This story is available exclusively to Business Insider
subscribers.
Become an Insider
and start reading now.Have an account? .
After deadly terrorist attacks killed 129 people in Paris, France, government officials have condemned the technology industry's embrace of encryption, which ensures user privacy but also makes it harder for government eyes to intercept the communications of terrorists and criminals.
Advertisement
It's a problem felt by authorities and tech companies alike that has become more pronounced. Especially after a number of major companies were embarrassed by the Edward Snowden's leaks, which showed the National Security Agency was sifting through everything from people's email to their Facebook messages and Skype video chats.
This story is available exclusively to Business Insider
subscribers.
Become an Insider
and start reading now.Have an account? .
"I don't know anyone who says 'I love what ISIS is doing' [with encryption technology]," Anthony Pompliano, a former product manager at Facebook, told Tech Insider. "But at the same time, I don't know anyone who is saying we should violate people's civil rights to stop that."
So what technologies are terrorists using to communicate these days? It turns out that ISIS members have been passing around a 34-page guide to operational security, which gives a good overview of exactly that. Though the document originated from a Kuwaiti cybersecurity firm to help activists and journalists, Aaron Brantley and researchers with West Point's Combating Terrorism Center noticed the document's appearance on jihadi forums, seemingly using the tips and tricks for their own ends.
Advertisement
Government officials have increasingly come out against the use of encryption in consumer technology products, with some even asking for "backdoors."
But post-Snowden, that's a tough pill for many in Silicon Valley to swallow.
Advertisement
And if there's anything this manual on tech security shows, there are likely more secure apps than intelligence officials can keep up with.
<a href="https://itunes.apple.com/us/app/mappr-latergram-location-editor/id602795211?mt=8">Mappr</a> is a recommended tool that can change location data on photos, so they don't reveal where they actually are.
Tech Insider reached out to the developer behind Mappr, and we'll update if we hear back.
Advertisement
The manual does allow users to go on Twitter, but only through the secure web version or the official Android or iOS application.
Tech Insider reached out to Twitter, and we'll update if we hear back.
It goes on to instruct users in securing their Twitter account, and recommends two-step authorization.
Advertisement
The preferred email services for are non-US companies, like <a href="https://www.hushmail.com/">Hushmail</a> and the invite-only <a href="https://protonmail.com/">ProtonMail</a>. Both offer free and easy-to-use encrypted email.
"It’s unfortunate to see us mentioned in the manual," Ben Cutler, the CEO of Hushmail, told Tech Insider in an email. "Hushmail is not suitable for any kind of illegal activity. We state prominently on our website, and It is widely known that we cooperate fully and expeditiously with authorities pursuing evidence via valid legal channels."
We also reached out to representatives of ProtonMail, who told Tech Insider they found out about the ISIS manual a couple of days ago. Dr. Andy Yen, CEO of Proton Technologies AG, told Tech Insider:
"ProtonMail is the world's largest secure email service, and unfortunately, out of 1 million users, we will have some who use the service for illegal purposes. Our intent when creating ProtonMail was to protect at risk groups such as democracy activists, dissidents, and journalists, but technology does not distinguish between good and bad, so the same technology that protects these groups can unfortunately also protect ISIS. This is in fact a strong validation that our end-to-end encryption technology works well and cannot be compromised to specifically target certain groups. ... ISIS doesn't just use ProtonMail, they also use Twitter, mobile phones, and rental cars, so we couldn't possibly ban everything that ISIS uses without disrupting democracy and our way of life, and in effect achieving one of the prime objectives of terrorism."
Advertisement
For secure phone calls, the manual recommends encrypted phones like the German-made <a href="http://www.cryptophone.de/">CryptoPhone</a> or <a href="https://www.blackphone.ch/">BlackPhone</a>. Both offer secure message and voice communication.
Cryptophone spokesperson Karl Osterberg told Tech Insider the company is under strict German and European export control regulations, and the company "[considers] it highly unlikely that GSMK CryptoPhone products are in active use by IS terrorists."
A spokesperson for Silent Circle, the maker of BlackPhone, told Tech Insider:
"We provide secure communications—not anonymity—and we will not tolerate bad actors using our service. We deliver peer-to-peer encryption technology through a paid subscription service to governments, consumers and enterprises, including many of the military and law enforcement agencies confronting terrorism today.
Encryption plays an important part of maintaining digital security in everyday life—from online banking to intellectual property – and we will continue to responsibly deliver our services without ever compromising the highest standards of security and privacy."
Advertisement
For users without internet, the manual recommends apps like FireChat, Tin Can, or The Serval Project.
Tech Insider reached out to the developers behind FireChat, Tin Can, and The Serval Project, and we'll update if we hear back.
Also popular among activists under repressive governments, these apps allow users to message each other without internet connectivity sometimes up to 200 meters away, though the manual notes they are not encrypted.
Advertisement
The manual recommends the <a href="https://www.f-secure.com/en_US/web/home_us/mobile-security">Freedome</a> service to protect from spyware and fraudulent websites.
Tech Insider reached out to F-Secure, and we'll update if we hear back.
Advertisement
And <a href="https://www.avast.com/en-us/secureline-vpn">Avast SecureLine</a> to mask their true IP addresses, which could fool someone into thinking a jihadi in Syria was instead browsing from South Korea.
Tech Insider reached out to Avast for comment, and its CEO Vince Steckler offered this statement:
"We are very disturbed to read that our SecureLine product is amongst a list of products in an ISIS guide on how to hide oneself. SecureLine is a popular VPN (virtual private network) that is designed to be used by people who are concerned about their privacy. This includes businesses communicating sensitive commercial information, pro-democracy activists who are worried about being snooped on by authoritarian governments, and others who simply value privacy. It is in the nature of these sorts of products that they cannot be policed. Unfortunately, we live in a time where we see good software products designed for good purposes being used for malicious intent. Avast is committed to the safety and security of our customers and staying ahead of the bad guys who hurt innocent people."
Advertisement
For users who need even more security, the manual recommends the Tor internet browser. It's a favorite among hackers and security-minded pros, since it hides your ID and encrypts everything.
Tech Insider reached out to the Tor Project, and we'll update if we hear back.
Advertisement
To encrypt files, the recommended programs are VeraCrypt and TrueCrypt, which even Edward Snowden has endorsed in the past.
We were unable to find an email address for the makers of TrueCrypt, but a spokesperson for VeraCrypt did respond.
"Unfortunately, encryption software like VeraCrypt has been and will always be used by bad guys to hide their data and such events must not make us forget the importance of encryption in the protection of privacy and corporate assets," Mounir Idrassi, the CEO of Idrix (which makes Veracrypt), told Tech Insider. "Their use by criminals and terrorists is unfortunate but such people are already able to get their hands on heavy weapons and explosives despite the ban on their sale, so access to encryption by these guys will always be possible no matter what regulation is put in place."
Advertisement
An included note recommends downloading an older version, since TC's website now has a cryptic message about "unfixed security issues."
The manual also mentions <a href="http://www.techinsider.io/isis-to-followers-download-telegram-2015-11">Telegram,</a> an encrypted mobile messaging app that can host different channels where ISIS members can talk in a group setting.
Tech Insider reached out to Telegram, and we'll update if we hear back.
Advertisement
One thing is certain: With apps on this list from companies around the world, US government officials asking for encryption "backdoors" aren't likely to get it.
Read next
NEW LOOK
Sign up to get the inside scoop on today’s biggest stories in markets, tech, and business — delivered daily. Read preview
Thanks for signing up!
Access your favorite topics in a personalized feed while you're on the go.