14.1 C
Thursday, November 23, 2017
Home Tags Jihadist

Tag: jihadist

Enlargereader comments 12 Share this story In case you were busy this weekend and missed it, there was a bit of craziness involving the Russian Foreign Ministry's website, Twitter, various news outlets, and the "patriotic hacker" known as The Jester. Nothing was harmed except the credibility of several news organizations, some eardrums, and the tender feelings of some Russian officials. If you are at all familiar with The Jester, you will know that this isn't the first time he's used Internet sleight-of-hand for propaganda and other purposes.
In the past, he used web address shortener services and cross-site scripting to create the illusion that he had altered articles on the websites of the Malta Independent Online and the Tripoli Post. He's also used various other tricks to mess with the minds of would-be Anonymous members.

And yes, he's launched distributed denial of service (DDoS) attacks against jihadist sites and the Westboro Baptist Church. Last week, in the wake of the mega-DDoS attack on Dyn, after indicating he believed Russia was somehow behind the attacks, The Jester posted this message on Twitter: #FLASH MSG 'From Russia with Love' - I'm Jester & I approve this message via the Russian Foreign Affairs Website >> https://t.co/K0pwcChX8N — JΞSTΞR ✪ ΔCTUAL³³º¹ (@th3j35t3r) October 22, 2016 It was the old URL shortener trick again, taking advantage of a cross-site scripting (XSS) vulnerability in the website of the Russian Foreign Ministry.

The result? This document was displayed within the Foreign Ministry site—creating the impression that The Jester had actually hacked the site: Wolverines! The Jester The page was also accompanied, apparently, by audio of a civil defense siren.

The page no longer loads, as the Russian Foreign Ministry has blocked the vulnerability, which was in its search engine for the site's archives.

An intermediate website feeds the script to archive.mid.ru—sort of like a web-based toilet-papering of the Ministry's site. Things took an interesting twist when the news media picked up the story.

CNN, Fox News, and US News and World Report all reported that The Jester had hacked the Foreign Ministry's website. KNOCK IT OFF! American hacker 'The Jester' takes over Russia's foreign affairs ministry website pic.twitter.com/rY5CIGJZ0k — FOX & Friends (@foxandfriends) October 24, 2016 Russian media also ran with that narrative.

At first RT.com reported that the Ministry's site had been breached, before updating the story to report that the site was never breached.

All of this, of course, was recorded by The Jester with no small amount of glee on his blog. On Sunday, Russian Foreign Ministry spokesperson Maria Zakharova said in a Facebook post that the affected site was "a former site which has not been used for a long time." According to the TASS News service, Zakharova said that security specialists were looking into the not-a-breach. Zakharova said: If they find out it was a cyberattack from America, it means that either a cyber-machine of destruction Biden and McFaul have spoken about is already at work or that the evil provocative election campaign in the United States has drove people is a state when they are ready to wreak havoc.
A report from Flashpoint Intelligence exposes the tools and techniques that jihadis use, and they're not all that different from any other security best practices. Jihadist groups like the Islamic State have made extensive use of online media, including social networking in order to communicate their message and recruit supporters.

According to a new report from security firm Flashpoint Intelligence titled, "Tech for Jihad: Dissecting Jihadists' Digital Toolbox," the tools used are fairly sophisticated and aren't all that different from what privacy advocates often employ.The data for the report was obtained by way of multiple sources, according to Laith Alkhouri, Flashpoint co-founder and the director of research and analysis for the Middle East and North Africa.

The intelligence was mainly collected from primary sources, including private, invitation-only channels on the Deep Web, mainly ISIS supportive Web forums and Telegram channels, Alkhouri said."While the majority of references are to pro-ISIS jihadists, as they're the most active, online activists who believe and spread the jihadi ideology in general are adapting some of these measures already," Alkhouri told eWEEK.Among the techniques and tools used by the jihadists that Flashpoint analyzed are secure Web browsers, VPNs, protected email services and encrypted messaging programs.

The overall sophistication of the tools and techniques used was not surprising to Alkhouri. "Online jihadists, especially in the wake of ISIS' rise, have demonstrated a trend of growth, adaptation, and relentless motivation to escape the already-aggressive scrutiny imposed on them," Alkhouri said. "In other words, they're always under the microscope, and thus they constantly search for ways to protect their identity and cover their digital footprints." On the secure browser side, Flashpoint's analysis found that jihadists are making use of the Tor Browser, which routes connections through the Tor network as a way to hide where a connection is coming from.

Additionally, Alkhouri noted that there has been mention of TAILS Linux as a secure operating system by tech-savvy jihadists.

TAILS—which stands for The Amnesic Incognito Live System—first rose to notoriety in 2013 as the Linux distribution used by U.S. National Security Agency (NSA) whistleblower Edward Snowden.
In addition to the Tor browser, jihadists are also using VPN and proxy services in an attempt to further obfuscate their locations.Alkhouri commented that many jihadists use, and preach, the application of more than just Tor to stay hidden. "Some of this goes back to some who believe that TOR is American government-developed and as such must be trackable," Alkhouri said. "There has been a clear advocacy for VPN/proxy services that, jihadists believe, reduces their risk if they are European or Asian. Plus, they exploit the free trials VPNs/proxies offer by constantly reregistering under different accounts."In terms of encrypted messaging platforms, Flashpoint found that jihadists are using Telegram, Threema and, to a lesser extent, WhatsApp."We've previously come across fundraising campaigns for alleged Al-Qaida fighters in Syria and Gaza, using WhatsApp and Skype, and lately, channels on Telegram for small firearm trade are advertising WhatsApp numbers for dealers and buyers in Yemen," Alkhouri said.Open social media, including Facebook and Twitter, is critical for jihadists, he said, adding that today jihadists are facing the most aggressive counter jihadist campaigns on social media, spearheaded by Twitter and Facebook."There has been numerous instances of Instagram use, but by far much less than Twitter," Alkhouri said. "In paraphrasing the words of one admin of top-tier Deep Web ISIS Web forums, Twitter is indispensable for the mass dissemination of their message, to reach the highest number of people."Overall, what seems to be apparent is that jihadists are in large part making use of similar tools, techniques and best practices that are often employed by privacy advocates.

The fact that jihadists make use of the same tools as privacy advocates is not a surprise either."It tells us that just as much as the average security-conscious individual is worried about information security, online jihadists are more worried about arrest, court prosecution and all sorts of law enforcement trouble," Alkhouri said. "Hence, it's of utmost importance that they pivot and adapt and operate safely online."Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com.

Follow him on Twitter
Secure browsers, VPNs, protected email apps, and mobile security apps are just tip of iceberg, Flashpoint report shows. An analysis of activity on the Dark Web shows that jihadist groups are taking advantage of a wider range of technology tools and secure services than generally assumed for propaganda and communication purposes. Researchers from security vendor Flashpoint recently examined data obtained from what they described as primary sources from the Deep and Dark Web to understand how those affiliated with terror groups maintain online presences without being detected. The analysis showed that jihadist groups rely on six broad categories of digital tools and services to maintain an online presence, obscure their tracks from law enforcement, to proselytize, and to communicate with each other.

The tools include secure browsers like Tor, proxy services and virtual private networks (VPNs) such as CyberGhost VPN, protected email services, and encrypted chat and messenger tools. “Jihadists enact stringent online security measures starting with the World Wide Web’s most fundamental portal: browsers,” the Flashpoint report observed. Unlike a majority of online users who access the Web with browsers like Chrome, Safari, and Firefox, those involved in terror activities tend to use either the Tor browser or the VPN-equipped Opera browser -- both of which offer a way for users to browse relatively securely without easily revealing their IP addresses. They tend to combine the use of secure browsers with VPN tools such as F-Secure Freedome and CyberGhostVPN to make it more difficult from law enforcement to keep tabs on their online activities, the Flashpoint report said. When it comes to email services, pro-ISIS and Al-Qaida affiliated groups tend to use a slew of protected email services to try and remain under the law enforcement radar.

Among the email services that are popular among such groups are Hush-Mail; ProtonMail, an encrypted email service developed by researchers at CERN and MIT; and GhostMail, an encrypted email service from Switzerland. Services that offer temporary, disposable email accounts without requiring users to register for an account are also popular. One example is YOPmail, a service that was used by Al-Qaida in Yemen to release a video of a terror attack on the office of French satirical newspaper Charlie Hebdo last January, Flashpoint said. Black Hat’s CISO Summit Aug 2 offers executive-level insights into technologies and issues security execs need to keep pace with the speed of business.

Click to register.
Applications that allow terror groups to use mobile devices relatively securely are also apparently very popular on the Dark Web. Jihadist groups rely heavily on mobile technologies to communicate and stay in touch with others. But they appear acutely aware of the risks involved in using mobile devices and are leveraging a variety of tools to make it harder for law enforcement to monitor them, Flashpoint said.

Among such tools are Fake GPS, which provides a false physical location when users are using certain apps like Facebook; ISHREDDER Pro for permanently deleting files; and AFWall, an open source firewall for mobile devices. Besides the tools, jihadists also appear to be getting plenty of support and advice on how to use technology safely, from tech savvy peers. In one case documented in the Flashpoint report, a member of a jihadist forum distributed best practices and guidelines for using Tor.
In another incident, a forum member released a manual offering details on how to mask IP addresses and browse anonymously using CyberGhost VPN.

The advice covered weaknesses in VPN technology and workarounds for addressing them, like using a particular software tool to hide a computer’s disk serial number when browsing.  Meanwhile, a jihadist organization known as Horizons released a multi-episode series on the secure use of mobile devices for jihadist purposes on Telegram, an encrypted communications platform. “Jihadists’ reliance on technology for survival pushes the jihadist community to constantly learn, adapt, and advance through various technological tools,” Flashpoint said in its report. “[Their] unrelenting drive to adapt and conceal their online operations presents unique challenges to monitoring them.” Related stories:   Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ...
View Full Bio More Insights