How Terrorists Communicate – Tech Secrets of The Dark Web

Thirteen years ago, in 2002, I co-authored a 468 page book titled "M-Commerce Security" that was published by McGraw-Hill Professional as part of its Network Professional's Library series. The book went on to become a key academic text at universities on the topic of security in mobile transactions. Although the book is dated by today's standards, the horrific recent attacks in Paris and the ones before in Boston, Mumbai and other parts of the world got me thinking about the methods that terrorists might be using to communicate with each other to plan such attacks over a very different Internet to what it was in 2002. The attacks highlight the difficulties that western intelligence agencies are experiencing when tracking terror groups across the globe that are increasingly using sophisticated digital techniques to communicate and orchestrate mass attacks on civilians. Many even believe that whistleblower Edward Snowden should shoulder some of the responsibility for the loss of life in the recent Paris attacks now that terrorists are using what they learned from his revelations having developed a much better understanding of exactly what governments can and cannot monitor. Mr. Snowden if you recall was the former CIA employee and US government contractor who leaked classified information from the United States National Security Agency (NSA) in 2013 revealing a large number of global surveillance programs carried out by the NSA and Five Eyes [intelligence alliance comprising Australia, Canada, New Zealand, the United Kingdom, and the United States] in collaboration with telecommunication companies and many European governments. Regardless of which side of the Privacy debate you are on, here is a lay of the land that will help you understand some of the ways that extremists might be communicating and transacting on the Internet.

The Dark & Deep Web

The Dark Web is basically a term used to define a group of regular everyday websites that we can visit, however are unable to determine who is behind these sites i.e. where the IP address really resides or the source of the hosting site itself. The sites are also not trackable by Google and other major search engines. One can hide a website's identity using a special encryption tool called TOR that first debuted in 2002 as The Onion Routing project built by the U.S. Naval Research Laboratory as a way of communicating online without being detected. Tor (an acronym for The Onion Router) allows one to navigate the sinister part of the Internet that is not indexed by search engines and that encrypts connections to prevent governments or corporations from tracking any web activity. One can download the TOR browser bundle from here (assuming you're on Windows): Tor Browser and install it. Using it is certainly not rocket science. Truth be known - I have personally never done it nor intend to do it. A tool similar to TOR is I2P that is used by the Silk Road group of dark web sites. The exact differences between the dark and deep web are complex. The Deep Web essentially encompasses all websites, web forums, databases, web based email pages or post paid-subscription pages that simply cannot be found by search engines and by that definition include the Dark Web. Think bank account data behind a password or gmail pages that require a password to access. Chilling headlines will point out that over 90% of the information on the Internet is off the radar, though not all of it is used by criminals and terrorists. 

Much of this large amount of inaccessible content consists of corporate intranet sites, academic research archives, medical records or databases that everyday browsers such as Chrome, Firefox or Internet Explorer are unable to access. It is important to recognize that not all aspects of this part of the Internet represent a virtual black market where criminals promote their ill-gotten gains.

Encrypted Communication

The encrypted communications that enable terrorists to recruit, radicalize, plot and plan future atrocities are very often carried out using more familiar tools such as Snapchat, WhatsApp or iMessage that allow messages to be locked down and instantly erased without the authorities seeing anything. Intelligence officers have discovered encrypted messages being left on ebay where goods are offered for sale. Terrorists are leaving hex characters and prime numbers as secret codes to communicate on Reddit message boards. Chats that appear harmless are hardly that. Terrorist groups seem to have cryptologists with mastery of steganography, a highly specialized skill that allows them to hide files, messages, images, articles, shopping lists or videos within non-secret content on the vast digital Internet. Intelligence officials have found regular image files where the color of every 97th pixel was altered to match a particular letter of the alphabet.

In situations where encryption may not be possible such as for example on an insecure channel, terrorists have been using techniques such as Chaffing and Winnowing. For those of our readers that have grown up on a farm or have some knowledge of agriculture, you will recall how the grain remains mixed up with the gristly chaff even after it has been harvested and threshed, to then be separated by a process called winnowing where the chaff is thrown away. In digital communications, such a technique allows the sender to send a message without encryption, basically as readable text with the receiver and sender sharing a common secret key they use for verification. In this method, the confidentiality of the message is secured by a third person who concurrently sends an expressly manufactured message through the same channel as the sender. 

It is not my place to discuss the various encryption technologies since I am no expert. Suffice to say that Governments are now hiring highly specialized encryption experts including linguistic specialists to make sense of the surge in online terrorist communication activity that seems to be going undetected. For many countries electronic warfare against cyber attacks is at the core of their counter terrorism strategy.

eCommerce - The Armory

A few people if any at all are aware that there exists a full fledged arms & ammunition purchase e-commerce site on the dark web called "The Armory", a spinoff of the Internet's clandestine drug bazaar "The Silk Road" [not maestro Cellist YoYo Ma's Silk Road project I hasten to add]. The Armory & Silk Road are nearly impossible to get to, and completely anonymous. In fact the Armory in particular is so bad that even the Silk Road guys selling drugs online considered it as something to spin off rather than keep within their owned & operated family of sites. The Armory is "the" place on the dark web to purchase ammunition, guns, explosives etc [this is based on a bit of cursory research by me off of the "regular" Internet, so please do not go about wondering if I know anything more than this!]. With some Internet searching it seems one can figure out with some persistence how to purchase AK-47s, Bushmaster rifles, Glocks, Berettas or even a grenade from some of these "off off off Broadway" websites for Guns 'n Drugs and get it shipped to a home anywhere on earth. The BitCoin or other electronic-only methods of "crypto-currency" are the means of payment on such sites. Such currency exchanges are user-2-user where funds can be exchanged with one another without needing a middleman so to say.

Source: A quick image search for "The Armory" on Google

It is not easy to access such web-sites that can only be accessed via Tor, the browser-du-jour for criminals. As explained in the section above, the Tor software puts one through a globetrotting conundrum of routing and re-routing so complex it makes the source computer nearly impossible to pinpoint. The website address of the Armory is ayjkg6ombrsahbx2.onion, not exactly easy to remember and I am assuming criminals are not "bookmarking" this URL in their browser favorites list. The site apparently also wants you to convert your BitCoins into a form of obligatory currency that further warrants a level of technical expertise possessed by nobody other than the die hard persistent criminals. And you are not exactly receiving a nicely wrapped Zappos box with 365 day return shipping holding your gun inside. It's sent in pieces hidden inside packages over a period of time to be assembled by the receiver after the final piece has been received. So friends, this is not exactly like stepping into those gun shows you see while channel surfing late night TV and walking out with a rifle or making a purchase on Amazon or Zappos.com.

Protecting Freedom by Taking it Away

The finger of blame for our inability to track terrorist communications and illegal commerce transactions should not be pointed solely at technology in the same way that paper shredders couldn't be blamed for damaging national security several decades ago.

The biggest problem is that our modern Internet communications are evolving quickly and outpacing the laws that allow governments to intercept lawful content. Leaders such as UK Prime Minister David Cameron appear both naive and foolish by announcing a desire to ban encryption, something that is not only impossible but also promotes the bizarre theory of protecting our freedom by taking it away. 

A letter signed by technology industry leaders and advocacy organizations such as Google, Twitter, Facebook, Microsoft, Apple, Dropbox, LinkedIn & Tumblr, was sent to President Obama advising how the removal of security by encryption will actually weaken consumer protection from a countless number of crimes.

The crime scene of the 21st century leaves a trail of digital footprints rather than physical ones and the same tools that protect us are being exploited by those on the wrong side of the law to cover their tracks. I have no doubt that behind the scenes there will be someone looking into building backdoor access to our encrypted data that will also delight and horrify in equal measure depending on your point of view. 

Social Media

The spreading of radicalization on social media is causing increasing concern with a reported 90,000 Twitter accounts being controlled by ISIS to target and recruit young people into a war where hashtags are becoming the new weapons. In fact in a recent analysis by the Brookings Institute, the US and UK are the only two western countries in the top 10 from where the maximum number of Pro-ISIS tweets seem to have emanated.

Over in the UK, Home Secretary Theresa May, the British Conservative Party politician is reviving the so-called snoopers charter that will provide police and spies access to a year’s worth of your web browsing history. This is causing a heated debate between those that are willing to sacrifice their privacy for a slice of protection and those who believe that privacy both online and offline are stalwarts to their freedom.

Hackers

Meanwhile the group of hackers known as Anonymous have diverted their attention to ISIS by taking down websites, tagging Twitter accounts, locating propaganda videos and infiltrating jihadi forums prompting some to wonder if a hactivist group really could take down one of the worlds deadliest terrorist organizations.

Bottom Line

What ever your viewpoint on the rights and wrongs of surveillance and who can or cannot access your data, the one thing that we can all agree on is that it is time for everyone in the world to unite against terrorism. Ironically our biggest weapon against this enemy is our freedom itself.

If you liked reading this blog then you might also like to read my blog that discusses the issue of the Internet as the new battlefield for cyber terrorism and warfare.

I write a daily LinkedIn blog on everything that concerns our business lives. If my writing helps you, please feel free to follow me on LinkedIn or on twitter.