9th of February, 2016

In the wake of the horrible atrocities that occurred in Paris and San Bernardino — and far too many other places, far too frequently for me to wish continuing a list — I find media outlets discussing issues that seem irrelevant when stood beside the deafening scream for humanity that comes from reproachable terror attacks. It is because of this that I’ve chosen to carefully take the time to craft this article, allowing the primary issues the focus and respect they deserve.

​

In that time, I found myself racking my brain trying to come up with an elegant way to counter the anti-encryption rhetoric that has been carelessly spouted by Government agencies, and in my own way, stand beside my fellow privacy advocates and tech writers against this alarming propaganda. Inspiration, in the unusual ways it happens, came to me from Sarah Koenig — the captivating voice of Serial — when, in closing her first season, she said how she wants to receive the story, “Just tell me the facts”. For this reason I endeavour to give you, in a straightforward way, just the facts in order to answer the big question: How do terrorists really talk to each other Online?

​

Unencrypted Communication Tools

​

Written in the impassioned words of InfoWorld’s Paul Venezia comes information on how  communication was carried out between the attackers in Paris. Importantly, Venezia notes that simply saying that the terrorists communicated using encryption is equivalent to saying they had used words and sounds. Although it’s very true that most information online is encrypted by default (as we can see with the mass migration towards demanding SSL certificates), using the word “encryption” alone specifies nothing at all.  To be specific, attackers in Paris used what Bruce Schneier referred to as double ROT-13 encryption––a joke revolving around the substitution cipher that essentially meant, they used text.

​

Email and SMS

​

Yes, sadly it’s true. Terrorist organizations have, successfully, used regular email and texts to communicate. This was seen in the 9/11 attacks, where a simple code of switches to the words White House (Politics), Pentagon (Arts), and World Trade Towers (Architecture)sufficed to mask their intentions.

​

Obfuscation

​

When attempting to cloak their communications from the watchful eyes that attempt to stop them, terrorists often choose the route of obfuscation. That is, rather than using strong encryption, the attackers hide messages with various types of noise that helps them get lost in plain sight. Below are some examples of obfuscation used by terrorists in the past.  

​

1. Social Media, Chat Rooms, and Gaming

​

Referenced in the BBC’s article, we learn that terrorists will often employ these innocent channels, hiding their communication in a sea of contemporary chatter.  

​

2. Porn, eBay, & Reddit

​

Hidden in the message boards of Reddit, items for sale on eBay, and even in pornographic images are communications between terrorist. Upon decoding, this communication––stuffed in high-traffic, but inconspicuous locations––has been known to contain information on planned, upcoming attacks. For more on this topic please read,Gideon’s Spies: The Secret History of the Mossad.  

​

3. Steganography

​

Briefly seen with the pornographic images, steganography is a common practice in which messages are hidden within image pixels, invisible to the naked eye.

​

Self-Run Publications

​

In today’s online landscape, terrorists, like us, are not limited to mainstream media outlets. Following heavy edits made to videos given to Al Jazeera in 2001, terrorist organizations including Al Qaeda, the Taliban, and al Shabab have created their own publications where they disseminate communications as well as their own disturbing propaganda.  

​

Why Not Encryption?

 

Noted in eWEEK, one of the reasons the attacks in Paris were so successful was because, rather than new-age encryption, the attackers stayed low-tech––something that Intelligence agencies apparently missed. The logic here is quite simple: if all the police are on the highway, you take the side roads. This idea isn’t new, though, as terrorist organizations have avoided technologies like the satellite phone, even though it makes communications in their remote, hidden bases easier. This is because they are well aware of Intelligences monitoring the location from the phone’s signal.

 

So, am I claiming that these are the only methods used for terrorist communication? Of course not. And, to be clear, there isn’t a person on this planet who could confidently make that claim. The methods of connecting are endless––iterations of the Cold War’s dead drop are even still used to convey messages. Along with dead drops, there is also an entirely separate section of communication employed by terrorist groups that does not take place online. Podcasts, like Serialand Radiolab,  have made mention of children being used to transfer messages, creating a completely separate form of obfuscation. To see the much longer list of all noted terrorist communication channels, take a look at some of the articles we’ve sourced, particularly the BBC’s article, How do Terrorists Communicate, linked earlier and referenced thoroughly in this article. Finally,  if you are interested in discovering more about this battle between Government and encryption, check out the recent report out of Harvard that attempts to debunk the ‘Going Dark’ claim.

 

While I haven’t offered you the master list of every tool used by every terrorist, we do have enough information to safely say that terrorists choose a host of communication methods–– many plainly readable or laughably easy to decrypt––to plan and execute attacks, as well as disseminate propaganda. To pigeonhole terrorist communication as encrypted communication is reckless and dangerous. As stated by Apple CEO Tim Cook, there is no such thing as a backdoor for the good guys alone; any back doors we open to improve our “security” will always remain open for those who would use them with malicious intentions. He continues by saying creating backdoors would be an invitation to hackers and cybercriminals essentially saying, “come and get us”.

 

In closing, I will echo the words of Venezia. This isn’t a game–– it’s reality, and there are real consequences for all of us which stem from this debate. We need to protest anti-encryption propaganda now so that the real discussion on how to effectively combat terrorist communication on our Internet can begin.