Jihadists are increasingly relying on virtual private networks, or VPNs, and proxy services to avoid law enforcement, according to a new report from New York City-based security firm Flashpoint.
The firm’s report, which is based on the analysis of pro-ISIL forums discovered on the dark web, was published on Friday and is titled “Tech for Jihad: Dissecting Jihadists’ Digital Toolbox.”
U.S. defense officials understand that terrorist groups are working to produce savvy digital operations. But the extent to which these individuals are leveraging technology to accomplish their goals is slightly more difficult to decipher, Flashpoint’s research team describes.
Earlier this year, a pro-ISIS hacking collective named the United Cyber Caliphate issued an advisory warning, via a hidden discussion forum based on the dark web — an area of the internet that can only be reached using the anonymous Tor browser — to members about the use of certain VPN services. The clandestine discussion circled around best practices and recommended VPN products, according to Flashpoint.
“There is a clear increase in the release of OpSec and InfoSec proprietary jihadi manuals, suggesting the increasingly comprehensive outlook jihadists have on their cybersecurity and online operations,” Laith Alkhouri, Flashpoint’s co-founder and director of Middle East and North Africa Research, told FedScoop.
Broadly speaking, VPNs are attractive to criminals because they allow for secure access to a private network even while connected to unsecured Wi-Fi networks.
According to the report, terrorist groups’ understanding and use of VPNs has notably improved and matured over time, especially since Flashpoint first found evidence in 2012 of pro-Al-Qaida users encouraging one another to adopt the CyberGhost VPN service — which uses SSL/TLS Internet protocol flowing through a local server to encrypt communications.
“As time progressed, jihadist forum dialogue continued to evolve from basic recommendations to the circulation of meticulous manuals and critical reviews,” researchers explain.
Later in 2014, users on the dark web forum found weaknesses in CyberGhost — specifically, that the aforementioned software would not change a computer’s hard disk serial number. When viewed online, a hard disk serial number can be used by authorities as a digital identifier.
“Over the past two years, jihadist chatter within Deep and Dark Web forums indicates that pro-ISIS and Al-Qaida actors employ numerous encrypted and temporary e-mail services to communicate confidentially,” the report reads.
One of the most popular anonymous web browsers approved by jihadists, according to Flashpoint, is Opera. It contains a free VPN and ad-blocking service, and is compatible with the Android mobile operating system — which is especially popular in the developing world.
“Although technology is not typically associated with jihadists, it is their lifeblood. Jihadists’ reliance on technology for survival pushes the jihadist community to constantly learn, adapt, and advance through various technological tools,” the report concludes.
To contact the reporter on this story: send an email via firstname.lastname@example.org or follow him on Twitter at @Bing_Chris. Subscribe to CyberScoop to get all the cybersecurity news you need in your inbox every day at CyberScoop.com.