ISIS's Encrypted Messaging App Isn't Real; But Backdooring Encryption Still Won't Help The NSA

from the be-real dept

So we recently reported on a claim that ISIS had been spotted making use of their very own encrypted messaging app, and highlighting how totally useless US laws requiring tech companies to backdoor encryption would be in that situation. However, it turns out that we should have been a lot more skeptical of the original report, coming from a single sourced security company. Over the years, we’ve learned that single-sourced security company claims are often highly suspect, and designed much more to get attention or increase FUD, than based on any real issue. The good folks over at Daily Dot are now reporting that this encrypted messaging app doesn’t really appear to exist, and their investigation is pretty thorough and fairly convincing. Just like the claims that ISIS had a “training manual for encryption,” this claim appears to be false.

That said, it still doesn’t mean that ISIS is actually relying on encrypted apps that would be opened up by a US legal change requiring encryption backdoors. As we noted in our last post, research from the Open Technology Institute showed that almost all the popular encrypted communications app that were named as being used by ISIS were either open source or not maintained by a US company, meaning any such law would be basically meaningless to ISIS folks trying to communicate.

And given the open source nature of many of those apps, it wouldn’t be surprising at all to find out that, eventually, someone forks an existing project to create a separate one relied on by ISIS. And none of that would be impacted by US laws anyway. So the only impact would be on weakening the safety and security of Americans who rely on encryption every day to keep themselves safe.

Filed Under: , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “ISIS's Encrypted Messaging App Isn't Real; But Backdooring Encryption Still Won't Help The NSA”

Subscribe: RSS Leave a comment
Anonymous Coward says:

Re: Re: Re:

It’s the name they want to be called as it seems to imply they’re a legitimate “State”.

DAESH is the acronym for the same thing in their native tongue but has pun-like connotations with the word for “coward”.

It’s similar to how we call the MPAA/RIAA the MAFIAA because it mocks them by alluding they are something we see them as vs. what they want to be seen as.

Uriel-238 (profile) says:

Re: Re: Re: Calling The Islamic State "Daesh" or whatever.

When I’m talking about ISIL or any entity, I’m inclined to name them by a neutrak or respectful term since I want to focus on my specific point.

The Islamic State is an organization intent on global conquest and the erection of a society against which I have clear conflicting interests (given I want a society that celebrates pluralism and social equality). Giving ISIL a name would only distract from this point.

I do think it is appropriate to mock methods such as Hollywood Accounting since that serves as a mnemonic and shorthand of a terrible practice. Hollywood accounting is cause to despise the MPAA and IP law, and is part of an argument.

Anonymous Coward says:

Just backdoor the encryption already!

This going dark “problem” is flipping simple to fix.

1. Create a “secure” messaging application that has a hidden back door.
2. Infiltrate ISIS, share secure messaging app with them.
3.Release news articles about how this new messaging app that ISIS is using is uncrackable.
4.Pat yourself on the back for a job well done

Maybe step 3 is whats really going on here?

This is not that difficult to pull off, everyone trusted TrueCrypt until the people behind it said its insecure.

chris (profile) says:

Re: Just backdoor the encryption already!

In computer encryption there is no such thing as a secret back door.

I’ll use a very very simplistic example of a “secret back door” in an encryption algorithm. When a hacker goes through the encryption algorithm that has no back door (again extremely simplistic) this is what it would look like metaphorically of coures.

with a good encryption there are no holes or back doors.

Now your encryption with a back door


This is how easy it is for an expirenced hacker to find the secrete back door.

any hole in encryption is like taping your house key to your front door after locking it. not under the matt taped to the door

not so easy now is it?

Ariel Nahal says:

Daesh sticks with Telegram, pkTron, ICQ, tor

Rumour has it that both friend and foe (daesh,anonymous,…) are mostly using ICQ (stupid), Telegram Messenger (a bit less stupid) and PkTron Chatstream (smarter) via Tor browser or vpn. Both Telegram’s and PkTron’s owners/administrators/sysops are the real weak links. Even better than a backdoor is an inside man… Having said that, I guess they use pkTron for the anonymity and obfuscation. Hiding / cloaking possibly beats encryption anyway.


Uriel-238 (profile) says:

Re: Re: Foreign language?

Our intel guys can’t speak Arabic or Farsi?

Not that rare foreign languages haven’t been famously used as military encryption. The US use of Native American code talkers served to be the strongest obfuscation of WWII transmitted communication.

But I don’t think any Middle Eastern languages are obscure enough to be implemented that way. I could be wrong. I know a Dane whose family speaks a dying language used only in a single village, not that anyone ever hire the villagers to send obscured communications.

Uriel-238 (profile) says:

Re: It's not about deserve.

Maybe it’s because I’m more respectful than they are.

To be fair, at the government level respect is commanded not by gentle regard (or crimes against humanity) but by brute force, and they do seem to be holding territory despite our efforts to depose them.

And the US continues a drone strike program in at least two theaters that annihilates civilians at a greater rate than gun fatalities in the US, and we continue to detain and torture people without due process. So our own record of humane treatment and war crimes is direly lacking as well.

The US doesn’t have the moral high ground, and we can’t really say that the US is even pushing for a more egalitarian system anymore, they’re just more subject to pressure.

So yeah, what members of the Islamic State might do to my family is not very relevant. What the US would do to my family (were I on the other side) is pretty bad.

And as I noted, my point is not that either one has a derisible name, but that they both engage in derisible behavior. Both really shitty when it comes to confining the devastation and massacre from their conflict to just belligerent forces. In fact both sides seem eager to make a big mess that affects everyone.

I think that if I point that out without mocking them in the meantime, it keeps the focus on aforementioned mess.

Pixelation says:

Re: Re: It's not about deserve.

The only thing I can come up with that they deserve, is pity.

The drone strikes are questionable and Guantanamo a blight on the US record. The DAESH have intentionally killed Christians and raped hundreds of innocent young girls. Did I mention drowning prisoners and throwing gay men off of buildings. DAESH are sick animals.

Back on topic, the US should still not undermine encryption because of these lowlife scum.

Uriel-238 (profile) says:

Re: Re: Re: As I said, it's not about deserve.

Guantanamo is not a blight. Camp delta still exists. We’re still detaining and torturing people. This is a thing that continues to go on.

And any dubiousness of drone strikes is because we choose not to look very hard at it. Though we do like to count bugsplats. (Yes, we really do call drone-strike victims that.)

The US massacres villages full of children on the intel that there’s a village there. Not because there’s someone we want to kill, though that would still be horrific. But because we don’t know that we don’t want to kill them. So we presume that we do. We strike at maximum range without any clear idea of what we’re striking at or who it is.

We could stop the CIA drone strike program today. We’d lose no strategic ground for it and lots of people would have a better year for it. The only reason we don’t because our government likes massacring brown people.

The Islamic State are evil shits. But the US is batting well into the evil shit threshold as well. It’s a shitty war and neither side has a moral high ground.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...