CNBC Explains

The rise of tech-savvy global terrorism networks

The technology proficiency of terrorist organizations is on a swift rise.

As governments continue to unravel the planning behind the Paris attacks, groups such as the Islamic State and Boko Haram are using consumer technology products and social media to communicate and propagandize.

In January 2015, the Twitter account of the US Central Command (Centcom) was hacked and pro-ISIS messages were posted on it. The hack was allegedly carried out by ISIS.

"The Islamic State uses a wide variety of communication technologies, just as we do, the public," said Joe Hall, chief technologist at the Center for Democracy & Technology, a Washington, D.C.-based nonprofit organization dedicated to ensuring the Internet remains open, innovative and free.

The Islamic State devotes a division of its commanders to educating both sympathizers and members alike on how to use new, encrypted communications.

Syed Rizwan Farook, in an undated image from social media.
FBI: Investigating Calif massacre as 'act of terrorism'

"The efficacy of their operation is largely derived from the emphasis on easy-to-use, popular technologies — by creating a dual use for Twitter and others as not only social media platforms but also as both broadcast channels and tools," said Michael S. Smith II, a Congressional counter-terrorism consultant at Kronos Advisory.

Smith serves as a liaison for hacking collective Ghost Security Group — a counterterrorism organization that uses data mining to combat extremist groups. Ghost Security Group found the following applications receive the most attention among members and supporters of the Islamic State: Twitter, Facebook, Telegram, Threema, Kik, Wickr, SureSpot and WhatsApp, which is owned by Facebook. Ghost Security Group sent the information to Smith, who is not a member of Ghost, to share with governments.

'Encrypt almost everything'

The expansion of encryption is not going to slow down.

"Very soon regular commercial laypersons' communications devices — such as your phone or [Apple's] iMessage — are going to have to be very, very secure by default," Hall said. "We're going to encrypt almost everything in the near future."

Encryption's increasing ubiquity comes from the benefits of securing oneself against everyone from common criminals to government-level hackers. And the answer is not by trying to staunch the flow of products or access to applications to certain groups.

"We might be able to stop ISIS from using iPhones, but they're going to be able to gain access to something that isn't from Cupertino, California," said David Fidler, a senior fellow for cybersecurity at the Council on Foreign Relations.

While encryption will continue to be a thorn in the side of government surveillance, the Islamic State's use of social media is also a confounding problem in efforts to slow its slick communications and recruiting. The extremist group continues to exploit the Internet in an overt, not covert, method with little resistance.

"They've developed a new model of using cyber technology as a part of their agenda," Fidler said. "And we're likely to see copycat efforts … Boko Haram, early in February and March, started to shift in the way they were using social media to follow that ISIS template."

The threat is heightened because of the Islamic State's combination of being both an organized faction, despite being decentralized, and open about their intent. "This is really the first terrorist group that has shown the type of sophistication and understanding of how off-the-shelf technology can be utilized," Fidler said. "Counterterrorism agencies want to do something about the Islamic State's abuse of social media, but we haven't yet figured out how to do it without harming our own interests."

We might be able to stop ISIS from using iPhones, but they're going to be able to gain access to something that isn't from Cupertino, California.
David Fidler
senior fellow for cybersecurity at the Council on Foreign Relations

"No one should overlook the fact that while there's an emphasis on Telegram, they're not deterred in their use of Twitter," Smith said. "They want to utilize technologies which … are quite easy to gain access to, navigate content therein and use to communicate, both publicly and secretly."

Twitter was one of the services highly recommended by ISIS in a technology security manual recently provided to WIRED magazine by researchers at the U.S. Military Academy at West Point. The manual was written in 2014 by Cyberkov, a Kuwaiti cybersecurity firm, to instruct journalists and activists in Gaza on how to protect their identities, but was later found to be co-opted by ISIS.

Social media companies, including Twitter, combat these terrorist accounts by attempting to shut them down. However, they have varying degrees of success in keeping those accounts terminated.

"At least 70 percent of the content the Islamic State is putting out is first coming on Twitter," said Steven Stalinsky, executive director of the Middle East Media Research Institute. "About a year ago a number of Twitter account holders would start advertising on their descriptions and provide links to other accounts on Kik, Whatsapp, Askfm, SureSpot, Wickr and, in the last several months, Telegram."

'No good way' to allow government encryption access: Pro
'No good way' to allow government encryption access: Pro

In the days after the Paris attacks, Telegram took down public posts made by the terrorist group and reported that it blocked 78 ISIS-related channels across 12 languages.

"Telegram did shut down some accounts but some of them came right back. Already I'm seeing five or six accounts of jihadi extremist fighters in Syria and larger groups back on Telegram," Stalinsky said. "And the number one, the heart and soul of extremist groups, continues to be Twitter."

The Wall Street Journal recently reported on when hacking collective Anonymous appeared to publish lists of accounts it linked to Islamic State and urged followers to report those accounts as violating Twitter's terms of service. Those terms of service state, "Users may not make threats of violence or promote violence, including threatening or promoting terrorism."

On encryption, big tech isn't budging

A Twitter spokesman declined to comment beyond what had already been provided by the company to the WSJ for the recent article, in which Twitter stated that such lists "are often full of inaccuracies and include academics and journalists not affiliated with a targeted group."

Facebook declined to comment but in recent comments given to WIRED, a Facebook spokesman said, "There is no place for terrorists on Facebook. We work aggressively to ensure that we do not have terrorists or terror groups using the site, and we also remove any content that praises or supports terrorism."

Wickr, Surespot, Kik and Telegram did not immediately respond to requests for comment, but have, like Twitter and Facebook, opined on this issue both before and after the Paris attacks in recent comments to the press and in blog posts.

The hacktivist group Anonymous has also reportedly declared war on ISIS, saying it "will launch the biggest-ever operation" against the terrorist group.

One approach Anonymous could take is to shut down online accounts and thus undermine ISIS' recruiting tools. Another is to embarrass ISIS by publishing evidence of the hypocrisy among its leaders. And the Islamic State remains fallible in the digital world.

US deploying new force to Iraq to boost fight against Islamic State

Regardless of how effective they are on social media, there's a debate over whether terrorist organizations remain handicapped by acting more as everyday consumers of technology than as an elite group of hackers.

"Something we've been looking for that we haven't yet seen is the class of software used by law-enforcement entities for hacking. The Islamic State is more of the tech guy than the elite hacker. They're more cryptographers and social media managers, but that's about as sophisticated as it gets," Hall said.

But a hack into the U.S. Central Command's (Centcom) Twitter account in January 2015, which revealed pro-ISIS messages, led J. M. Berger — an analyst and non-resident fellow with the Brookings Institution and author of "ISIS: The State of Terror" — to tell the Washington Post, "ISIS has a team of hackers who are very deeply involved in ISIS the organization. ... They have been practicing and recruiting for a while, and this has been going on for months and months," Berger told the Post.

The Centcom hack could be considered "hacktivism" and not true cyber warfare, a "low level" activity that is already expected of ISIS.

In referring to the recently leaked security operations' manual, which includes a section on hacking, Aaron Brantly of West Point's Combating Terrorism Center, said, "They're not super-talented hackers, but they're reasonable."

Some aspects of hacking, such as "going dark," might conflict with terrorist group goals.

"Attribution is very important for terrorist organizations. They want people to know it was them who conducted an attack, which in the cyber realm can be very difficult," said Lillian Ablon, information systems analyst at the RAND Corporation.