You are here

Dark Web and Encrypted Apps: ISIS Communicates in the Black

Munish Sharma is Consultant at the Manohar Parrikar Institute for Defence Studies and Analyses, New Delhi. Click here for detailed profile
  • Share
  • Tweet
  • Email
  • Whatsapp
  • Linkedin
  • Print
  • February 02, 2016

    Seven coordinated terror attacks startled Paris in November 2015. ISIS claimed responsibility for the attack, which left 130 people dead and a few questions unanswered. The entire planning and execution of the Paris attacks went on right under the nose of French and Belgian intelligence agencies and police. Investigations have revealed the inability of the police and intelligence agencies to keep track of individuals returning from ISIS-held territories in Syria and Iraq. Six of the seven Paris attackers identified so far had spent time in Syria.1 The inability of the law enforcement apparatus to intercept terrorist communications has led to many speculations, including the probable use of the Dark Web or encrypted messaging apps.

    Dark Web, emerging out of the networks isolated or hidden from the Internet, has attracted criminal syndicates and terrorist organisations for a host of activities varying from confidential information sharing to fund raising through crypto-currencies and illicit goods trade to malware trade. James Comey, Director of the Federal Bureau of Investigation (FBI) of the United States, asserted that quite some activities over the Internet have gone dark and eventually terrorists have become better at covert communications.2 The identities, communication and transactions over the Dark Web are anonymous, an ideal ecosystem for technologically-proficient terrorist groups like ISIS to enable and support their nefarious activities. Along with this, communication is critical to the overall planning and execution of terrorist operations; it is often intercepted to uncover the network of operatives.


    In technical terms, communication takes place over public networks, such as mobile networks, PSTN3 and Internet, in the form of voice, text or multimedia. A secure communication channel enables users to communicate their private messages over these public networks. Encryption is employed in voice or messaging applications to ensure the security of the voice or data communication, be it over the Internet or mobile telephony networks. A weaker encryption is easy to break once intercepted. Most smart-phones can run messaging apps like surespot4 and telegram,5 built with strong end-to-end encryption and using custom protocols. Not surprisingly, terrorist organisations now keep a tab on these innovations and are becoming adept in their usage and configuration.

    ISIS as a terrorist organisation survives on effective, clandestine and secure communications. It understands the importance of secure communication and has, therefore, been very circumspect about it. In a recently published document, entitled “Several Cyber Security to Protect your Account in the Social Networking”6 , a group affiliated to ISIS has issued a kind of advisory to its operatives as to why and how should communication be secured with changes in the settings of smart phones and the use of some open source apps. In a nutshell, the document sensitises everyone associated with the terrorist organisation about precautions while using Twitter, installation of apps, configuring passwords and foiling simple phishing attacks. The document explains simple steps such as how to disable the “location services” of a smartphone so that the camera image does not reveal any information about the geographical location of the place where the image has been taken. Given the weak encryption schemes of signals over GSM7 networks, the group has advised the use of CryptoPhone, an encrypted phone to ensure secure voice communication over the widely available GSM networks.

    The document hands out simple illustrations to configure easily available security measures, including Tor8 browser for the Dark Web, hard drive or flash drive encryption (using VeraCrypt, TrueCrypt, Hardskat), email alternatives (such as Hushmail and ProtonMail), cyber security of voice communication (using Linphone, Silent Circle or RedPhone), and security of information or data stored on Cloud (using MEGA or SpiderOak). There is a high likelihood of ISIS operatives, potential recruits and sympathizers already using these apps and tools securing their virtual identities, data on computers and, most important, their communication with each other.

    Last week, almost 20 ISIS operatives were arrested in a country-wide crackdown led by the National Investigation Agency (NIA). These operatives had been on surveillance with the help of leads from the Central Intelligence Agency (CIA), which actively tracks phones and IP addresses in the conflict zones of Syria and Iraq. As ISIS strives to spread its tentacles in India, it would definitely build up a network of sympathisers and probable recruits, connected digitally with its operatives spread across the globe and available online round the clock. This network would again tend to sprout in the dark. Given the pace of innovation in technology products for mobile platforms and the proven dexterity of ISIS in these products and applications, the question arises whether our intelligence and law enforcement apparatus has the technological means and know-how to tackle the looming threat from the ISIS.

    Views expressed are of the author and do not necessarily reflect the views of the IDSA or of the Government of India.

    • 1. Paris Attacks: Intelligence Agencies Forced to Rethink Tracking of ISIS,” Financial Times, November 19, 2015, accessed on January 22, 2016
    • 2.How French intelligence agencies failed before the Paris attacks,” The Guardian, November 19, 2015, accessed on January 22, 2016.
    • 3. Public Switched Telephone Network (PSTN) is the world's collection of interconnected voice-oriented public telephone networks, both commercial and government-owned. See, “PSTN”, , accessed on February 02, 2016.
    • 4. The identity, chat and data on phone is encrypted message using AES 256bit GCM with a PKCS5S2 key. See, “How surespot Works,” , accessed on January 28, 2016.
    • 5. Encryption is based on 256-bit symmetric AES encryption, RSA 2048 encryption, and Diffie–Hellman secure key exchange. See “FAQ for the Technically Inclined,” , accessed on January 28, 2016.
    • 6.Several Cyber Security to Protect your Account in the Social Networking”, A guide to enabling online security measures, translated into English by analysts at the Combating Terrorism Center, September 14, 2015, , accessed on January 07, 2016.
    • 7. GSM (Global System for Mobile communications) is an open, digital cellular technology used for transmitting mobile voice and data services all over the world, see “GSM”, , accessed on January 07, 2016.
    • 8. The Tor software protects the user communications around a distributed network of relays, and prevents the Internet connection or the sites user has visited from unwanted/unauthorised access, see “What is the Tor Browser?”, accessed on February 02, 2016.