15 secure apps ISIS terrorists are using to communicate online

After deadly terrorist attacks killed 129 people in Paris, France, government officials have condemned the technology industry's embrace of encryption, which ensures user privacy but also makes it harder for government eyes to intercept the communications of terrorists and criminals.

Advertisement

It's a problem felt by authorities and tech companies alike that has become more pronounced. Especially after a number of major companies were embarrassed by the Edward Snowden's leaks, which showed the National Security Agency was sifting through everything from people's email to their Facebook messages and Skype video chats. 

ISIS Raqqa
Militant Islamist fighters take part in a military parade along the streets of northern Raqqa province, June 30, 2014. REUTERS/Stringer

"I don't know anyone who says 'I love what ISIS is doing' [with encryption technology]," Anthony Pompliano, a former product manager at Facebook, told Tech Insider. "But at the same time, I don't know anyone who is saying we should violate people's civil rights to stop that."

So what technologies are terrorists using to communicate these days? It turns out that ISIS members have been passing around a 34-page guide to operational security, which gives a good overview of exactly that. Though the document originated from a Kuwaiti cybersecurity firm to help activists and journalists, Aaron Brantley and researchers with West Point's Combating Terrorism Center noticed the document's appearance on jihadi forums, seemingly using the tips and tricks for their own ends.

Advertisement

Government officials have increasingly come out against the use of encryption in consumer technology products, with some even asking for "backdoors."

James Comey FBI Director
FBI Director James Comey takes a question from a reporter during a news conference at the FBI office in Boston, Massachusetts November 18, 2014. REUTERS/Brian Snyder

But post-Snowden, that's a tough pill for many in Silicon Valley to swallow.

edward snowden
Michael Buckner/Getty Images
Advertisement

And if there's anything this manual on tech security shows, there are likely more secure apps than intelligence officials can keep up with.

htc one m8 windows app store
Steve Kovach/Business Insider
Advertisement

The manual does allow users to go on Twitter, but only through the secure web version or the official Android or iOS application.

laptop twitter feed
WorldBank/Flickr

Tech Insider reached out to Twitter, and we'll update if we hear back.

It goes on to instruct users in securing their Twitter account, and recommends two-step authorization.

twitter
A man uses a smartphone in New York City, in this picture taken November 6, 2013. REUTERS/Mike Segar
Advertisement

The preferred email services for are non-US companies, like <a href="https://www.hushmail.com/">Hushmail</a> and the invite-only <a href="https://protonmail.com/">ProtonMail</a>. Both offer free and easy-to-use encrypted email.

hushmail
Hushmail/screenshot

"It’s unfortunate to see us mentioned in the manual," Ben Cutler, the CEO of Hushmail, told Tech Insider in an email. "Hushmail is not suitable for any kind of illegal activity. We state prominently on our website, and It is widely known that we cooperate fully and expeditiously with authorities pursuing evidence via valid legal channels."

We also reached out to representatives of ProtonMail, who told Tech Insider they found out about the ISIS manual a couple of days ago. Dr. Andy Yen, CEO of Proton Technologies AG, told Tech Insider:

"ProtonMail is the world's largest secure email service, and unfortunately, out of 1 million users, we will have some who use the service for illegal purposes. Our intent when creating ProtonMail was to protect at risk groups such as democracy activists, dissidents, and journalists, but technology does not distinguish between good and bad, so the same technology that protects these groups can unfortunately also protect ISIS. This is in fact a strong validation that our end-to-end encryption technology works well and cannot be compromised to specifically target certain groups. ... ISIS doesn't just use ProtonMail, they also use Twitter, mobile phones, and rental cars, so we couldn't possibly ban everything that ISIS uses without disrupting democracy and our way of life, and in effect achieving one of the prime objectives of terrorism."

Advertisement

For secure phone calls, the manual recommends encrypted phones like the German-made <a href="http://www.cryptophone.de/">CryptoPhone</a> or <a href="https://www.blackphone.ch/">BlackPhone</a>. Both offer secure message and voice communication.

blackphone2
via PopularScience

Cryptophone spokesperson Karl Osterberg told Tech Insider the company is under strict German and European export control regulations, and the company "[considers] it highly unlikely that GSMK CryptoPhone products are in active use by IS terrorists."

A spokesperson for Silent Circle, the maker of BlackPhone, told Tech Insider: 

"We provide secure communications—not anonymity—and we will not tolerate bad actors using our service. We deliver peer-to-peer encryption technology through a paid subscription service to governments, consumers and enterprises, including many of the military and law enforcement agencies confronting terrorism today. 
 
Encryption plays an important part of maintaining digital security in everyday life—from online banking to intellectual property – and we will continue to responsibly deliver our services without ever compromising the highest standards of security and privacy."
Advertisement

For users without internet, the manual recommends apps like FireChat, Tin Can, or The Serval Project.

firechat
Reuters

Tech Insider reached out to the developers behind FireChat, Tin Can, and The Serval Project, and we'll update if we hear back.

Advertisement

The manual recommends the <a href="https://www.f-secure.com/en_US/web/home_us/mobile-security">Freedome</a> service to protect from spyware and fraudulent websites.

Windows PC laptop
Flickr/P7302833

Tech Insider reached out to F-Secure, and we'll update if we hear back.

Advertisement

And <a href="https://www.avast.com/en-us/secureline-vpn">Avast SecureLine</a> to mask their true IP addresses, which could fool someone into thinking a jihadi in Syria was instead browsing from South Korea.

Avast SecureLine
Screenshot

Tech Insider reached out to Avast for comment, and its CEO Vince Steckler offered this statement:

"We are very disturbed to read that our SecureLine product is amongst a list of products in an ISIS guide on how to hide oneself. SecureLine is a popular VPN (virtual private network)  that is designed to be used by people who are concerned about their privacy. This includes businesses communicating sensitive commercial information, pro-democracy activists who are worried about being snooped on by authoritarian governments, and others who simply value privacy. It is in the nature of these sorts of products that they cannot be policed. Unfortunately, we live in a time where we see good software products designed for good purposes being used for malicious intent. Avast is committed to the safety and security of our customers and staying ahead of the bad guys who hurt innocent people."

Advertisement

For users who need even more security, the manual recommends the Tor internet browser. It's a favorite among hackers and security-minded pros, since it hides your ID and encrypts everything.

tor
EFF

Tech Insider reached out to the Tor Project, and we'll update if we hear back.

Advertisement
Advertisement

An included note recommends downloading an older version, since TC's website now has a cryptic message about "unfixed security issues."

TrueCrypt
TrueCrypt/screenshot

The manual also mentions <a href="http://www.techinsider.io/isis-to-followers-download-telegram-2015-11">Telegram,</a> an encrypted mobile messaging app that can host different channels where ISIS members can talk in a group setting.

Telegram for Android
Telegram

Tech Insider reached out to Telegram, and we'll update if we hear back.

Advertisement

One thing is certain: With apps on this list from companies around the world, US government officials asking for encryption "backdoors" aren't likely to get it.

hackers
People pose in front of a display showing the word 'cyber' in binary code, in this picture illustration taken in Zenica December 27, 2014. REUTERS/Dado Ruvic
Isis Apps
Advertisement
Close icon Two crossed lines that form an 'X'. It indicates a way to close an interaction, or dismiss a notification.