts overwhelmingly oppose backdoors, which they say would create opportunities for criminals, not just cops, to breach secure systems.
President Obama has not taken a firm stance on backdoors. He told Re/code in February that “there’s no scenario in which we don’t want really strong encryption,” but he called on tech companies to work with the government to make investigations easier in an Oval Office address on Sunday. His administration continues to pressure tech companies to make such accommodations.
The White House considered a variety of backdoor policies but ultimately rejected them as unworkable.
The White House “seemed to very clearly understand the security implications of weakening encryption.”
The debate over whether businesses should weaken their encryption to help the government, known as the “crypto wars,” began in the 1990s and took on new life after the Paris terrorist attacks in November and the San Bernardino shooting in December. Some officials and lawmakers have blamed encryption and called for a policy response, although there is no evidence that the perpetrators of both attacks relied on encryption to evade detection.
“One of our key arguments at this stage,” Bankston said, “is simply continuing to highlight—as was true in the ’90s… during the original crypto wars, but is even more true now—no matter what U.S. law and U.S. companies do… strong end-to-end encryption is going to be widely available to anyone who wants it.”
Law & Disorder / Civilization & Discontents
France won’t block public Wi-Fi or ban Tor, PM says
Manuel Valls has stated that “a ban on Wi-Fi is not a course of action envisaged.”
by Andrii Degeler – Dec 11, 2015 12:19pm EET
Share
Tweet
12
Martin Crockett
Public Wi-Fi networks and Tor won’t be blocked or forbidden in France in the near future, even during a state of emergency, despite the country’s Ministry of Interior reportedly considering it.
Days after the reports on the proposal surfaced in the French newspaper Le Monde, the country’s prime minister Manuel Valls said he had never heard of such requests by police. “A ban on Wi-Fi is not a course of action envisaged,” he added according to The Connexxion.
Valls also said he wasn’t in favour of banning Tor, and denied any knowledge of the police authorities requesting a law to “require [service] providers to give security forces access codes.”
With renewed focus on how encrypted messages can be used to plot terrorist attacks, President Barack Obama’s administration is stepping up pressure on the tech sector to help in the battle.
Although issues around encryption have been ongoing for decades, the prickly topic has sprung to the fore in recent weeks following killing sprees in Paris and California.
Over the past two years, more sophisticated encryption — notably for smartphones — has become widely available following revelations by former intelligence contractor Edward Snowden about vast US surveillance programs.
But US administration officials as well as local law enforcement are making the case for better access to encrypted data, saying new smartphone and encryption technologies have made it more difficult to thwart “malicious actors.”
“We want to strike the right balance. We want to make sure encryption is not used in a way that does allow for dark space for terrorist groups,” a White House statement said.
Privacy remains a major counter-argument.
Underlining those concerns, an online petition calling on the administration to avoid weakening encryption got more than 100,000 signatures, requiring a White House reply.
The F.B.I. director, James B. Comey, said Wednesday that investigators could not read more than 100 text messages exchanged by one of the attackers in a shooting this year in Garland, Tex., because they were encrypted, adding fuel to law enforcement agencies’ contention that they need a way to circumvent commercially available encryption technology.
Mr. Comey, who two months ago appeared to have lost a battle inside the Obama administration over forcing companies like Apple and Google to give investigators a way to decode messages, told the Senate Judiciary Committee that one of the attackers “exchanged 109 messages with an overseas terrorist” the morning of the shooting.
“We have no idea what he said because those messages were encrypted,” Mr. Comey said. “And to this day, I can’t tell you what he said with that terrorist 109 times the morning of that attack. That is a big problem. We have to grapple with it.”
As politicians and counter-terrorism officials search for lessons from the recent attacks in Paris and San Bernardino, California, senior officials have called for limits on technology that sends encrypted messages.
It’s a debate that has repeatedly recurred for more than a decade.In the 1990s, the Clinton Administration directed technology companies to store copies of their encryption keys with the government. That would have given the government a “backdoor” to allow law enforcement and intelligence agencies easy access to encrypted communications. That idea was dropped after sharp criticism from technologists and civil liberties advocates.
More recently, intelligence officials in Europe and the United States have asserted that encryption hampers their ability to detect plots and trace perpetrators. But many have questioned whether it would be practical or wise to allow governments widespread power to read encrypted messages.
Q: Are terrorists really using encrypted messages to plot attacks?
A: There’s mounting evidence that terrorist groups are using encryption, but so does nearly everyone living in modern society. Encryption protects your bank information, prevents your password from being stolen when you log into a website, and allows all e-commerce transactions to take place securely.
Intelligence officials have said that the planner of the Paris terrorist attacks used encryption technology, but police also found that one of the Paris terrorists was using an unencrypted cellphone.
Q: Are Google, Apple, Facebook and Twitter thwarting law enforcement through their use of encryption?
A: In the past few years, Silicon Valley tech companies have added layers of encryption to their cellphones and websites in an effort to assure users that their data is safe from both hackers and spies. That encryption has also made it harder for law enforcement officials to read what is transmitted by those devices.
In congressional testimony this month, FBI Director James Comey said that encryption is now part of “terrorist tradecraft.”
Q: But can’t the National Security Agency just crack any code it wants?
A: It’s not clear how much encryption the NSA can break.
Q: I heard that there is a “golden key” that unlocks all encryption. Is there such a thing?
A: Not yet and it’s not clear it will ever exist. The U.S. government has been trying to figure out how to access encrypted data for decades. However, wiretapping a phone call is far easier than creating a backdoor into encryption technology.
Q: Are there less complicated ways to give law enforcement and intelligence officials the access they say they need?
A: The White House working group offered three additional ideas for “backdoors” into encryption. All required manufacturing or software changes by U.S. providers and all involved significant political or technical problems.
Q: Will any of these backdoor schemes work?
A: They all have flaws. A big one: Users could easily bypass all of the backdoor options by creating their own layers of encryption.
Q: So what is the government proposing?
A: The short answer is that the government has quietly dropped its requests for a backdoor.
It might be tempting to react to this event emotionally without looking beyond the official narrative, without examining the evidence, without questioning where this is headed. You wouldn’t be alone, but blind indignation lends itself to easy answers, half truths and comforting lies.
On the evening of November 13th 2015, Paris was shaken by a series of coordinated attacks. 129 people were killed, hundreds more wounded. An ambience of fear gripped the country. Terrorists could strike anywhere at any time. Nothing was safe. Even the smallest venue could be targeted.
It might be tempting to react to this event emotionally without looking beyond the official narrative, without examining the evidence, without questioning where this is headed. You wouldn’t be alone, but blind indignation lends itself to easy answers, half truths and comforting lies.
Any time a population is attacked (or believes that they have been attacked) by an outside force, the reaction is as predictable as it is dangerous. New wars, and totalitarian laws that would have been unthinkable days before are easily justified, voices of reason are drowned out, and entire nations can be driven towards a cliff. Given the nature of this particular cliff it would behoove you to look a little deeper this time.
There are several moving parts in this story: the Syrian war, ISIS and the push to remove Assad from power, the expansion of a militarized police state throughout Europe, and of course the refugee crisis. All of which has been conveniently tied together, by a passport, carried by a suicide bomber, a passport which miraculously survived the blast unscathed. (Never mind the fact that German Interior Minister Thomas de Maiziere came forward to say that he had reason to suspect that the passport had been planted.)
Let’s deconstruct this one piece at a time.
Without even looking beyond mainstream sources, we find evidence that the French government knew that the attacks were coming. They were warned by the Iraqi government, they were warned by the Turkish government twice, and according to this article from the Times of Israel (which as since been edited), security officials in Paris were specifically warned of an impending attack that very morning.
And of course the French government just happened to be running an exercise simulating a mass shooting in Paris just hours before the attacks began
Before the dust had even settled, the official narrative was clear. ISIS was responsible. This was war, and France was going to escalate that war, both at home and abroad. A state of emergency was declared, road blocks, border controls and a curfew were imposed, freedom of assembly was restricted, and the military was deployed on the streets.
The state of emergency gives the police the power to detain people without trial, search without warrants and to block any website they see fit.
Who Created ISIS?
And speaking of the CIA… let’s not forget who actually created ISIS.
France didn’t seem too concerned about the rise of Islamic extremism when they joined the U.S. in the 2011 regime change operation in Libya. If mainstream news outlets were publishing evidence of jihadists among the CIA backed rebels, (secondary confirmation from the BBC here) it would be utterly naive to think that French intelligence services didn’t know.
France also didn’t seem to mind the fact that Islamic extremists were receiving the lion’s share of the weapons that were looted from Gaddafi’s armories, and shipped through Turkey, and into Syria.
France didn’t stand up or speak out for years as the U.S. government continued arming, funding and training these extremists.
Why? Because ISIS serves a purpose. ISIS and its associates, Al-Nusra and the FSA are weakening the Syrian government, creating a pretext for military intervention, and providing the perfect excuse for a massive power grab on the home front.
The Rise of Fascism in Europe
What’s happening in France should not be viewed in isolation. Xenophobic sentiment has been on the rise throughout Europe, and is gaining ground politically. This trend has clearly been exacerbated by the ongoing migrant crisis (which is obviously tied to the regime change policies of the West) but one variable in this equation that no one is talking about is the fact that the way immigration has been handled in Europe is not merely a question of short sightedness, it is a reflection of policy.
Problem, Reaction, Solution
This formula is not new. These tactics are not original, nor are the motives or response. Like the American public following 9/11, it’s going to take the European population quite some time to realize where they are being led, and they’re only going to come to that realization if those who see what is happening have the courage to speak out.
Recent claims by some (mostly nontechnical) observers that it would be “simple” for services like YouTube to automatically block “terrorist” videos, in the manner that various major services currently detect child porn images are nonsensical. One major difference is that those still images are detected via data “fingerprinting” techniques that are relatively effective on known still images compared against a known database, but are relatively useless outside the realm of still images
As part of the ongoing attempts by politicians around the world to falsely demonize the Internet as a fundamental cause of (or at least a willing partner in) the spread of radical terrorist ideologies, arguments have tended to focus along two parallel tracks.
First is the notorious “We have to do something about evil encryption!” track. This is the dangerously loony “backdoors into encryption for law enforcement and intelligence agencies” argument, which would result in the bad guys having unbreakable crypto, while honest citizens would have their financial and other data made vastly more vulnerable to attacks by black hat hackers as never before.
The other track in play relates to an area where there is much more room for reasoned discussion — the presence on the Net of vast numbers of terrorist-related videos, particularly the ones that directly promote violent attacks and other criminal acts.
Make no mistake about it, there are no “magic wand” solutions to be found for this problem, but perhaps we can move the ball in a positive direction with some serious effort.
Both policy and technical issues must be in focus.
In the policy realm, all legitimate Web firms already have Terms of Service (ToS) of some sort, most of which (in one way or another) already prohibit videos that directly attempt to incite violent attacks or display actual acts
When we move beyond such directly violent videos, the analysis becomes more difficult, because we may be looking at videos that discuss a range of philosophical aspects of radicalism
Politicians tend to promote the broadest possible censorship laws that they can get away with, and so censorship tends to be a slippery slope that starts off narrowly and rapidly expands to other than the originally targeted types of speech.
We must also keep in mind that censorship per se is solely a government power — they’re the ones with the prison cells and shackles to seriously enforce their edicts.
The correct way to fight this class of videos is with our own information, of course. We should be actively explaining why (for example) ISIL/ISIS/IS/Islamic State/Daesh philosophies are the horrific lies of a monstrous death cult.
Yes, we should be doing this effectively and successfully. And we could, if we put sufficient resources and talent behind such information efforts. Unfortunately, Western governments in particular have shown themselves to be utterly inept in this department to date.
Have you seen any of the current ISIL recruitment videos? They’re colorful, fast-paced, energetic, and incredibly professional. Absolutely state of the art 21st century propaganda aimed at young people.
By contrast, Western videos that attempt to push back against these groups seem more on the level of the boring health education slide shows we were shown in class back when I was in elementary school.
Small wonder that we’re losing this information war. This is something we can fix right now, if we truly want to.
The foundational issue is that immense amounts of video are being uploaded to services like YouTube (and now Facebook and others) at incredible rates that make any kind of human “previewing” of materials before publication entirely impractical, even if there were agreement (which there certainly is not) that such previewing was desirable or appropriate.
Services like Google’s YouTube run a variety of increasingly sophisticated automated systems to scan for various content potentially violating their ToS, but these systems are not magical in nature, and a great deal of material slips through and can stay online for long periods.
These facts tend to render nonsensical recent claims by some (mostly nontechnical) observers that it would be “simple” for services like YouTube to automatically block “terrorist” videos, in the manner that various major services currently detect child porn images.
Washington Post:
White House announces DHS-led counter-terrorism task force involving other federal, local agencies, plus revamp of State Department effort to fight ISIS online
The Obama administration is overhauling its faltering efforts to combat the online propaganda of the Islamic State and other terrorist groups, U.S. officials said, reflecting rising White House frustration with largely ineffective efforts so far to cut into ISIS’s use of social media to draw recruits and incite attacks.
Officials will create a new counterterrorism task force, which will be based at the Department of Homeland Security but aims to enlist dozens of federal and local agencies.
The moves come at a time of increasing public anxiety and criticism of the administration’s strategy after recent attacks in Paris and San Bernardino, Calif., that were linked to or partly inspired by the Islamic State.
“Everybody realizes that this is a moment . . . to take advantage of,”
“Ultimately, it is not going to be enough to defeat ISIL in the battlefield,” Obama told representatives from more than 100 nations and civil society groups . “We have to prevent it from radicalizing, recruiting and inspiring others to violence in the first place. And this means defeating their ideology.”
But one of the biggest problems the administration has faced is determining whether any of it is working. As the U.S. government’s counter-messaging campaign has grown, so has the Islamic State’s recruitment spread.
“The climate overall has become pretty bad,” a U.S. official said. “Our business is an uphill business.”
Friday’s high-level conference with senior executives of YouTube, Facebook, Twitter, Microsoft, LinkedIn and Apple is the administration’s most ambitious attempt to persuade those companies to collaborate in the counter-militant campaign.
“The idea is to come out with a work plan,” one administration official said. “Nobody wants to have their platforms co-opted by terrorists.”
The assembled firepower was puzzling to some in Silicon Valley
Many were angered by the public fallout for their prior cooperation with the government, the extent of which was exposed in documents leaked by former U.S. intelligence contractor Edward Snowden.
“Being seen as having the U.S. government force our hands makes others around the world lose confidence in us,” said an industry official
Justin Jouvenal / Washington Post:
Some police forces score citizens’ threat level with Intrado’s Beware software based on your medical, criminal history, and social media posts
FRESNO, Calif. — While officers raced to a recent 911 call about a man threatening his ex-girlfriend, a police operator in headquarters consulted software that scored the suspect’s potential for violence the way a bank might run a credit report.
The program scoured billions of data points, including arrest reports, property records, commercial databases, deep Web searches and the man’s social- media postings. It calculated his threat level as the highest of three color-coded scores: a bright red warning.
The man had a firearm conviction and gang associations, so out of caution police called a negotiator. The suspect surrendered, and police said the intelligence helped them make the right call — it turned out he had a gun.
As a national debate has played out over mass surveillance by the National Security Agency, a new generation of technology such as the Beware software being used in Fresno has given local law enforcement officers unprecedented power to peer into the lives of citizens.
Police officials say such tools can provide critical information that can help uncover terrorists or thwart mass shootings, ensure the safety of officers and the public, find suspects, and crack open cases. They say that last year’s attacks in Paris and San Bernardino, Calif., have only underscored the need for such measures.
The Islamic State has long relied on messaging apps like Facebook’s FB -3.93% What’sApp, Telegram, and Twitter TWTR -4.79% direct messaging to communicate and distribute propaganda. Now, online counterterrorism outfit Ghost Security Group claims ISIS has built its own Android-based, encrypted messaging app that circumvents conventional messaging apps like WhatsApp that are easier for the F.B.I. to monitor.
Ghost Security is the same hacking collective that last month pointed out that ISIS members used Telegram
The site hosting the Amaq Agency app download has since disappeared. Shortly thereafter another app surfaced in its place called Alrawi.apk.
These messaging features aren’t quite as secure or sophisticated as those of Telegram or WhatsApp, but they share the distinct advantage of being independent of any third-party company or organization that might help anti-ISIS governments or law enforcement agencies. In recent months, FBI Director James Comey and others within the U.S. national security apparatus have argued that governments should require services like WhatsApp to build back doors into their encryption so law enforcement can more easily intercept terrorist communications.
Without going quite as far as Comey, President Barack Obama and presidential contenders like Hillary Clinton have in recent weeks urged Silicon Valley to voluntarily join the fight against ISIS.
The emergence of a messaging app by ISIS complicates those efforts. With its own encrypted messaging app, ISIS doesn’t have to worry about WhatsApp or another of its favorite messaging services letting the FBI or other agencies in.
Communication has become a cornerstone of ISIS’s operations as the organization has spread not only across Iraq and Syria, but also into Libya, Egypt, and elsewhere in the region.
The group has also taken to encouraging so-called “lone wolf” attackers to take up the ISIS cause in their own countries
Even when it is not being particularly tech-savvy, ISIS drives home the importance of secure communications to its members and prospective followers.
“Any operation that doesn’t have a strong security and precaution base is deemed to fail, just like a big building needs strong foundations,” the booklet says. “Security precautions are the foundations of any operation.”
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.
We are a professional review site that has advertisement and can receive compensation from the companies whose products we review. We use affiliate links in the post so if you use them to buy products through those links we can get compensation at no additional cost to you.OkDecline
74 Comments
Tomi Engdahl says:
As Predicted: Encryption Haters Are Already Blaming Snowden (?!?) For The Paris Attacks
https://www.techdirt.com/articles/20151115/23360632822/as-predicted-encryption-haters-are-already-blaming-snowden-paris-attacks.shtml
It really was less than two months ago that we noted that, having lost the immediate battle for US legislation to backdoor encryption, those in the intelligence community knew they just needed to bide their time until the next big terrorist attack. Here was the quote from Robert Litt — the top lawyer for the Office of the Director of National Intelligence from September:
Although “the legislative environment is very hostile today,” the intelligence community’s top lawyer, Robert S. Litt, said to colleagues in an August e-mail, which was obtained by The Post, “it could turn in the event of a terrorist attack or criminal event where strong encryption can be shown to have hindered law enforcement.”
Tomi Engdahl says:
These are the ways Anonymous could wage ‘war’ on ISIS
http://www.techinsider.io/the-ways-anonymous-could-wage-war-on-isis-2015-11
International hacking collective Anonymous declared war this weekend on ISIS, the extremist militant group that claimed responsibility for the attacks in Paris on November 13 which killed 129 people and left another approximately 350 injured.
Release of private information: retrieval and dissemination of information considered private by ISIS.
“Doxxing” members: revealing personal, private information about members of ISIS.
“DDoS” attacks: flooding servers with information requests.
Hack accounts: Take over social media accounts used by ISIS.
“Google Bomb” / “Googlewashing” searchable terms with links to anti-ISIS websites.
Prank calls: flood ISIS phone networks with spam phone calls.
Tomi Engdahl says:
Facebook’s Tragedy Features and the Outrage They Inspired
http://www.wired.com/2015/11/facebook-safety-check-french-flag-filter-tragedy-features-and-the-outrage-they-inspired/
On Friday night following the attacks, Facebook switched on two lesser-known features: Safety Check and Temporary Profiles. The former was a way for people in Paris to let family and friends know they were safe; the latter splashed an overlay of the French flag on top of profile pictures. (I’ve seen the same effect offered to me on certain weekends asking if I want a green and yellow filter to show my enthusiasm for the University of Oregon Ducks.)
Almost immediately, the check-ins and red, white, and blue profile pictures rolled in. It was automatic, really: If someone asked you to participate in something meant to ease the pain and worry of a crisis, you would say yes. So people checked in and other people talked about it and yes, people changed their profile photos.
And then people started asking questions: Why wasn’t Safety check turned on for the people of Beirut, where suicide bombings Thursday killed 43? Or Syria? Or Kenya? Why weren’t there temporary flag filters for these countries, similarly ravaged by tragedy? What was it that set Paris apart?
“Until yesterday, our policy was only to activate Safety Check for natural disasters,” Zuckerberg wrote. “We just changed this and now plan to activate Safety Check for more human disasters going forward as well …”
Tomi Engdahl says:
After Paris Attacks, Here’s What the CIA Director Gets Wrong About Encryption
http://www.wired.com/2015/11/paris-attacks-cia-director-john-brennan-what-he-gets-wrong-about-encryption-backdoors/
It’s not surprising that in the wake of the Paris terrorist attacks last Friday, US government officials would renew their assault on encryption and revive their efforts to force companies to install backdoors in secure products and encryption software.
Just last month, the government seemed to concede that forced decryption wasn’t the way to go for now, primarily because the public wasn’t convinced yet that encryption is a problem. But US officials had also noted that something could happen to suddenly sway the public in their favor.
With more than 120 people killed last week in Paris and dozens more seriously wounded, government officials are already touting the City of Light as that case. Former CIA deputy director Michael Morell said as much on CBS This Morning, suggesting that recalcitrant US companies and NSA whistleblower Edward Snowden are to blame for the attacks.
“We don’t know yet, but I think what we’re going to learn is that [the attackers] used these encrypted apps, right?,” he said on the show Monday morning. “Commercial encryption, which is very difficult, if not impossible, for governments to break. The producers of this encryption do not produce the key, right, for either them to open this stuff up or for them to give to governments to open this stuff up. This is the result of Edward Snowden and the public debate. I now think we’re going to have another public debate about encryption, and whether government should have the keys, and I think the result may be different this time as a result of what’s happened in Paris.”
CIA Director John Brennan said something similar
No solid information has come out publicly yet about what communication methods the attackers used to plot their assault.
On Sunday, the New York Times published a story stating that the Paris attackers “are believed to have communicated [with ISIS] using encryption technology.” The paper’s sources were unnamed European officials briefed on the investigation. It was not clear, however, “whether the encryption was part of widely used communications tools, like WhatsApp, which the authorities have a hard time monitoring, or something more elaborate,” the paper noted.
Twitter users harshly criticized the Times story, and it has since disappeared from the site (though it is archived)
A Yahoo news story on Saturday added to the theme, declaring that the Paris attacks show that US surveillance of ISIS is going dark.
Numerous other news stories have suggested that attackers like the ones who struck Paris may be using something other than WhatsApp.
A source told the paper that they are using it because “Playstation 4 is even more difficult to monitor than WhatsApp.”
US Law enforcement and intelligence agencies have been warning for years that their inability to decrypt communication passing between phones and computers—even when they have a warrant or other legal authority to access the communication—has left them in the dark about what terrorists are planning.
But there are several holes in the argument that forcing backdoors on companies will make us all more secure. While doing this would no doubt make things easier for the intelligence and law enforcement communities, it would come at a grave societal cost—and a different security cost—and still fail to solve some of the problems intelligence agencies say they face with surveillance.
1. Backdoors Won’t Combat Home-Brewed Encryption.
Forcing US companies and makers of encryption software to install backdoors and hand over encryption keys to the government would not solve the problem of terrorist suspects’ products that are made in countries not controlled by US laws.
“There’s no way of preventing a terrorist from installing a Russian [encryption] app or a Brasilian app,”
2. Other Ways to Get Information. The arguments for backdoors and forced decryption often fail to note the many other methods law enforcement and intelligence agencies can use to get the information they need. To bypass and undermine encryption, intelligence agencies can hack the computers and mobile phones of known targets to either obtain their private encryption keys or obtain email and text communications before they’re encrypted and after they’re decrypted on the target’s computer.
“We’re still living in an absolute Golden Age of surveillance,” says Cardozo. “And there is always a way of getting the data that is needed for intelligence purposes.”
3. Encryption Doesn’t Obscure Metadata. Encryption doesn’t prevent surveillance agencies from intercepting metadata and knowing who is communicating with whom. Metadata can reveal phone numbers and IP addresses that are communicating with one another, the date and time of communication and even in some cases the location of the people communicating. Such data can be scooped up in mass quantities through signals intelligence or by tapping undersea cables. Metadata can be extremely powerful in establishing connections, identities and locating people.
4. Backdoors Make Everyone Vulnerable. As security experts have long pointed out, backdoors and encryption keys held by a service provider or law enforcement agencies don’t just make terrorists and criminals open to surveillance from Western authorities with authorization—they make everyone vulnerable to the same type of surveillance from unauthorized entities, such as everyday hackers and spy agencies from Russia, China, and other countries. This means federal lawmakers on Capitol Hill and other government workers who use commercial encryption would be vulnerable as well.
“If Snowden has taught us anything, it’s that the intel agencies are drowning in data,” Cardozo says. “They have this ‘collect it all mentality’ and that has led to a ridiculous amount of data in their possession. It’s not about having enough data; it’s a matter of not knowing what to do with the data they already have. That’s been true since before 9/11, and it’s even more true now.”
Tomi Engdahl says:
NYT Quietly Pulls Article Blaming Encryption In Paris Attacks
http://yro.slashdot.org/story/15/11/17/1357248/nyt-quietly-pulls-article-blaming-encryption-in-paris-attacks
Inside Sources reports that the New York Times has quietly pulled a story from its website alleging the attackers used encrypted technology. The original piece which has since been removed, can be found on the Internet Archive and stated. “The attackers are believed to have communicated using encryption technology, according to European officials who had been briefed on the investigation but were not authorized to speak publicly.”
Tomi Engdahl says:
ISIS Has Help Desk for Terrorists Staffed Around the Clock
http://www.nbcnews.com/storyline/paris-terror-attacks/isis-has-help-desk-terrorists-staffed-around-clock-n464391
NBC News has learned that ISIS is using a web-savvy new tactic to expand its global operational footprint — a 24-hour Jihadi Help Desk to help its foot soldiers spread its message worldwide, recruit followers and launch more attacks on foreign soil.
Counterterrorism analysts affiliated with the U.S. Army tell NBC News that the ISIS help desk, manned by a half-dozen senior operatives around the clock, was established with the express purpose of helping would-be jihadists use encryption and other secure communications in order to evade detection by law enforcement and intelligence authorities.
The relatively new development — which law enforcement and intel officials say has ramped up over the past year — is alarming
Authorities are now homing in on the terror group’s growing cyber capabilities after attacks in Paris, Egypt and elsewhere for which ISIS has claimed credit.
“They’ve developed a series of different platforms in which they can train one another on digital security to avoid intelligence and law enforcement agencies for the explicit purpose of recruitment, propaganda and operational planning,”
The existence of the Jihadi Help Desk has raised alarm bells in Washington and within the global counterterrorism community because it appears to be allowing a far wider web of militants to network with each other and plot attacks. A senior European counterterrorism official said that concerns about the recent development are especially serious in Europe, where ISIS operatives are believed to be plotting major attacks, some of them with direct assistance from ISIS headquarters in Syria.
“While some of the contacts between groups like ISIL and potential recruits occur in publicly accessible social networking sites,”
“They are very decentralized. They are operating in virtually every region of the world.”
The help desk workers closely track all of the many new kinds of security software and encryption as they come online, and produce materials to train others in how to use them. The CTC has obtained more than 300 pages of documents showing the help desk is training everyone from novice militants to the most experienced jihadists in digital operational security.
And once the help desk operatives develop personal connections with people, ISIS then contacts them to engage them in actual operational planning — including recruiting, fundraising and potentially attacks.
Tomi Engdahl says:
However We Fight Terrorism, Ubiquitous Government Surveillance Isn’t the Answer
http://mic.com/articles/128569/however-we-fight-terrorism-after-paris-attacks-government-surveillance-isnt-the-answer#.2p0BVKvrz
The comparison of the Nov. 14, 2015, attacks on Paris to the Sept. 11, 2001, attacks on the United States evokes not just a profound level of violence and terror, but of an interruption in history, a bookmark in a timeline when the country shifted politically and allowed for an unprecedented level of government intrusion and surveillance into the private lives of its citizens.
In the wake of the Charlie Hebdo massacre in January, France introduced its first surveillance legislation since 1991 — a bill that would allow the government to wiretap communications, install secret surveillance cameras and sweep up metadata. Privacy advocates called it “highly intrusive” and said it posed a “grave new threat” to protected professions like journalism. The bill was passed in a landslide vote in French Parliament, 438-86.
In exchange for security, we’re told we must trade our privacy, whether to the government or private corporations. And with every passing incident of aberrant violence, we’re left asking when that promised security is meant to arrive.
Government officials and commentators are already trotting out Edward Snowden as an indirect cause of the Paris attacks by reasoning it could have been prevented if the terrorists didn’t know the extent of government surveillance.
Legislators in the United States, as well as the prime minister of the U.K., have been asking for the weakening of encryption standards across the board so that state-level actors can peer into any potential threat. Meanwhile, the near-unanimous objection of the technology community is that weakening encryption on behalf of law enforcement would provide minor gains for the government and enormous gains for hackers and criminals.
For now, encryption works: But where privacy standards remain intact, intelligence authorities are brute-forcing their own solutions.
Tomi Engdahl says:
Criminals are most certainly using these systems to their benefit — there’s very little question about that. Former law enforcement officials told Yahoo News that Apple’s iMessage and WhatsApp, two messaging systems that offer encrypted communications that can be erased after they’ve been sent, have allowed terrorists and criminals to plan attacks while evading detections. If the attackers in Paris used these kinds of communications, it’s unlikely we’ll recover the intimate details of their plotting.
Source: http://mic.com/articles/128569/however-we-fight-terrorism-after-paris-attacks-government-surveillance-isnt-the-answer#.2p0BVKvrz
Tomi Engdahl says:
Bitcoin: Islamic State’s online currency venture
http://www.dw.com/en/bitcoin-islamic-states-online-currency-venture/a-18724856
Between bitcoin and gold, the “Islamic State” is experimenting with currency, marking a new step in its state-crafting ambitions. But will the latest move further embed it amid international efforts to uproot the group?
The technology behind the digital currency bitcoin makes it difficult to trace, with a single unidentifiable wallet – or account – having received around $23 million (20.3 million euros) worth of bitcoin in the past month.
The EU Institute for Security Studies (EUISS) published a report in June detailing IS’ use of digital currencies and encrypted platforms, noting that such practices makes it “particularly hard to trace” the flow of finances and black market goods.
“Sadaqa (private donations) constitute one of ISIL’s main sources of revenue, and its supporters around the world have allegedly used digital currencies such as bitcoin to transfer money quickly to accounts held by ISIL militants while minimizing the risk of detection,” wrote EUISS junior analyst Beatrice Berton, referring to IS by an alternate acronym.
Thousands of dollars worth of bitcoin has been sent to accounts purportedly affiliated with “Islamic State,” with the one of the accounts registering its first transaction in 2012.
Tomi Engdahl says:
ISIL Militants Linked To France Terrorist attacks Had A Bitcoin Address with 3 Million Dollars
http://www.newsbtc.com/2015/11/14/isil-militants-linked-to-france-terrorist-attacks-had-a-bitcoin-address-with-3-million-dollars/
Tomi Engdahl says:
Anonymous Takes Down Thousands of ISIS-Related Twitter Accounts In a Day
http://tech.slashdot.org/story/15/11/17/1917226/anonymous-takes-down-thousands-of-isis-related-twitter-accounts-in-a-day?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot%2Fto+%28%28Title%29Slashdot+%28rdf%29%29
Softpedia is reporting that Anonymous, along with social media users, have identified several thousand Twitter accounts allegedly linked to ISIS members. “Besides scanning for ISIS Twitter accounts themselves, the hacking group has also opened access to the [takedown operation] site to those interested. Anyone who comes across ISIS social media accounts can easily search the database and report any new terrorists and supporters. The website is called #opIceISIS [slow right now, but it does load] and will index ISIS members based on their real name, location, picture, Twitter, Facebook, and YouTube accounts.” Anonymous crowdsourcing their operations… welcome to the brave new world, ISIS.
An article at The Independent reminds everyone that this information has not been independently confirmed, and that Anonymous is certainly capable of misidentifying people.
One Day Later, Anonymous Already Takes Down 3,824 Pro-ISIS Twitter Accounts
http://news.softpedia.com/news/one-day-later-anonymous-already-takes-down-3-824-pro-isis-twitter-accounts-496258.shtml
‘Operation Isis’ Anonymous activists begin leaking suspected extremist Twitter account details
http://www.independent.co.uk/life-style/gadgets-and-tech/news/paris-attacks-anonymous-operation-isis-activists-begin-leaking-details-of-suspected-extremist-a6737291.html
Organising under #opISIS and #opParis, the group is attempting to take down the websites and social media accounts of people associated with the group — as well as apparently release personal details of those involved in recruitment
Tomi Engdahl says:
Natasha Lomas / TechCrunch:
In the aftermath of Paris attacks, intelligence agencies scapegoat encryption to mask the failures of mass surveillance — Encryption Is Being Scapegoated To Mask The Failures Of Mass Surveillance — Well that took no time at all. Intelligence agencies rolled right into the horror …
Encryption Is Being Scapegoated To Mask The Failures Of Mass Surveillance
http://techcrunch.com/2015/11/17/the-blame-game/
Well that took no time at all. Intelligence agencies rolled right into the horror and fury in the immediate wake of the latest co-ordinated terror attacks in the French capital on Friday, to launch their latest co-ordinated assault on strong encryption — and on the tech companies creating secure comms services — seeking to scapegoat end-to-end encryption as the enabling layer for extremists to perpetrate mass murder.
There’s no doubt they were waiting for just such an ‘opportune moment’ to redouble their attacks on encryption after recent attempts to lobby for encryption-perforating legislation foundered. (A strategy confirmed by a leaked email sent by the intelligence community’s top lawyer, Robert S. Litt, this August — and subsequently obtained by the Washington Post — in which he anticipated that a “very hostile legislative environment… could turn in the event of a terrorist attack or criminal event where strong encryption can be shown to have hindered law enforcement”. Et voila Paris… )
Speaking to CBS News the weekend in the immediate aftermath of the Paris attacks, former CIA deputy director Michael Morell said: “I think this is going to open an entire new debate about security versus privacy.”
Elsewhere the fast-flowing attacks on encrypted tech services have come without a byline — from unnamed European and American officials who say they are “not authorized to speak publicly”. Yet are happy to speak publicly, anonymously.
The NYT published an article on Sunday alleging that attackers had used “encryption technology” to communicate — citing “European officials who had been briefed on the investigation but were not authorized to speak publicly”. (The paper subsequently pulled the article from its website, as noted by InsideSources, although it can still be read via the Internet Archive.)
The irony of government/intelligence agency sources briefing against encryption on condition of anonymity as they seek to undermine the public’s right to privacy would be darkly comic if it weren’t quite so brazen.
Here’s what one such unidentified British intelligence source told Politico: “As members of the general public get preoccupied that the government is spying on them, they have adopted these applications and terrorists have found them tailor-made for their own use.”
“Seeking to outlaw technology tools that are used by the vast majority of people to protect the substance of law-abiding lives is not just bad politics, it’s dangerous policy.”
In the same Politico article, an identified source — J.M. Berger, the co-author of a book about ISIS — makes a far more credible claim: “Terrorists use technology improvisationally.”
Of course they do. The co-founder of secure messaging app Telegram, Pavel Durov, made much the same point earlier this fall when asked directly by TechCrunch about ISIS using his app to communicate. “Ultimately the ISIS will always find a way to communicate within themselves. And if any means of communication turns out to be not secure for them, then they switch to another one,” Durov argued. “I still think we’re doing the right thing — protecting our users privacy.”
Bottom line: banning encryption or enforcing tech companies to backdoor communications services has zero chance of being effective at stopping terrorists finding ways to communicate securely. They can and will route around such attempts to infiltrate their comms, as others have detailed at length.
Here’s a recap: terrorists can use encryption tools that are freely distributed from countries where your anti-encryption laws have no jurisdiction. Terrorists can (and do) build their own securely encrypted communication tools. Terrorists can switch to newer (or older) technologies to circumvent enforcement laws or enforced perforations. They can use plain old obfuscation to code their communications within noisy digital platforms like the Playstation 4 network, folding their chatter into general background digital noise (of which there is no shortage). And terrorists can meet in person, using a network of trusted couriers to facilitate these meetings, as Al Qaeda — the terrorist group that perpetrated the highly sophisticated 9/11 attacks at a time when smartphones were far less common, nor was there a ready supply of easy-to-use end-to-end encrypted messaging apps — is known to have done.
Point is, technology is not a two-lane highway that can be regulated with a couple of neat roadblocks — whatever many politicians appear to think. All such roadblocks will do is catch the law-abiding citizens who rely on digital highways to conduct more and more aspects of their daily lives. And make those law-abiding citizens less safe in multiple ways.
Tomi Engdahl says:
Congressman: To stop ISIS, let’s shut down websites and social media
Terrorists are using the Internet against us, lawmaker says.
http://arstechnica.com/tech-policy/2015/11/congressman-to-stop-isis-lets-shut-down-websites-and-social-media/
US Rep. Joe Barton (R-Texas) has a plan to stop terrorists: shut down websites, including social media networks.
Barton today asked Federal Communications Commission Chairman Tom Wheeler if the commission can shut down websites used by ISIS and other terrorist groups. Barton didn’t name any specific sites but said that “we need to do something” because of the terrorist attack in Paris.
“ISIS and the terrorist networks can’t beat us militarily, but they are really trying to use the Internet and all of the social media to try to intimidate and beat us psychologically,” Barton said. Addressing Wheeler during an FCC oversight hearing held by the Subcommittee on Communications and Technology, Barton continued:
Isn’t there something we can do under existing law to shut those Internet sites down, and I know they pop up like weeds, but once they do pop up, shut them down and then turn those Internet addresses over to the appropriate law enforcement agencies to try to track them down? I would think that even in an open society, when there is a clear threat, they’ve declared war against us, our way of life, they’ve threatened to attack this very city our capital is in, that we could do something about the Internet and social media side of the equation.
Wheeler answered, “I’m not sure that our authority extends to picking and choosing among websites, but I do think there are specific things that we can do,” with Barton interrupting to ask, “Do we need on a bipartisan basis to give additional authority to shut sites down?”
One GOP lawmaker’s plan to stop ISIS: Censor the Internet
https://www.washingtonpost.com/news/the-switch/wp/2015/11/17/one-gop-lawmakers-plan-to-stop-isis-censor-the-internet/
Rep. Joe Barton (R-Texas) wants the federal government to shut down the Internet — or at least, the parts of it that are being used by the Islamic State.
“They are really trying to use the Internet and all the social media to intimidate and beat us psychologically,” Barton said during a House committee hearing Tuesday. “Isn’t there something we can do to shut those Internet sites down?”
Barton conceded that censoring the Web sites might be difficult — “I know they pop up like weeds” — but plowed ahead with his proposal, suggesting that the Federal Communications Commission attempt to shut down the sites.
“They’re using the Internet in an extremely offensive and inappropriate way against us,”
There’s just one problem with Barton’s plan: The Internet may be a little more complicated than he thinks.
The FCC doesn’t have the authority to regulate individual Web sites, agency chairman Tom Wheeler replied. And the commission likely won’t want even a temporary authority to censor the Web. Here’s why.
Critics of the commission have complained that the FCC’s net neutrality rules are simply a backdoor way for the agency to regulate the Internet. Even if it were technically feasible for the government to find and shut down every single ISIS Web site (it’s not), for the FCC to do so would simply lend credence to those attacks. And it would undermine the spirit of the net neutrality rules, which are aimed at allowing all (legal) speech — for better or for worse — to flourish online without interference by anybody.
Congress could probably get around that by ruling ISIS-affiliated speech illegal. But then we’d have an even bigger First Amendment problem on our hands.
Tomi Engdahl says:
Telegram cracked down on 78 ISIS-related channels in 12 languages this week
http://venturebeat.com/2015/11/18/telegram-cracked-down-on-78-isis-related-channels-in-12-languages-this-week/
Encrypted messaging app Telegram announced today that it has shut down access to several public channels that people have used to communicate about ISIS. The news comes after days after the terrorist group waged attacks in Paris that killed more than 100 people. Since then, reports have surfaced about how terrorists have used encrypted messaging in their operations.
“We were disturbed to learn that Telegram’s public channels were being used by ISIS to spread their propaganda,” Telegram wrote today in a publicly visible post in the Telegram app
This week the company will be rolling out an easier way to report on “objectionable” content that’s visible to any user, according to the post.
Tomi Engdahl says:
Kim Zetter / Wired:
ISIS’ OPSEC manual reveals how it handles cybersecurity, from Tor and Tails to BlackPhone
http://www.wired.com/2015/11/isis-opsec-encryption-manuals-reveal-terrorist-group-security-protocols/
In the wake of the Paris attacks, US government officials have been vocal in their condemnation of encryption, suggesting that US companies like Apple and Google have blood on their hands for refusing to give intelligence and law enforcement agencies backdoors to unlock customer phones and decrypt protected communications. But news reports of the Paris attacks have revealed that at least some of the time, the terrorists behind the attacks didn’t bother to use encryption while communicating, allowing authorities to intercept and read their messages.
Reports in France say that investigators were able to locate some of the suspects’ hideout this week using data from a cellphone apparently abandoned by one of the attackers in a trashcan outside the Bataclan concert hall where Friday’s attack occurred, according to Le Monde. Authorities tracked the phone’s movements prior to the attack,
Other reports indicate that a previous ISIS terrorist plot targeting police in Belgium was disrupted in that country last January because Abdelhamid Abaaoud—suspected mastermind of both that plot and the Paris attacks—had failed to use encryption.
All of this suggests that the attackers were guilty of major OPSEC failures—that is, if it weren’t for the fact that some of them still managed to pull off the Paris attacks without prior detection. This suggests they either did use encryption during earlier planning stages of their attacks, or that authorities were so overwhelmed tracking other suspects—French investigators claim they recently thwarted six other attacks—that they overlooked the suspects who pulled off the Paris attacks. This indeed might be the case since Turkish authorities have said they tried to warn French authorities twice about one of the suspects but never got a response.
Despite this, US authorities have flooded the media this week with stories about how ISIS’ use of encryption and other anti-surveillance technologies has thwarted their ability to track the terrorists. But authorities have also slyly hinted that some of the encryption technologies the terrorists use are not as secure as they think they are, or are not being configured and used in a truly secure manner. So what exactly are ISIS attackers doing for OPSEC?
It turns out that a 34-page guide to operational security (.pdf) that ISIS members advise recruits to follow, offers some clues.
The guide was originally written about a year ago by a Kuwaiti security firm known as Cyberkov to advise journalists and political activists in Gaza on how to protect their identities, the identity of their sources and the integrity of information they report. But members of ISIS have since co-opted it for their own use as well.
The guide offers a handy compilation of advice on how to keep communications and location data private, as well as links to dozens of privacy and security applications and services, including the Tor browser, the Tails operating system; Cryptocat, Wickr, and Telegram encrypted chat tools; Hushmail and ProtonMail for email; and RedPhone and Signal for encrypted phone communications. Gmail, the guide notes, is only considered secure if the account is opened using false credentials and is used with Tor or a virtual private network. Android and iOS platforms are only secure when communications are routed through Tor.
The manual advises disabling the GPS tagging feature on mobile phones to avoid leaking location data when taking photos—a mistake that a Vice reporter made in 2012 when interviewing murder suspect John McAfee who was on the lam. Alternatively, operatives and journalists can use the Mappr app can be used to falsify location data and throw intelligence agencies off their trail.
The OPSEC manual used by ISIS also advises against using Instagram because its parent company, Facebook, has a poor track record on privacy, and it warns that mobile communications can be intercepted, even though GSM networks are encrypted. It advises readers to use encrypted phones like Cryptophone or BlackPhone instead.
There are no surprises among the documents. Most of the recommendations are the same that other civil liberties and journalist groups around the world advise human rights workers, political activists, whistleblowers and reporters to use to secure their communications and obscure their identity or hide their location.
“This is about as good at OPSEC as you can get without being formally trained by a government,” Brantly, a cyber fellow with the West Point center, told WIRED. “This is roughly [the same advice] I give to human rights activists and journalists to avoid state surveillance in other countries. If they do it right, then they can become pretty secure. [But] there’s a difference between telling somebody how to do it and then [them] doing it right.”
The documents warn that followers should use strong passwords and avoid clicking on suspicious links, to prevent intelligence agencies and everyday hackers from breaching their systems.
It advises users to always use a VPN online to encrypt data and prevent ISPs and spy agencies from reading their communication. But it cautions users to stay away from American providers of VPNs and encrypted chat tools and instead use ones like Telegram and Sicher, instant messaging apps made by companies based in Germany, or the Freedome, a VPN from the Finish computer security firm F-Secure. Apple’s iMessage, an end-to-end encryption service, also gets a thumbs-up
Although US government officials have repeatedly cited WhatsApp as a tool ISIS uses to thwart surveillance, the Kuwaiti manual actually puts the chat application on a “banned” list.
He also says they’ve seen no sign yet that ISIS is using home-brewed encryption programs that its members created themselves. “Al Qaeda developed their own encryption platform for a while. But ISIS right now is largely using Telegram [for encrypted communication],”
“There’s a whole section on hacking [in the ISIS forums],” Brantley says. “They’re not super-talented hackers, but they’re reasonable.”
Tomi Engdahl says:
Washington Post:
How the media division of ISIS creates a dual image as a benevolent destination and a menacing, violent domain — Inside the surreal world of the Islamic State’s propaganda machine — CONFRONTING THE ‘CALIPHATE’ | This is part of an occasional series about the rise of the Islamic State militant group …
Inside the surreal world of the Islamic State’s propaganda machine
https://www.washingtonpost.com/world/national-security/inside-the-islamic-states-propaganda-machine/2015/11/20/051e997a-8ce6-11e5-acff-673ae92ddd2b_story.html
What they described resembles a medieval reality show. Camera crews fan out across the caliphate every day, their ubiquitous presence distorting the events they purportedly document. Battle scenes and public beheadings are so scripted and staged that fighters and executioners often perform multiple takes and read their lines from cue cards.
Cameras, computers and other video equipment arrive in regular shipments from Turkey. They are delivered to a media division dominated by foreigners — including at least one American, according to those interviewed — whose production skills often stem from previous jobs they held at news channels or technology companies.
“It is a whole army of media personnel,”
“The media people are more important than the soldiers,” he said. “Their monthly income is higher. They have better cars. They have the power to encourage those inside to fight and the power to bring more recruits to the Islamic State.”
The United States and its allies have found no meaningful answer to this propaganda avalanche.
Tomi Engdahl says:
David Uberti / Columbia Journalism Review:
The Paris-Beirut debate: Why news organizations paid more attention to the attacks in France — The Friday attacks in Paris that killed more than 120 left many American news organizations racing to get pieces in place for wall-to-wall coverage over the weekend.
The Paris-Beirut debate: Why news organizations paid more attention to the attacks in France
http://www.cjr.org/analysis/media_coverage_paris_beirut_attacks.php
The Friday attacks in Paris that killed more than 120 left many American news organizations racing to get pieces in place for wall-to-wall coverage over the weekend.
The story still dominated The New York Times’ front page on Monday, with four stories exploring various angles of the ISIS-planned strikes, their aftermath in France, and global ramifications. But it was a piece on an ISIS attack Thursday in Lebanon, tucked on page A6, that garnered more than 210,000 shares on social media by Tuesday, five times more than the four Paris-related stories combined.
The latter story focused on the aftermath of bombings that killed 43 people last week in Beirut, particularly residents’ “anguish over the fact that just one of the stricken cities—Paris—received a global outpouring of sympathy.”
Indeed, the Times story on a “forgotten” Beirut highlighted a mounting critique of how news organizations and the public alike divvy up precious resources and attention in a time of concurrent acts of violence.
Journalists, the commentary goes, assign different value to different lives. That’s hard to dispute, given spotty coverage of regions such as the Middle East and Africa when American interests aren’t at stake
“I do think Paris was more newsworthy than Beirut for a host of reasons, including the death toll, the scale of the attack, and the challenge to intelligence agencies in the US and abroad that tend to work closely together,” Kahn says. “It is also true that coverage of terrorist attacks does vary according to other, more subtle factors, such as how surprising the attack is, how likely it is to impact policy among the Western powers, and how likely it is to resonate with large numbers of our readers.”
Tomi Engdahl says:
Francesco Guarascio / Reuters:
In the wake of the Paris attacks, EU ministers urge European Commission to propose measures to improve checks on Bitcoin and other non-banking payment methods
EU steps up controls on bitcoin, pre-paid cards to curb terrorist funds
http://www.reuters.com/article/2015/11/20/us-france-shooting-eu-terrorism-funding-idUSKCN0T922D20151120#trSJzKTuhXpsrdpT.99
The European Union will increase controls on pre-paid cards, money remittances and bitcoin in a bid to curb terrorism funding after the attacks in Paris that killed 129 people.
EU interior and justice ministers agreed on Friday in Brussels to tighten checks on payment methods that may be conducted anonymously and might be used by terrorist organizations to finance attacks.
Read more at Reutershttp://www.reuters.com/article/2015/11/20/us-france-shooting-eu-terrorism-funding-idUSKCN0T922D20151120#trSJzKTuhXpsrdpT.99
Tomi Engdahl says:
Why Facebook and Twitter Can’t Just Wipe Out ISIS Online
http://www.wired.com/2015/11/facebook-and-twitter-face-tough-choices-as-isis-exploits-social-media/
Given that ISIS and other terrorist organizations have proven adept at using social media to disseminate propaganda and incite fear, it seems obvious that platforms like Facebook and Twitter would aggressively and mercilessly delete such content and ban those who post it.
It may seem equally obvious that those companies would move quickly to do just that when presidential candidates appear to call for them to help out and as US Representative Joe Barton asks the Federal Communications Commission, “Isn’t there something we can do under existing law to shut those Internet sites down?” But it’s not that simple, and social media platforms have grappled with the issue in some ways since at least the days when Al Qaeda affiliates started uploading videos to YouTube.
The problem lies in the global nature of social media, the reliance upon self-policing by users to identify objectionable content, and the fact that many of those banned simply open a new account and continue posting their hatred. A blanket policy of banning anything that might be seen as inciting violence also could lead to questions of censorship, because one person’s hateful propaganda could be another’s free speech. That’s not to say companies like Facebook and Twitter aren’t taking this seriously and trying to draw a distinction between the two. But it’s not as simple as you might think.
‘No Place for Terrorists’
Facebook says any profile, page, or group related to a terrorist organization is shut down and any content celebrating terrorism is removed. “There is no place for terrorists on Facebook,” says Facebook spokesman Andrew Souvall. “We work aggressively to ensure that we do not have terrorists or terror groups using the site, and we also remove any content that praises or supports terrorism.”
It seems to broadly work. Facebook has deleted posts and blocked accounts in such a way that ISIS-related newsletters, videos, and photos don’t seem to crop up as much as elsewhere on the web, says Steve Stalinsky, executive director of Middle East Media Research.
In the past few years, the use of Twitter, on the other hand, has grown. ISIS supporters embraced the platform
Until last fall, Twitter had largely taken a more detached stance on ISIS-related content. It began taking a more aggressive approac
While an active social network typically grows over time, Berger says that the suspensions on Twitter have helped to keep the size of the network “roughly flat.” Moreover, users whose accounts are repeatedly suspended come back with new accounts with fewer followers.
“The good news is that this limits the reach of their propaganda and recruiting, and makes it harder for ISIS to accomplish its goals online,” Berger says.
Propaganda or Political Speech
But the challenge for sites like Facebook and Twitter goes beyond tracking down content that promotes terrorism. It also requires defining “promoting terrorism.” In a sense, the two platforms are global communities, each engaged in a constant process of determining community norms as the use of the platforms evolves.
“While it’s true that companies legally can restrict speech as they see fit, it doesn’t mean that it’s good for society to have the companies that host most of our everyday speech taking on that kind of power.”
Tomi Engdahl says:
Security News This Week: The Manhattan DA Wants Backdoors for Smartphones
http://www.wired.com/2015/11/security-news-this-week-the-manhattan-da-wants-backdoors-for-smartphones/
This week, most major security news connected to the Paris terrorist attacks, which government officials eagerly used as an opportunity to renew their assault on encryption. After the attacks, it’s likely that encryption will be a key issue in the 2016 election. Although it turns out that the Paris attackers did not encrypt their communications at least part of the time, a look at an OPSEC manual used by ISIS gave the world insight into the terror group’s security protocols
Tomi Engdahl says:
China Cuts Mobile Service of Xinjiang Residents Evading Internet Filters
http://www.nytimes.com/2015/11/24/business/international/china-cuts-mobile-service-of-xinjiang-residents-evading-internet-filters.html?_r=0
HONG KONG — The Chinese government is shutting down the mobile service of residents in Xinjiang who use software that lets them circumvent Internet filters, escalating an already aggressive electronic surveillance strategy in the country’s fractious western territory.
Starting last week, shortly after terrorist attacks in Paris, the local police began cutting the service of people who had downloaded foreign messaging services and other software, according to five people affected.
The people, who spoke on the condition of anonymity over concerns about retaliation from local security forces for speaking to foreign news media, all said their telecommunications provider had told them to go to a local police station to have service restored.
Continue reading the main story
Related Coverage
A monitor at a Beijing Internet cafe displayed a police message on the proper use of the Internet.
China Ranks Last of 65 Nations in Internet FreedomOCT. 29, 2015
President Xi Jinping, center, meets Mark Zuckerberg, Facebook’s chief executive, as Lu Wei, China’s top Internet regulator looks on.
Mark Zuckerberg Courts China With Speech on People and PerseveranceOCT. 26, 2015
Protesters at a rally against Chinese censorship in front of the New York Public Library ahead of a BookExpo America event in May. A large delegation of publishers from China attended the trade gathering as guests of honor.
Sinosphere Blog: American Publishers Take a Stand Against Censorship in ChinaOCT. 15, 2015
President Xi Jinping of China, front row center, with senior technology company executives at a conference held at Microsoft in Redmond, Wash., in September.
U.S. Tech Giants May Blur National Security Boundaries in China DealsOCT. 30, 2015
An Apple Store in Hong Kong. Apple News app users in China are alerted: “News isn’t supported in your current region.”
Apple Is Said to Deactivate Its News App in ChinaOCT. 10, 2015
“Due to police notice, we will shut down your cellphone number within the next two hours in accordance with the law,” read a text message received by one of the people, who lives in the regional capital of Urumqi. “If you have any questions, please consult the cyberpolice affiliated with the police station in your vicinity as soon as possible.”
The person said that when she called the police, she was told that the service suspensions were aimed at people who had not linked their identification to their account; used virtual private networks, or V.P.N.s, to evade China’s system of Internet filters, known as the Great Firewall; or downloaded foreign messaging software, like WhatsApp or Telegram.
Tomi Engdahl says:
A Congressman Wants to Censor the Internet to Thwart ISIS’ Digital Strategy. Horrible Plan.
http://www.slate.com/blogs/future_tense/2015/11/18/rep_joe_barton_r_texas_suggests_shutting_down_services_that_isis_uses_to.html
Everyone is concerned about how the Islamic State communicates, both in general and to orchestrate violent acts. The attacks in Paris have motivated fresh debates weighing the privacy and safety implications of digital services that encrypt communications but do not provide backdoors for law enforcement. But there is a far less complicated way to deal with both digital propoganda and clandestine communication channels: Shut them down!
Barton asked the Federal Communications Commission, “Isn’t there something we can do under existing law to shut those Internet sites down?”
In a statement Tuesday afternoon, the Washington Post reports, Barton explained that he was “in no way suggesting we shut down the Internet.” And added, “I am very mindful of privacy and First Amendment issues on the Internet.” FCC chairman Tom Wheeler also clarified that the agency doesn’t have the authority to shut websites down.
Tomi Engdahl says:
Jordan Novet / VentureBeat:
Following ISIS crackdown, Telegram adds group admins, supergroups for up to 1K users
http://venturebeat.com/2015/11/25/following-isis-crackdown-telegram-adds-group-admins-supergroups-for-up-to-1k-users/
Encrypted messaging app Telegram, which has been in the news lately because of its use within the terrorist group ISIS, today announced a few new features aimed at people who use the app to chat in groups.
Now it’s possible for certain users to be designated as admins of a given group. Admins can add people to and remove people from the group. They can also change the name and photo of the group, according to a blog post on the updates.
The other big change is a good indicator of how popular Telegram is becoming: Groups can now contain a maximum of 1,000 members, up from 200 until now, thanks to the launch today of new supergroups. You’re only able to turn an existing group into a supergroup once you’ve reached the 200 mark.
Tomi Engdahl says:
Greenwald: Why the CIA Is Smearing Edward Snowden After Paris Attacks
http://yro.slashdot.org/story/15/11/26/2253217/greenwald-why-the-cia-is-smearing-edward-snowden-after-paris-attacks
JoeyRox points out that Glenn Greenwald has some harsh words for the CIA in an op-ed piece for the LA Times
Op-Ed Glenn Greenwald: Why the CIA is smearing Edward Snowden after the Paris attacks
http://www.latimes.com/opinion/op-ed/la-oe-1126-greenwald-snowden-paris-encryption-20151126-story.html
Decent people see tragedy and barbarism when viewing a terrorism attack. American politicians and intelligence officials see something else: opportunity.
Bodies were still lying in the streets of Paris when CIA operatives began exploiting the resulting fear and anger to advance long-standing political agendas. They and their congressional allies instantly attempted to heap blame for the atrocity not on Islamic State but on several preexisting adversaries: Internet encryption, Silicon Valley’s privacy policies and Edward Snowden.
The real objective is to depict Silicon Valley as terrorist-helpers for the crime of offering privacy protections to Internet users.
The CIA’s former acting director, Michael Morell, blamed the Paris attack on Internet companies “building encryption without keys,” which, he said, was caused by the debate over surveillance prompted by Snowden’s disclosures. Sen. Dianne Feinstein (D-Calif.) blamed Silicon Valley’s privacy safeguards, claiming: “I have asked for help. And I haven’t gotten any help.”
Former CIA chief James Woolsey said Snowden “has blood on his hands” because, he asserted, the Paris attackers learned from his disclosures how to hide their communications behind encryption.
In one sense, this blame-shifting tactic is understandable. After all, the CIA, the NSA and similar agencies receive billions of dollars annually from Congress and have been vested by their Senate overseers with virtually unlimited spying power. They have one paramount mission: find and stop people who are plotting terrorist attacks. When they fail, of course they are desperate to blame others.
The CIA’s blame-shifting game, aside from being self-serving, was deceitful in the extreme.
To begin with, there still is no evidence that the perpetrators in Paris used the Internet to plot their attacks, let alone used encryption technology.
CIA officials simply made that up. It is at least equally likely that the attackers formulated their plans in face-to-face meetings. The central premise of the CIA’s campaign — encryption enabled the attackers to evade our detection — is baseless.
The claim that the Paris attackers learned to use encryption from Snowden is even more misleading. For many years before anyone heard of Snowden, the U.S. government repeatedly warned that terrorists were using highly advanced means of evading American surveillance.
Then-FBI Director Louis Freeh told a Senate panel in March 2000 that “uncrackable encryption is allowing terrorists — Hamas, Hezbollah, Al Qaeda and others — to communicate about their criminal intentions without fear of outside intrusion.”
Or consider a USA Today article dated Feb. 5, 2001, eight months before the 9/11 attack. The headline warned “Terror groups hide behind Web encryption.”
Within the Snowden archive itself, one finds a 2003 document that a British spy agency called “the Jihadist Handbook.” That 12-year-old document, widely published on the Internet, contains instructions for how terrorist operatives should evade U.S. electronic surveillance.
In sum, Snowden did not tell the terrorists anything they did not already know. The terrorists have known for years that the U.S. government is trying to monitor their communications.
What the Snowden disclosures actually revealed to the world was that the U.S. government is monitoring the Internet communications and activities of everyone else: hundreds of millions of innocent people under the largest program of suspicionless mass surveillance ever created, a program that multiple federal judges have ruled is illegal and unconstitutional.
Tomi Engdahl says:
Theresa May seeks to fast track Investigatory Powers Bill after Paris attacks
Home secretary wants Snoopers’ Charter under her Christmas tree
http://www.theinquirer.net/inquirer/news/2436794/theresa-may-seeks-to-fast-track-investigatory-powers-bill-after-paris-attacks
IRON FIST HOME SECRETARY Theresa May has been accused of leaning on the attacks in Paris to fast track the Investigatory Powers Bill and its considerations.
May is backing the legislation like a desperate man backs a horse. She is very keen on a vice-like grip on communications, and has some support and some opposition. It is perhaps because of this tough situation, and possibly because of the threat of terrorism, that she wants a fire lit under it.
May has asked that the committee considering the 300-page bill pulls its finger out and gets things in order by the end of the year. This has not gone down well with the opposition.
The Don’t Spy On Us coalition has already thrown up its arms at the shifting deadline
“The last major piece of legislation to extend surveillance in the UK, the draft Communications Data Bill, was given five months of parliamentary scrutiny before parliamentarians decided the powers were too sweeping and went too far.”
All rights groups want a chance to oppose the bill
Tomi Engdahl says:
Hacktivism agains ISIS propaganda:
Hackers replace dark web Isis propaganda site with advert for Prozac
http://www.ibtimes.co.uk/hackers-replace-dark-web-isis-propaganda-site-advert-prozac-1530385
An Islamic State (Isis) propaganda website on the dark web has been taken down by hacktivists and replaced with an advert for a site selling Prozac and a message telling would-be IS supporters to calm down. Ghost Sec, a faction of the hacktivist collective Anonymous (unaffiliated with the counter-terrorism organisation Ghost Security Group), targeted the Isdarat website after it appeared on the Tor anonymity network last week.
Isis mocked with rubber ducks as internet fights terror with humour
http://www.theguardian.com/world/2015/nov/28/isis-fighters-rubber-ducks-reddit-4chan
Members of bulletin board 4chan superimpose duck heads on to images of Isis fighters, setting off craze that has spread to Twitter and Facebook
If it looks like a duck, swims like a duck and quacks like a duck, could it in fact be an Islamic State militant?
As world leaders scratch their heads about the best method to defeat the terror of Isis, internet users have come up with their own way to take the sting out of the group’s feathery tail.
Members of the image-based bulletin board 4chan began superimposing rubber duck heads on to images of Isis fighters, setting off a craze that has spread to Twitter, Facebook and elsewhere.
“How about castrating the image of Isis by replacing the faces on ALL the propaganda photos with bath ducks?” a 4Chan user wrote on Shit4chanSays (/s4s/) board.
Tomi Engdahl says:
Theresa May seeks to fast track Investigatory Powers Bill after Paris attacks
Home secretary wants Snoopers’ Charter under her Christmas tree
http://www.theinquirer.net/inquirer/news/2436794/theresa-may-seeks-to-fast-track-investigatory-powers-bill-after-paris-attacks
IRON FIST HOME SECRETARY Theresa May has been accused of leaning on the attacks in Paris to fast track the Investigatory Powers Bill and its considerations.
May is backing the legislation like a desperate man backs a horse. She is very keen on a vice-like grip on communications, and has some support and some opposition. It is perhaps because of this tough situation, and possibly because of the threat of terrorism, that she wants a fire lit under it.
May has asked that the committee considering the 300-page bill pulls its finger out and gets things in order by the end of the year. This has not gone down well with the opposition.
Tomi Engdahl says:
Italians to spend €150m … snooping on PS4 jabber
Vulgar, misogynist, violent, barely literate threats? Let’s play Terrorists or Teens!
http://www.theregister.co.uk/2015/11/30/italy_playstation_4_terrorism/
Italian counter-terror agents are to monitor Sony’s PlayStation Network for jihadi chatter, according to the nation’s justice minister, following alarmingly silly reports that a PS4 was used to coordinate the terrorist attacks in Paris.
Andrea Orlando told Italian broadsheet Il Messaggero that the government would be investing €150m (£105m) in a reformation of the nation’s security services, with the aim of allowing them to monitor “any form of communication”, with the PlayStation gaming console receiving specific attention.
The Italian plans follow an article in Forbes, cited by the Telegraph and the New York Times, which claimed, “An ISIS agent could spell out an attack plan in Super Mario Maker’s coins and share it privately with a friend, or two Call of Duty players could write messages to each other on a wall in a disappearing spray of bullets.”
That report, in turn, appears to have been prompted by statements made by the Belgian deputy prime minister, Jan Jambon. Jambon complained that Belgian security services and their international partners were unable to decrypt communications made through the PlayStation Network.
It is not the first time that gaming platforms have come under suspicion from counter-terrorist powers. An NSA briefing note leaked by whistleblower Edward Snowden and titled “Exploiting Terrorist /use of Games & Virtual Environments” showed the spooks had discussed infiltrating the platforms
Tomi Engdahl says:
Twitter’s Pro-ISIS “Hackers” Are Just Good at Using Google
http://motherboard.vice.com/read/twitters-pro-isis-hackers-are-just-good-at-using-google?trk_source=recommended
Last week, the UK’s Chancellor of the Exchequer George Osborne laid out plans for more capabilities for law enforcement and intelligence agencies in response to a “cyber threat” from ISIS.
But it looks like the threats made by some apparent pro-ISIS hackers over social media are overstated.
Recently, a group that calls itself the “Islamic Cyber Army” has been dumping the supposed personal details of government employees and other data on Twitter. However the majority of the information appears to have been sourced from very simple Google searches.
This isn’t the first time pro-ISIS hackers have exaggerated their own hacking capabilities. Junaid Hussain, who moved to Syria to join the terrorist organization, published the names and personal information of 100 US military members. He claimed he had obtained these by hacking Pentagon servers, but it seemed more likely that he also just Googled for them.
Hussain did reportedly have some technical skills, however, with the Wall Street Journal reporting he had developed spyware for ISIS. Hussain was killed in a drone strike in August.
Large-scale cyberattacks that have been linked to pro-ISIS hackers have also turned out to be misattributed. According to researchers from cybersecurity firm FireEye, a hack on the French television channel TV5Monde that was widely reported as the work of a pro-ISIS outfit was actually that of a group of Russian hackers.
In all, it’s worth treating the claims of “ISIS hackers” on social media with a heavy dose of scepticism.
FireEye claims Russian APT28 hacked France’s TV5Monde Channel
http://securityaffairs.co/wordpress/37710/hacking/apt28-hacked-tv5monde.html
Tomi Engdahl says:
Surveillance after Paris
https://opendemocracy.net/david-lyon/surveillance-after-paris
There’s little evidence that “mass surveillance” catches potential terrorists, but it does risk catching innocents. More conventional police methods are more effective against terrorism.
The Friday 13 events in Paris were horrendous – bloody and heartless attacks without warning on innocent civilians enjoying a warm November evening, in restaurants and bars, at a concert and a soccer game. A few days before, I had been walking through neighbouring districts, taking in the sights and sounds of a great city.
Anyone who knows about security-and-surveillance could guess what would happen. Security authorities would want more powers and governments would gauge how far they could go. Of course, it’s understandable that any government in that position will wish to reassure the population with visible signs of security. But governments do tend to rush headlong into new counter-terrorism measures after a major attack like that in Paris. Sometimes they are desperate to show that they are doing something.
Unfortunately, French responses thus far follow a familiar pattern… So border checks were increased with ramped-up databases and reinforced surveillance.
Events like these are also viewed as ideal opportunities to make policy changes. As Naomi Klein shows in Shock Doctrine, some governments have for many years exploited crises to push through controversial law or policy
Learning from the past
While tightened security may seem like a good plan, changing the rules and demanding greater powers for security and intelligence services in the wake of attacks may not be wise. Sober judgment, not knee-jerk responses, is called for. After the Charlie Hebdo attacks earlier in 2015, the French introduced new laws for warrantless searches, ISPs to collect communications metadata, and trimmed oversight for agencies. This time – in November – some borders were temporarily closed and a 3-month state of emergency was declared.
We saw it, classically, in the US after 9/11, but also in the UK after 7/7
The evidence that what Snowden and others call “mass surveillance” produces better ways of tracking terrorists is hard to find.
Does mass surveillance work?
Does allowing intelligence agencies to collect more data – what Snowden and others call “mass surveillance” – or increasing powers of arrest and detention, and removing checks and balances, really improve things? The evidence that these produce better ways of tracking terrorists is hard to find. More is not necessarily better when it comes to data. In 2013, the White House claimed that more than 50 terror plots had been uncovered by the NSA’s methods. But in 2014 two independent reviews showed that in 255 terrorism cases investigated by the NSA, only four were the result of using phone metadata and none of the four prevented attacks.
Edward Snowden is clear about this. Reflecting on the Charlie Hebdo attacks in Paris, he pointed out that these occurred despite the mass surveillance programs introduced there in 2013. Observing that French law was now one of the most intrusive and expansive laws in Europe, he commented that it still didn’t stop the attack. They’re simply “burying people under too much data,” he said.
After the November attacks in Paris, American agencies were quick to blame Snowden – along with internet encryption and Silicon Valley privacy policies.
The New York Times argued that in fact Paris was a case of failure to act on information the authorities already had. As for encryption, the Paris attackers used none.
By and large, conventional police work, based on targeted surveillance of suspects, is what produces results.
In case after case, we have seen that intelligence agencies knew about those who committed atrocities but failed to – as they say – connect the dots.
Collateral damage
At the same time, indiscriminate surveillance creates new risks; innocent “suspects,” the chilling effects of everyone being tracked and checked and the denial of democracy – which ironically is a victory for terrorists. Terrorism arises, it seems, from groups that despise diversity and who seek national, political or religious homogeneity.
Security-driven surveillance today is very enamoured of big data ‘solutions’ – seen especially in the application of new analytics to seeking out suspects.
While there may well be appropriate ways of using the so-called ‘data deluge’ created by internet and particularly social media use, the current trend is towards prediction and preemption.
Fears and futures
After 9/11, I argued that one of the worst outcomes of the various responses to terrorism is the fomenting of fear. Without for a moment discounting the appalling suffering and loss associated with the Paris attacks – or any others – it must be said that some responses to such atrocities are also highly dangerous. At the far end of fear-mongering is the proposal from US presidential contender Donald Trump to establish a database of American Muslims. If he were not so popular this could be discounted as fascist fanaticism.
But the trouble with many surveillance responses is that they do so well what marks surveillance today – a process of social sorting that classifies populations in order to treat different groups differently. Thus what is done requires utmost care. Categories have consequences.
When security agencies make their case for more data, more sophisticated analytics, they often make it sound as if these were neutral technologies.
Making a difference
Snowden insists – and proves it by his own example – that any and all can help to make a difference. These are not problems that can be solved overnight by some hastily concocted laws or a furious rush to foreclose freedoms. Indeed, these exacerbate our situation. Surveillance today touches us all and we all need to take action, however small, to change things for the better.
Tomi Engdahl says:
How not to report on the encryption ‘debate’
http://www.cjr.org/first_person/misinformation_and_misconceptions_how_not_to_report_on_the_encryption_debate.php
Rarely has a public debate been ignited so fast as the one about whether to ban online encryption after the tragic Paris attacks two and a half weeks ago. And rarely has the coverage of such a debate been so lacking in facts—especially considering that encryption is a tool reporters increasingly need to do their jobs.
The deplorable terrorist attacks in Paris occurred on the evening of Friday, Nov. 13. By the end of that weekend, news organizations had published dozens of articles linking the Paris attackers with the use of encrypted messaging apps that prevent the companies that make them—and therefore governments—from easily accessing the messages their users send back and forth. By the following Monday, there were literally thousands of articles questioning whether such apps should be outlawed, spurred on by the Sunday talk shows that gave intelligence officials license to speculate on the “likely” use of encryption as a catchall excuse for why the attacks had not been detected, and to condemn the technology without a single skeptical follow-up.
Why were officials saying it was “likely”? Not because they had actual evidence, but because they assumed that if authorities didn’t know about the plot in advance, the terrorists must have used encryption.
Meanwhile, an early New York Times article on the attackers’ supposed use of encryption—sourced to anonymous European officials, whose assertions became the launchpad for many of the weekend’s think pieces—was quickly rewritten and the anonymous reference to encryption removed (without a note to readers about why).
By Monday night, the Times made clear in its lead story about the still-raging encryption debate that there was “no definitive evidence” that encrypted communications had been used by any of the attackers, but by then the terms of the discussion were already set, and the CIA had no problem continuing its epic game of blame deflection throughout the week.
To this day, there’s hardly any publicly available evidence that the Paris attackers used encrypted communications to plan their attack. It’s important to point out, as journalist Dan Gillmor astutely writes, that whether these particular terrorists did use such technology should not matter in the debate over whether to ban it. But it does prove how easily the CIA can still mislead and steer the media while diverting attention from its own potential failures.
What have we learned since the “ban encryption” movement gained full steam on the first weekday after the attack? It turns out that most of the attackers were already known to intelligence agencies. Within a week of the attack, we found out they had used Facebook to communicate, as well as normal SMS text messaging.
By this week, The Wall Street Journal was reporting that the Paris attack had been “hatched in plain sight”: The terrorists used their real names and identification cards for hotel and rental car reservations and did not noticeably try to cover their tracks.
But cable news, which sadly often reflects the national agenda more than print, had no interest in the truth, and as Glenn Greenwald wrote, “neither CNN nor MSNBC has put a single person on air to dispute the CIA’s blatant falsehoods about Paris despite how many journalists have documented those falsehoods.”
Part of the problem is that many reporters—television anchors in particular—apparently don’t understand the basics of how encryption works and what it does and does not do.
First, even if terrorists do use encryption, that doesn’t mean a giant black cape has been thrown over them so they can work in complete secrecy. Far from it: Authorities can still track the precise location of terrorists 24/7 if they carry a mobile device. Even if suspects encrypt their communications, intelligence agencies can get information about who they’re talking to, when, and for how long. They can also hack into individual terrorists’ computers or phones and read their messages, no matter what type of encrypted apps they are using. (For more, read Nathan Freitas’s “6 Ways Law Enforcement Can Track Terrorists in an Encrypted World.”)
Ask any national security reporter who has tried to completely switch to encrypted and anonymous communication with a source and you’ll find that it is virtually impossible unless you have weeks or months of training.
While end-to-end encryption certainly gives us an extra layer of privacy protection at a time when our rights are constantly being eroded, this is actually a security vs. security debate. Encryption’s main purpose is to protect us from hackers of all sorts
The government is complaining that companies cannot unlock certain communications because only the sender and the receiver hold the key—the company itself does not. When tech companies do not have a way to access all their customers’ data at once, neither do hackers. As a commentator said last week in response to the new push to ban encryption in the name of “security”: “Weakening security with the aim of advancing security simply does not make sense.”
There are, of course, many questions reporters can and should be asking intelligence officials: Don’t you still have many other ways to track terrorists, even if they use encrypted messaging apps? If the terrorists planned so much of this out in the open, and they were known to intelligence agencies, why didn’t you catch them with the resources you already had?
Encryption is not an issue about which reporters should be “neutral”—it directly affects their wellbeing. Encryption is increasingly an important tool for journalists of all stripes
Tomi Engdahl says:
After Paris Attacks, French Cops Want to Block Tor and Forbid Free Wi-Fi
http://motherboard.vice.com/read/after-paris-attacks-proposed-french-law-would-block-tor-and-forbid-free-wi-fi
After the recent Paris terror attacks, French law enforcement wants to have several powers added to a proposed law, including the move to forbid and block the use of the Tor anonymity network, according to an internal document from the Ministry of Interior seen by French newspaper Le Monde.
That document talks about two proposed pieces of legislation, one around the state of emergency, and the other concerning counter-terrorism.
Regarding the former, French law enforcement wish to “Forbid free and shared wi-fi connections” during a state of emergency. This comes from a police opinion included in the document: the reason being that it is apparently difficult to track individuals who use public wi-fi networks.
As the latter, law enforcement would like “to block or forbid communications of the Tor network.” The legislation, according to Le Monde, could be presented as early as January 2016.
It is used by journalists, whistleblowers and people who just want to protect their privacy online, as well as terrorists, pedophiles, and cybercriminals.
France looking at banning Tor, blocking public Wi-Fi
Leaked documents from Ministry of Interior show a worryingly illiberal trend for France.
http://arstechnica.co.uk/tech-policy/2015/12/france-looking-at-banning-tor-blocking-public-wi-fi/
The first proposal, according to Le Monde, would forbid free and shared Wi-Fi during a state of emergency. The new measure is justified by way of a police opinion, saying that it’s tough to track people who use public hotspots.
The second proposal is a little more gnarly: the Ministry of Interior is looking at blocking and/or forbidding the use of Tor completely. Blocking people from using Tor within France is technologically quite complex, but the French government could definitely make it difficult for the average user to find and connect to the Tor network. If the French government needs some help in getting their blockade set up, they could always talk to the only other country in the world known to successfully block Tor: China, with its Great Firewall.
The main problem with such a ban on Tor is that it wouldn’t achieve a whole lot. Would-be terrorists could still access Tor from outside the country, and if they manage to access Tor from within France I doubt they’re concerned about being arrested for illegal use of the network. There is evidence to suggest that the recent Paris attacks were planned via unencrypted channels, too: the Bataclan “go” message was sent in the clear via SMS.
On the other hand, criminalising and/or blocking Tor might affect many other legitimate users of the network, such as whistleblowers, journalists, and anyone else who wants to surf the Web privately.
Tomi Engdahl says:
Paris police find phone with unencrypted SMS saying “Let’s go, we’re starting”
Phone likely led authorities to Saint-Denis, where clash left suspected “guru” dead.
http://arstechnica.co.uk/tech-policy/2015/11/paris-police-find-phone-with-unencrypted-sms-saying-lets-go-were-starting/
French police found an unencrypted, unlocked phone in a trash bin outside the Bataclan concert hall in Paris that contained a text sent in the clear: “On est parti on commence.” (“Let’s go, we’re starting”).
This lead may have led French authorities to an apartment in Saint-Denis
According to the French newspaper Libération, the police also located a map of the Bataclan on the same phone. However, authorities were unable to identify the recipient of the phone message.
Many American government officials have used the terrorist attacks in Paris as a way to revive calls for increased government access to encrypted communications. Former CIA Director James Woolsey even said in multiple interviews that National Security Agency whistleblower Edward Snowden “has blood on his hands.”
Woolsey elaborated that the changes made by the Obama administration to surveillance as a result of the Snowden leaks and the changes that terrorists made in communicating with each other based on the leaks had led directly to the inability of the intelligence community in the United States and in France to stop the Paris attacks from happening.
Hours after the Saint-Denis raid, the Manhattan district attorney called for new federal legislation that would require that smartphone makers like Apple and Google put backdoors into their software.
Tomi Engdahl says:
David E. Sanger / New York Times:
Hillary Clinton Urges Silicon Valley to ‘Disrupt’ ISIS — WASHINGTON — Hillary Clinton said on Sunday that the Islamic State had become “the most effective recruiter in the world” and that the only solution was to engage American technology companies in blocking or taking down militants’ websites, videos and encrypted communications.
Hillary Clinton Urges Silicon Valley to ‘Disrupt’ ISIS
http://www.nytimes.com/2015/12/07/us/politics/hillary-clinton-islamic-state-saban-forum.html?_r=0
WASHINGTON — Hillary Clinton said on Sunday that the Islamic State had become “the most effective recruiter in the world” and that the only solution was to engage American technology companies in blocking or taking down militant websites, videos and encrypted communications.
“You are going to hear all the familiar complaints: ‘freedom of speech,’ ”
In a reference to Silicon Valley’s reverence for disruptive technologies, Mrs. Clinton said, “We need to put the great disrupters at work at disrupting ISIS,” an acronym used for the militant group.
Much of Mrs. Clinton’s speech was closely aligned with Mr. Obama’s recent arguments about confronting the Islamic State. She spoke of the need to make sure that anyone on a “no-fly” list also could not purchase a gun — a position several Republican candidates took issue with on Sunday — and to explicitly avoid blaming the American Muslim community for the acts of a small number of extremists.
Advertisement
Continue reading the main story
Advertisement
Continue reading the main story
“Declaring war on Islam, or demonizing the Muslim community, is not only counter to our values; it plays right into the hands of the terrorists,” she said.
Tomi Engdahl says:
Reuters:
Source: Obama administration to lean on social media services to flag “active terrorist plotting”, prevent encryption from providing “a dark space” for plotting
Obama appeals to Silicon Valley for help with online anti-extremist campaign
Read more at Reutershttp://www.reuters.com/article/california-shooting-cyber-idUSKBN0TQ0A320151207#q6gILpECSE1r1L6i.99
Tomi Engdahl says:
Alexandra Valasek / The Twitter Blog:NEW
Most influential moments on Twitter 2015 include: #ParisAttacks, #RefugeesWelcome, #FIFAWWC #TheDress, #IStandWithAhmed #PlutoFlyby, #MarriageEquality
This #YearOnTwitter
https://blog.twitter.com/2015/this-yearontwitter
Tomi Engdahl says:
Surveillance after Paris
https://www.opendemocracy.net/david-lyon/surveillance-after-paris
There’s little evidence that “mass surveillance” catches potential terrorists, but it does risk catching innocents. More conventional police methods are more effective against terrorism.
Tomi Engdahl says:
+——-The World against ISIS Project—-+ +————-For December 11————-+
https://ghostbin.com/paste/ucsf3
When: December 11 // All Day What: We ask you to show your support and help against ISIS by joining us and trolling them // Do not think you have to be apart of Anonymous, anyone can do this and does not require any special skills Where: We ask to take part of this on Facebook // Twitter // Instagram // Youtube // In the “Real World”
Tomi Engdahl says:
Patrick Howell O’Neill / The Daily Dot:
Senator Dianne Feinstein to seek legislation to “pierce” through encryption with warrant, working with Judiciary Committee Chairman Richard Burr, others
Top Democratic senator will seek legislation to ‘pierce’ through encryption
http://www.dailydot.com/politics/fbi-encryption-james-comey-tech-companies/
A leading Democratic senator will seek legislation requiring the ability to “pierce” through encryption. The potential bill would allow American law enforcement to read protected communications with a court order.
Sen. Dianne Feinstein (D-Calif.) told the Senate Judiciary Committee on Wednesday that she would seek a bill that would give police armed with a warrant based on probable cause the ability “to look into an encrypted Web.”
“I have concern about a PlayStation that my grandchildren might use,” she said, “and a predator getting on the other end, and talking to them, and it’s all encrypted. I think there really is reason to have the ability, with a court order, to be able to get into that.”
The Federal Bureau of Investigation is actively warning America’s biggest technology companies about the “public safety and national security risks” of encryption, according to FBI Director James Comey.
Deadly terrorist attacks in Paris, San Bernardino, California, and elsewhere around the world have reignited a major U.S. debate about encryption. Feinstein cited Paris as a reason the debate against encryption had evolved so quickly. Despite these concerns, the attackers in both of Paris and San Bernardino did not use encryption to organize or execute the deadly strikes, according to authorities.
Most Internet and gadget users encounter encryption without ever knowing it. The “HTTPS” connection that allows users to safely buy products on Amazon or access their bank account uses one category of encryption, while newer Apple iOS and Android devices apply strong encryption whenever a user locks her phone
“The tech companies and the FBI both care about safety on the Internet,” Comey told the Senate Judiciary committee in an FBI oversight hearing. “We understand that encryption is a very important part of being secure on the Internet. We also all care about public safety. We also see a collision course between those two things.”
Comey said that use of encryption by terrorists and criminals is growing. He offered one example.
Comey knew the shooter spoke to an overseas terrorist means that metadata revealed the extensive communications.
Metadata is data surrounding communications that includes phone numbers, times of calls, and identities of callers, or the subject lines of emails. It’s unencrypted and relatively easy for law enforcement to collect.
Over the last two years, Comey has been one of the most prominent figures in the American debate over encryption, increasingly known as the new “Crypto Wars.” He’s consistently warned of terrorist and criminal communications “going dark,” which he says is a “continuing focus for the FBI.”
“There’s no way we solve this entire problem,” Comey said. “Encryption is always going to be available to the sophisticated user. The problem is, post-Snowden, it’s moved to become default.”
Privacy advocates and technologists have long fought against the idea of a legally-mandated “backdoor” into encryption that would give the government the ability to read any encrypted message, with or without a court order.
Objections vary, including that doing so would violate and chill free speech.
The FBI director explained his hopes for the encryption debate by saying that “government doesn’t want a backdoor.”
Instead, Comey said, “if a judge issues an order, the company figures out how to supply that information to the judge and figures out on its own what would be the best way to do that. The government shouldn’t be telling people how to operate their systems.”
When Comey argued that “encryption is part of terrorist tradecraft now,” he received a lot of pushback from online observers.
Tomi Engdahl says:
Obama to clarify his stance on encryption by the holidays
http://www.dailydot.com/politics/white-house-encryption-policy-response-petition/
The Obama administration plans to clarify its stance on strong encryption before Washington shuts down for the holidays.
Administration officials met Thursday with the civil-society groups behind a petition urging the White House to back strong, end-to-end encryption over the objections of some law-enforcement and intelligence professionals.
A senior administration official confirmed that an encryption response was forthcoming but did not comment on the deadline. “The response we posted was an interim one,” the official said of the brief reply to the petition, “and we will have a more fulsome response soon.”
FBI Director James Comey, the staunchest advocate for making tech companies modify their products to facilitate investigations, has warned that criminals are “going dark” by encrypting their communications in indecipherable ways.
Security experts overwhelmingly oppose backdoors, which they say would create opportunities for criminals, not just cops, to breach secure systems.
President Obama has not taken a firm stance on backdoors. He told Re/code in February that “there’s no scenario in which we don’t want really strong encryption,” but he called on tech companies to work with the government to make investigations easier in an Oval Office address on Sunday. His administration continues to pressure tech companies to make such accommodations.
The White House considered a variety of backdoor policies but ultimately rejected them as unworkable.
The White House “seemed to very clearly understand the security implications of weakening encryption.”
The debate over whether businesses should weaken their encryption to help the government, known as the “crypto wars,” began in the 1990s and took on new life after the Paris terrorist attacks in November and the San Bernardino shooting in December. Some officials and lawmakers have blamed encryption and called for a policy response, although there is no evidence that the perpetrators of both attacks relied on encryption to evade detection.
“One of our key arguments at this stage,” Bankston said, “is simply continuing to highlight—as was true in the ’90s… during the original crypto wars, but is even more true now—no matter what U.S. law and U.S. companies do… strong end-to-end encryption is going to be widely available to anyone who wants it.”
Tomi Engdahl says:
http://www.dailydot.com/tags/san-bernardino-shooting/
Tomi Engdahl says:
Andrii Degeler / Ars Technica UK:
France won’t block public Wi-Fi or ban Tor, PM says
France won’t block public Wi-Fi or ban Tor, PM says
Manuel Valls has stated that “a ban on Wi-Fi is not a course of action envisaged.”
http://arstechnica.co.uk/tech-policy/2015/12/france-wont-block-public-wi-fi-or-ban-tor-pm-says/
Law & Disorder / Civilization & Discontents
France won’t block public Wi-Fi or ban Tor, PM says
Manuel Valls has stated that “a ban on Wi-Fi is not a course of action envisaged.”
by Andrii Degeler – Dec 11, 2015 12:19pm EET
Share
Tweet
12
Martin Crockett
Public Wi-Fi networks and Tor won’t be blocked or forbidden in France in the near future, even during a state of emergency, despite the country’s Ministry of Interior reportedly considering it.
Days after the reports on the proposal surfaced in the French newspaper Le Monde, the country’s prime minister Manuel Valls said he had never heard of such requests by police. “A ban on Wi-Fi is not a course of action envisaged,” he added according to The Connexxion.
Valls also said he wasn’t in favour of banning Tor, and denied any knowledge of the police authorities requesting a law to “require [service] providers to give security forces access codes.”
Tomi Engdahl says:
Data Encryption in Sharp Focus After Deadly Attacks
http://www.securityweek.com/data-encryption-sharp-focus-after-deadly-attacks
With renewed focus on how encrypted messages can be used to plot terrorist attacks, President Barack Obama’s administration is stepping up pressure on the tech sector to help in the battle.
Although issues around encryption have been ongoing for decades, the prickly topic has sprung to the fore in recent weeks following killing sprees in Paris and California.
Over the past two years, more sophisticated encryption — notably for smartphones — has become widely available following revelations by former intelligence contractor Edward Snowden about vast US surveillance programs.
But US administration officials as well as local law enforcement are making the case for better access to encrypted data, saying new smartphone and encryption technologies have made it more difficult to thwart “malicious actors.”
“We want to strike the right balance. We want to make sure encryption is not used in a way that does allow for dark space for terrorist groups,” a White House statement said.
Privacy remains a major counter-argument.
Underlining those concerns, an online petition calling on the administration to avoid weakening encryption got more than 100,000 signatures, requiring a White House reply.
Tomi Engdahl says:
F.B.I. Chief Says Texas Gunman Used Encryption to Text Overseas Terrorist
http://www.nytimes.com/2015/12/10/us/politics/fbi-chief-says-texas-gunman-used-encryption-to-text-overseas-terrorist.html?ref=politics&_r=0
The F.B.I. director, James B. Comey, said Wednesday that investigators could not read more than 100 text messages exchanged by one of the attackers in a shooting this year in Garland, Tex., because they were encrypted, adding fuel to law enforcement agencies’ contention that they need a way to circumvent commercially available encryption technology.
Mr. Comey, who two months ago appeared to have lost a battle inside the Obama administration over forcing companies like Apple and Google to give investigators a way to decode messages, told the Senate Judiciary Committee that one of the attackers “exchanged 109 messages with an overseas terrorist” the morning of the shooting.
“We have no idea what he said because those messages were encrypted,” Mr. Comey said. “And to this day, I can’t tell you what he said with that terrorist 109 times the morning of that attack. That is a big problem. We have to grapple with it.”
Tomi Engdahl says:
ProPublica:
FAQs on encryption: how terrorists use messaging apps, what big tech is doing, and what the government is proposing
Fact-Checking the Debate on Encryption
The existence of coded communications is a reality and the U.S. may not be able to do much about it.
http://www.propublica.org/article/fact-checking-the-debate-on-encryption
As politicians and counter-terrorism officials search for lessons from the recent attacks in Paris and San Bernardino, California, senior officials have called for limits on technology that sends encrypted messages.
It’s a debate that has repeatedly recurred for more than a decade.In the 1990s, the Clinton Administration directed technology companies to store copies of their encryption keys with the government. That would have given the government a “backdoor” to allow law enforcement and intelligence agencies easy access to encrypted communications. That idea was dropped after sharp criticism from technologists and civil liberties advocates.
More recently, intelligence officials in Europe and the United States have asserted that encryption hampers their ability to detect plots and trace perpetrators. But many have questioned whether it would be practical or wise to allow governments widespread power to read encrypted messages.
Q: Are terrorists really using encrypted messages to plot attacks?
A: There’s mounting evidence that terrorist groups are using encryption, but so does nearly everyone living in modern society. Encryption protects your bank information, prevents your password from being stolen when you log into a website, and allows all e-commerce transactions to take place securely.
Intelligence officials have said that the planner of the Paris terrorist attacks used encryption technology, but police also found that one of the Paris terrorists was using an unencrypted cellphone.
Q: Are Google, Apple, Facebook and Twitter thwarting law enforcement through their use of encryption?
A: In the past few years, Silicon Valley tech companies have added layers of encryption to their cellphones and websites in an effort to assure users that their data is safe from both hackers and spies. That encryption has also made it harder for law enforcement officials to read what is transmitted by those devices.
In congressional testimony this month, FBI Director James Comey said that encryption is now part of “terrorist tradecraft.”
Q: But can’t the National Security Agency just crack any code it wants?
A: It’s not clear how much encryption the NSA can break.
Q: I heard that there is a “golden key” that unlocks all encryption. Is there such a thing?
A: Not yet and it’s not clear it will ever exist. The U.S. government has been trying to figure out how to access encrypted data for decades. However, wiretapping a phone call is far easier than creating a backdoor into encryption technology.
Q: Are there less complicated ways to give law enforcement and intelligence officials the access they say they need?
A: The White House working group offered three additional ideas for “backdoors” into encryption. All required manufacturing or software changes by U.S. providers and all involved significant political or technical problems.
Q: Will any of these backdoor schemes work?
A: They all have flaws. A big one: Users could easily bypass all of the backdoor options by creating their own layers of encryption.
Q: So what is the government proposing?
A: The short answer is that the government has quietly dropped its requests for a backdoor.
Tomi Engdahl says:
The Paris Attacks Are Just The Beginning
http://stormcloudsgathering.com/paris-attacks?utm_source=share-fb
It might be tempting to react to this event emotionally without looking beyond the official narrative, without examining the evidence, without questioning where this is headed. You wouldn’t be alone, but blind indignation lends itself to easy answers, half truths and comforting lies.
On the evening of November 13th 2015, Paris was shaken by a series of coordinated attacks. 129 people were killed, hundreds more wounded. An ambience of fear gripped the country. Terrorists could strike anywhere at any time. Nothing was safe. Even the smallest venue could be targeted.
It might be tempting to react to this event emotionally without looking beyond the official narrative, without examining the evidence, without questioning where this is headed. You wouldn’t be alone, but blind indignation lends itself to easy answers, half truths and comforting lies.
Any time a population is attacked (or believes that they have been attacked) by an outside force, the reaction is as predictable as it is dangerous. New wars, and totalitarian laws that would have been unthinkable days before are easily justified, voices of reason are drowned out, and entire nations can be driven towards a cliff. Given the nature of this particular cliff it would behoove you to look a little deeper this time.
There are several moving parts in this story: the Syrian war, ISIS and the push to remove Assad from power, the expansion of a militarized police state throughout Europe, and of course the refugee crisis. All of which has been conveniently tied together, by a passport, carried by a suicide bomber, a passport which miraculously survived the blast unscathed. (Never mind the fact that German Interior Minister Thomas de Maiziere came forward to say that he had reason to suspect that the passport had been planted.)
Let’s deconstruct this one piece at a time.
Without even looking beyond mainstream sources, we find evidence that the French government knew that the attacks were coming. They were warned by the Iraqi government, they were warned by the Turkish government twice, and according to this article from the Times of Israel (which as since been edited), security officials in Paris were specifically warned of an impending attack that very morning.
And of course the French government just happened to be running an exercise simulating a mass shooting in Paris just hours before the attacks began
Before the dust had even settled, the official narrative was clear. ISIS was responsible. This was war, and France was going to escalate that war, both at home and abroad. A state of emergency was declared, road blocks, border controls and a curfew were imposed, freedom of assembly was restricted, and the military was deployed on the streets.
The state of emergency gives the police the power to detain people without trial, search without warrants and to block any website they see fit.
Who Created ISIS?
And speaking of the CIA… let’s not forget who actually created ISIS.
France didn’t seem too concerned about the rise of Islamic extremism when they joined the U.S. in the 2011 regime change operation in Libya. If mainstream news outlets were publishing evidence of jihadists among the CIA backed rebels, (secondary confirmation from the BBC here) it would be utterly naive to think that French intelligence services didn’t know.
France also didn’t seem to mind the fact that Islamic extremists were receiving the lion’s share of the weapons that were looted from Gaddafi’s armories, and shipped through Turkey, and into Syria.
France didn’t stand up or speak out for years as the U.S. government continued arming, funding and training these extremists.
Why? Because ISIS serves a purpose. ISIS and its associates, Al-Nusra and the FSA are weakening the Syrian government, creating a pretext for military intervention, and providing the perfect excuse for a massive power grab on the home front.
The Rise of Fascism in Europe
What’s happening in France should not be viewed in isolation. Xenophobic sentiment has been on the rise throughout Europe, and is gaining ground politically. This trend has clearly been exacerbated by the ongoing migrant crisis (which is obviously tied to the regime change policies of the West) but one variable in this equation that no one is talking about is the fact that the way immigration has been handled in Europe is not merely a question of short sightedness, it is a reflection of policy.
Problem, Reaction, Solution
This formula is not new. These tactics are not original, nor are the motives or response. Like the American public following 9/11, it’s going to take the European population quite some time to realize where they are being led, and they’re only going to come to that realization if those who see what is happening have the courage to speak out.
Tomi Engdahl says:
A Proposal For Dealing With Terrorist Videos On the Internet
http://tech.slashdot.org/story/15/12/22/0446218/a-proposal-for-dealing-with-terrorist-videos-on-the-internet
Recent claims by some (mostly nontechnical) observers that it would be “simple” for services like YouTube to automatically block “terrorist” videos, in the manner that various major services currently detect child porn images are nonsensical. One major difference is that those still images are detected via data “fingerprinting” techniques that are relatively effective on known still images compared against a known database, but are relatively useless outside the realm of still images
December 21, 2015
A Proposal for Dealing with Terrorist Videos on the Internet
http://lauren.vortex.com/archive/001139.html
As part of the ongoing attempts by politicians around the world to falsely demonize the Internet as a fundamental cause of (or at least a willing partner in) the spread of radical terrorist ideologies, arguments have tended to focus along two parallel tracks.
First is the notorious “We have to do something about evil encryption!” track. This is the dangerously loony “backdoors into encryption for law enforcement and intelligence agencies” argument, which would result in the bad guys having unbreakable crypto, while honest citizens would have their financial and other data made vastly more vulnerable to attacks by black hat hackers as never before.
The other track in play relates to an area where there is much more room for reasoned discussion — the presence on the Net of vast numbers of terrorist-related videos, particularly the ones that directly promote violent attacks and other criminal acts.
Make no mistake about it, there are no “magic wand” solutions to be found for this problem, but perhaps we can move the ball in a positive direction with some serious effort.
Both policy and technical issues must be in focus.
In the policy realm, all legitimate Web firms already have Terms of Service (ToS) of some sort, most of which (in one way or another) already prohibit videos that directly attempt to incite violent attacks or display actual acts
When we move beyond such directly violent videos, the analysis becomes more difficult, because we may be looking at videos that discuss a range of philosophical aspects of radicalism
Politicians tend to promote the broadest possible censorship laws that they can get away with, and so censorship tends to be a slippery slope that starts off narrowly and rapidly expands to other than the originally targeted types of speech.
We must also keep in mind that censorship per se is solely a government power — they’re the ones with the prison cells and shackles to seriously enforce their edicts.
The correct way to fight this class of videos is with our own information, of course. We should be actively explaining why (for example) ISIL/ISIS/IS/Islamic State/Daesh philosophies are the horrific lies of a monstrous death cult.
Yes, we should be doing this effectively and successfully. And we could, if we put sufficient resources and talent behind such information efforts. Unfortunately, Western governments in particular have shown themselves to be utterly inept in this department to date.
Have you seen any of the current ISIL recruitment videos? They’re colorful, fast-paced, energetic, and incredibly professional. Absolutely state of the art 21st century propaganda aimed at young people.
By contrast, Western videos that attempt to push back against these groups seem more on the level of the boring health education slide shows we were shown in class back when I was in elementary school.
Small wonder that we’re losing this information war. This is something we can fix right now, if we truly want to.
The foundational issue is that immense amounts of video are being uploaded to services like YouTube (and now Facebook and others) at incredible rates that make any kind of human “previewing” of materials before publication entirely impractical, even if there were agreement (which there certainly is not) that such previewing was desirable or appropriate.
Services like Google’s YouTube run a variety of increasingly sophisticated automated systems to scan for various content potentially violating their ToS, but these systems are not magical in nature, and a great deal of material slips through and can stay online for long periods.
These facts tend to render nonsensical recent claims by some (mostly nontechnical) observers that it would be “simple” for services like YouTube to automatically block “terrorist” videos, in the manner that various major services currently detect child porn images.
Tomi Engdahl says:
Washington Post:
White House announces DHS-led counter-terrorism task force involving other federal, local agencies, plus revamp of State Department effort to fight ISIS online
Obama administration plans shake-up in propaganda war against the Islamic State
https://www.washingtonpost.com/world/national-security/obama-administration-plans-shake-up-in-propaganda-war-against-the-islamic-state/2016/01/08/d482255c-b585-11e5-a842-0feb51d1d124_story.html
The Obama administration is overhauling its faltering efforts to combat the online propaganda of the Islamic State and other terrorist groups, U.S. officials said, reflecting rising White House frustration with largely ineffective efforts so far to cut into ISIS’s use of social media to draw recruits and incite attacks.
Officials will create a new counterterrorism task force, which will be based at the Department of Homeland Security but aims to enlist dozens of federal and local agencies.
The moves come at a time of increasing public anxiety and criticism of the administration’s strategy after recent attacks in Paris and San Bernardino, Calif., that were linked to or partly inspired by the Islamic State.
“Everybody realizes that this is a moment . . . to take advantage of,”
“Ultimately, it is not going to be enough to defeat ISIL in the battlefield,” Obama told representatives from more than 100 nations and civil society groups . “We have to prevent it from radicalizing, recruiting and inspiring others to violence in the first place. And this means defeating their ideology.”
But one of the biggest problems the administration has faced is determining whether any of it is working. As the U.S. government’s counter-messaging campaign has grown, so has the Islamic State’s recruitment spread.
“The climate overall has become pretty bad,” a U.S. official said. “Our business is an uphill business.”
Friday’s high-level conference with senior executives of YouTube, Facebook, Twitter, Microsoft, LinkedIn and Apple is the administration’s most ambitious attempt to persuade those companies to collaborate in the counter-militant campaign.
“The idea is to come out with a work plan,” one administration official said. “Nobody wants to have their platforms co-opted by terrorists.”
The assembled firepower was puzzling to some in Silicon Valley
Many were angered by the public fallout for their prior cooperation with the government, the extent of which was exposed in documents leaked by former U.S. intelligence contractor Edward Snowden.
“Being seen as having the U.S. government force our hands makes others around the world lose confidence in us,” said an industry official
Tomi Engdahl says:
Justin Jouvenal / Washington Post:
Some police forces score citizens’ threat level with Intrado’s Beware software based on your medical, criminal history, and social media posts
The new way police are surveilling you: Calculating your threat ‘score’
https://www.washingtonpost.com/local/public-safety/the-new-way-police-are-surveilling-you-calculating-your-threat-score/2016/01/10/e42bccac-8e15-11e5-baf4-bdf37355da0c_story.html
FRESNO, Calif. — While officers raced to a recent 911 call about a man threatening his ex-girlfriend, a police operator in headquarters consulted software that scored the suspect’s potential for violence the way a bank might run a credit report.
The program scoured billions of data points, including arrest reports, property records, commercial databases, deep Web searches and the man’s social- media postings. It calculated his threat level as the highest of three color-coded scores: a bright red warning.
The man had a firearm conviction and gang associations, so out of caution police called a negotiator. The suspect surrendered, and police said the intelligence helped them make the right call — it turned out he had a gun.
As a national debate has played out over mass surveillance by the National Security Agency, a new generation of technology such as the Beware software being used in Fresno has given local law enforcement officers unprecedented power to peer into the lives of citizens.
Police officials say such tools can provide critical information that can help uncover terrorists or thwart mass shootings, ensure the safety of officers and the public, find suspects, and crack open cases. They say that last year’s attacks in Paris and San Bernardino, Calif., have only underscored the need for such measures.
Tomi Engdahl says:
ISIS Has Its Own Secure Messaging App
http://fortune.com/2016/01/13/isis-has-its-own-secure-messaging-app/
Encrypted communication for the modern terrorist.
The Islamic State has long relied on messaging apps like Facebook’s FB -3.93% What’sApp, Telegram, and Twitter TWTR -4.79% direct messaging to communicate and distribute propaganda. Now, online counterterrorism outfit Ghost Security Group claims ISIS has built its own Android-based, encrypted messaging app that circumvents conventional messaging apps like WhatsApp that are easier for the F.B.I. to monitor.
Ghost Security is the same hacking collective that last month pointed out that ISIS members used Telegram
The site hosting the Amaq Agency app download has since disappeared. Shortly thereafter another app surfaced in its place called Alrawi.apk.
These messaging features aren’t quite as secure or sophisticated as those of Telegram or WhatsApp, but they share the distinct advantage of being independent of any third-party company or organization that might help anti-ISIS governments or law enforcement agencies. In recent months, FBI Director James Comey and others within the U.S. national security apparatus have argued that governments should require services like WhatsApp to build back doors into their encryption so law enforcement can more easily intercept terrorist communications.
Without going quite as far as Comey, President Barack Obama and presidential contenders like Hillary Clinton have in recent weeks urged Silicon Valley to voluntarily join the fight against ISIS.
The emergence of a messaging app by ISIS complicates those efforts. With its own encrypted messaging app, ISIS doesn’t have to worry about WhatsApp or another of its favorite messaging services letting the FBI or other agencies in.
Communication has become a cornerstone of ISIS’s operations as the organization has spread not only across Iraq and Syria, but also into Libya, Egypt, and elsewhere in the region.
The group has also taken to encouraging so-called “lone wolf” attackers to take up the ISIS cause in their own countries
Even when it is not being particularly tech-savvy, ISIS drives home the importance of secure communications to its members and prospective followers.
“Any operation that doesn’t have a strong security and precaution base is deemed to fail, just like a big building needs strong foundations,” the booklet says. “Security precautions are the foundations of any operation.”