ISIS Now Has Its Own Encrypted Messaging App; Doubt They'll Abide By Politicians' Demands For Backdoors

from the just-saying... dept

As law enforcement and politicians still keep pushing American companies to backdoor encryption, making the technology less secure and more dangerous for everyone, no one has explained how this will actually help in stopping terrorists from communicating secretly. Back in December, the Open Technology Institute released a paper that detailed how so many encrypted messaging systems were either open source or not controlled by US companies. It even took a WSJ report on the messaging apps that ISIS apparently was "recommending" to people and noted how most of them are not controllable by US laws:
And, of course, it should come as little surprise that some security folks are reporting that they've spotted a new secure messaging app that appears to have been created by ISIS itself:
ISIS has a new Android app for exchanging secure messages, joining another app that distributes propaganda and recruiting material, according to a counterterrorism network called the Ghost Security Group.
While the report notes that the app is "rudimentary" that doesn't mean it won't be improved over time. But, more importantly, it highlights that efforts to backdoor or undermine encryption on American companies certainly won't do a damn thing to stop ISIS from communicating securely. Yes, some will argue that ISIS' homegrown encrypted messaging apps are probably much more vulnerable to NSA cracking, but it still doesn't change the fact that demanding backdoors into US companies messaging systems won't magically lead to uncovering ISIS communications. It will just make Americans less secure.

Reader Comments (rss)

(Flattened / Threaded)

  1. identicon
    Anonymous Coward, Jan 21st, 2016 @ 10:41am

    Well, if it's made by ISIS, you can assume it's probably secure. They could get a lot of funding by selling it to the public.

    reply to this | link to this | view in thread ]

  2. identicon
    teknosapien, Jan 21st, 2016 @ 10:56am

    See what happens when politicians

    See what happens when we open our mouths we bring attention to a potential issue to our enemies, and they've take steps to avoid getting caught. I'm guessing they never, ever thought about encrypting their messages until US government officials started bitching about it to the media. Way to go law enforcement for making us more un-safe with your rhetorical dribble and whining

    reply to this | link to this | view in thread ]

  3. identicon
    Anonymous Coward, Jan 21st, 2016 @ 10:57am

    deep packet decryption will determine what type of encryption is used and if its approved by the home land.

    reply to this | link to this | view in thread ]

  4. identicon
    Anonymous Coward, Jan 21st, 2016 @ 10:57am

    ISIS are not the terrorists that worry the US politicians, but rather those who organise peaceful protests against their proposed laws. The SOPA style protests are what they wish to prevent, and TPP is coming up...

    reply to this | link to this | view in thread ]

  5. identicon
    Anonymous Coward, Jan 21st, 2016 @ 11:07am

    Network layers principle [was Re: ]

    deep packet decryption will determine what type of encryption is used and if its approved by the home land.
    In Networking 101, undergraduates learn about the layering principle in protocol stacks. You learn how to a higher-level protocol employs services from a lower layer to wrap its messages: TCP over IP to give an example.

    Any protocol designer (even an undergraduate!) should find it obvious that a bespoke-encryptation protocol message may be carried over a general-distribution-encryptation layer.

    If you're doing packet inspection deep enough to break through the approved-for-public-use encrypted layer, then what the fucking-fuck? The approved-for-public-use encrypted layer must not be worth a damn.

    reply to this | link to this | view in thread ]

  6. identicon
    Anonymous Coward, Jan 21st, 2016 @ 11:10am

    Politicians better ramp up all the fear mongering for golden keys and back-doors everywhere to catch up. /s

    I wish we had an agency in the government who's responsibility was code breaking so we could tackle such a problem.

    reply to this | link to this | view in thread ]

  7. icon
    sehlat (profile), Jan 21st, 2016 @ 11:12am

    When encryption is outlawed, only outlaws will have encryption.

    I wonder why nobody ever thought of that.

    reply to this | link to this | view in thread ]

  8. identicon
    Anonymous Coward, Jan 21st, 2016 @ 11:17am

    Don't be surprised when the politicians start demanding bans on foreign and open source software. When all you have is a hammer...

    reply to this | link to this | view in thread ]

  9. icon
    sehlat (profile), Jan 21st, 2016 @ 11:27am

    Re: See what happens when politicians

    I'm sure they thought of it before brain-dead politicans and others started whining about backdoors.

    After all, drones looking for you, and a willingness to kill everybody in your vicinity as long as they get you is a powerful incentive for secure communications and their continuous improvement.

    reply to this | link to this | view in thread ]

  10. identicon
    Anonymous Coward, Jan 21st, 2016 @ 11:28am

    Re: Network layers principle [was Re: ]

    To make this just a little bit more accessible: Suppose that Alice is reading Techdirt, using a device connected to the 'net via WiFi. The end-to-end connection is HTTPS (HTTP over TLS). The point-to-point connection uses WPA2 (CCMP).

    Eve is passively capturing the WiFi traffic.

    If Eve can identify that Alice is using TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, then GOTO FAIL.

    reply to this | link to this | view in thread ]

  11. identicon
    Anonymous Coward, Jan 21st, 2016 @ 11:33am

    Re:

    > Well, if it's made by ISIS, you can assume it's probably secure.

    Rely on Mighty Isis? That is, at best, magical thinking.

    I'd much rather rely on Batman Encryption. Worst that happens is Things Blow Up, right?

    reply to this | link to this | view in thread ]

  12. icon
    ECA (profile), Jan 21st, 2016 @ 11:33am

    Anyone here?

    Ever watch NEWS from other nations??
    And generally find that it has LESS BS in it??
    EVEN the BBC, has better news about what the USA is doing in other countries, then WE HEAR about.
    There are Many nations that have TV broadcasts, even sponsored by the USA...that have better news then we get.

    reply to this | link to this | view in thread ]

  13. identicon
    Anonymous Coward, Jan 21st, 2016 @ 11:35am

    Re:

    whack the politician in the face?

    reply to this | link to this | view in thread ]

  14. identicon
    Anonymous Coward, Jan 21st, 2016 @ 11:42am

    Decoding ISIS app is done by

    VFVF app, obviously!

    Even Congress knows that rot13 is approved by NIST for top secret files stored in Chappauqua.

    reply to this | link to this | view in thread ]

  15. identicon
    Anonymous Coward, Jan 21st, 2016 @ 11:45am

    I'm sure if ISIS would just work together with the Comey and Silicon Valley, this will get straightened out to everyone's satisfaction.

    reply to this | link to this | view in thread ]

  16. identicon
    Anonymous Coward, Jan 21st, 2016 @ 12:06pm

    Re:

    ISIS needs to think long and hard about their business model.

    reply to this | link to this | view in thread ]

  17. icon
    Not an Electronic Rodent (profile), Jan 21st, 2016 @ 12:16pm

    Gosh!

    Their own encryption? It turns out Mathematics works for everyone... who knew?

    reply to this | link to this | view in thread ]

  18. identicon
    Anonymous Coward, Jan 21st, 2016 @ 12:30pm

    Re:

    Double ROT Thirteen is probably more secure.

    reply to this | link to this | view in thread ]

  19. identicon
    SpaceLifeForm, Jan 21st, 2016 @ 12:36pm

    When encryption is outlawed...

    only outlaws will have compilers.

    reply to this | link to this | view in thread ]

  20. identicon
    BigKeithO, Jan 21st, 2016 @ 12:47pm

    Thanks Snowden! /s

    reply to this | link to this | view in thread ]

  21. identicon
    Digitari, Jan 21st, 2016 @ 12:59pm

    well..

    djfjgu urun ikj> Qxasp 19357



    (You figure it out)

    reply to this | link to this | view in thread ]

  22. identicon
    Anonymous Coward, Jan 21st, 2016 @ 1:04pm

    Re:

    I'm just waiting until someone hacks JP Morgan Chase and steals billions because of the 'invisible backdoor'.

    reply to this | link to this | view in thread ]

  23. identicon
    Anonymous Coward, Jan 21st, 2016 @ 1:12pm

    Re: Re: too big to fail

    This WILL happen at some point, and the government will just throw a couple hundred billion dollars at the "problem" that is too big to fail.

    The problems us little people have is that we don't think big enough, why bother with petty larceny when you can fleece the populace for billions AND get a handout from the government for doing it?

    reply to this | link to this | view in thread ]

  24. identicon
    Anonymous Coward, Jan 21st, 2016 @ 1:25pm

    And that's no surprise...

    Because while they use "terrorism!" as their reason for backdooring encryption, the real goal is so they can go back and read every citizen's encrypted communications post-facto when they want to dig up dirt on someone.

    The vocal politicians may not realize that is the real goal, but whomever is pulling the strings certainly does...

    reply to this | link to this | view in thread ]

  25. icon
    DannyB (profile), Jan 21st, 2016 @ 1:34pm

    Re:

    Shouldn't Google also share the blame? /s

    reply to this | link to this | view in thread ]

  26. identicon
    Anonymous Coward, Jan 21st, 2016 @ 1:35pm

    Re: Re:

    Ha... stealing billions of virtual dollars nets you approximately... nothing.

    This is why we've all moved to credit and debit cards... everything can be traced now, so nobody can move money without leaving a trail for the government to follow.

    reply to this | link to this | view in thread ]

  27. icon
    Jeremy2020 (profile), Jan 21st, 2016 @ 1:39pm

    It might matter more to the politicians if ISIS wasn't just used as a boogeyman to get backing to control American citizens

    reply to this | link to this | view in thread ]

  28. identicon
    Anonymous Coward, Jan 21st, 2016 @ 1:44pm

    Re: well..

    Hey, don't call me that!

    reply to this | link to this | view in thread ]

  29. identicon
    Anonymous Coward, Jan 21st, 2016 @ 1:52pm

    Re: Re: Re: too big to fail

    This WILL happen at some point, and the government will just throw a couple hundred billion dollars at the "problem" that is too big to fail

    What you mean is that the government will throw a couple of hundred billion dollars of tax payers money at the problem.

    reply to this | link to this | view in thread ]

  30. identicon
    Capt ICE Enforcer, Jan 21st, 2016 @ 2:23pm

    No fear

    Citizens of the world. Do not fear the new encryption app that terrorist are using. We will rush thru and pass a law that will protect us.

    Proposed law: SNAFU-4BG&G Or Situation Normal, All Fucked Up for Bad Guys And Girls...

    - Starting immediately, all individuals who plan to do anything that would hurt the feelings of a 2 year old child, or animal, or imaginary friends, or Justin Bieber shall cease all actions which involve encryption. For websites that require encryption your password must be Password123! Failure to obey the law will result in a 3 tier fine.
    1st offense $25.00
    2nd offense $50.00
    All addition offenses will result in a fine of $75.00 and 6 hours of watching the Golden Girls.

    This will surely stop all individuals with bad thoughts.

    Capt ICE Enforcer
    President 2020

    reply to this | link to this | view in thread ]

  31. identicon
    Anonymous Coward, Jan 21st, 2016 @ 2:40pm

    Re: Re:

    Facebook should do something about this!

    reply to this | link to this | view in thread ]

  32. icon
    JBDragon (profile), Jan 21st, 2016 @ 2:53pm

    Re:

    That's why they have the Child Molester to fall back on!!! Have to protect the kids!!! Can't do that if you're phone and data is encrypted. Who these people are sending messages to? "Hey Bob, guess what? I just kidnapped a 6 year old boy and am hanging out at my cabin in the woods! Don't tell anyone now!"

    Darn if we just had a backdoor in that encryption that kids life would be saved!!! We'd be able to read that message and come and save the day!!! HAHAHAHAHA, Ya right, Who would do such a dumb thing? These politicians think everyone is just dumb. Maybe most are as they're in office!!

    Guess what, with a Warrant, in hand, shown to you, you have to Unlock your phone and let them in!!! That's the law!!! They just want to easily spy on everyone on everything looking for anything. Guilty of something or not. With NO warrant. Or some dumb abused warrant that just lets them get away with anything they want.

    reply to this | link to this | view in thread ]

  33. identicon
    Anonymous Coward, Jan 21st, 2016 @ 6:09pm

    Re: Re: Re: too big to fail

    Give a man a gun and he can rob a bank.
    Give a man a bank and he can rob the world.

    reply to this | link to this | view in thread ]

  34. identicon
    Anonymous Coward, Jan 21st, 2016 @ 6:10pm

    Re: Re: Re:

    How naive.

    reply to this | link to this | view in thread ]

  35. identicon
    Anonymous Coward, Jan 21st, 2016 @ 7:55pm

    Re: Re: Re: Re:

    I wanna see it happen like in the movies!

    reply to this | link to this | view in thread ]

  36. identicon
    Mark Wing, Jan 21st, 2016 @ 8:18pm

    None of this would've ever happened if Snowden hadn't created encryption. Now we have to build a golden battering ram.

    reply to this | link to this | view in thread ]

  37. identicon
    Anonymous Coward, Jan 21st, 2016 @ 8:43pm

    Re: Re: Re:

    I keep some money in my bank account (well most of it is a credit margin, don't have a single credit card) so I can buy bitcoins with interac e-transfer. When I graduated my bank was wetting their pants at offering me 125k credit margins....went with the 50k one, and the lowest I ever went was -4000. All this to say i'm in the positive, but just ever barely, because I withdraw my money, and will be doing so even more than before in the future.

    The rest is this plastic-paper mix that is still physical currency, saved right at home. Savings accounts are a joke if you're not depositing 25k in it minimum.

    reply to this | link to this | view in thread ]

  38. identicon
    Anonymous Coward, Jan 21st, 2016 @ 8:47pm

    Re: And that's no surprise...

    What's worse than backdooring encryption is removing it entirely.

    My friends who all did the scan-your-msn-messenger to get your facebook friends thing back in 08-09, and was forced to do so in '10 wasn't so bad when Pidgin with OTR XMMP chat worked with facebook contacts. Now that facebook doesn't allow XMMP protocol chat anymore, it can eat a dick, and I'll never install, even in a linux crossover box, facebook messenger.

    reply to this | link to this | view in thread ]

  39. identicon
    Anonymous Coward, Jan 21st, 2016 @ 8:50pm

    Re: Re:

    Take comfort that for a rare time Canada is worse, and can check your cellphone (make a copy of the drive even) at customs if they feel like it and you don't have a say. Cops can do that with everyone's phone.

    There's many reasons I never bought anything after the Blackberry that came out in 2012, 1) I like real keyboards 2) A hell lot of security reasons.

    reply to this | link to this | view in thread ]

  40. identicon
    Anonymous Coward, Jan 21st, 2016 @ 11:23pm

    Re: Re: Re:

    You miss the point that having such a backdoor is a positive boon to terrorists, because it gives an easy, simple point of failure.

    Plus, if you have this backdoor, then it's possible for that toi be abused to make it much more difficult to trace, as with the root access required by governmental backdoors, root gives you near limitless power over that server.

    reply to this | link to this | view in thread ]

  41. identicon
    Tracey, Jan 21st, 2016 @ 11:37pm

    watching

    I think that I do have a camera at my door only my room I rent is in the back with no lite but my neighbor has been on my step alot at night so I stay up to catch him but Isis is have sent me messages and call me the police have been notified but it will take care of it all this is grew information

    reply to this | link to this | view in thread ]

  42. icon
    That One Guy (profile), Jan 22nd, 2016 @ 1:04am

    Bloodthirsty thugs? Yes. Lawbreakers? Why of course not!

    But, more importantly, it highlights that efforts to backdoor or undermine encryption on American companies certainly won't do a damn thing to stop ISIS from communicating securely. Yes, some will argue that ISIS' homegrown encrypted messaging apps are probably much more vulnerable to NSA cracking, but it still doesn't change the fact that demanding backdoors into US companies messaging systems won't magically lead to uncovering ISIS communications. It will just make Americans less secure.

    Nonsense, clearly after mandatory backdoors in encryption are rolled out, the next step is to make it so that using non-backdoored encryption is illegal. I mean, ISIS may be a group of pathetic butchers, with a habit of killing people that disagree with their thuggery, but surely they wouldn't break the law by continuing to use illegal encryption, right?

    Same with other criminals, sure they may break a few laws here and there, but if the government made using real encryption illegal, I'm sure they'd honor it, and stop there. "We may be willing to break other laws, but violating the law against encryption? That's one step too far!" would be the common response, of this I'm sure.

    reply to this | link to this | view in thread ]

  43. icon
    Ninja (profile), Jan 22nd, 2016 @ 3:41am

    Re: Bloodthirsty thugs? Yes. Lawbreakers? Why of course not!

    That. Either people in the Government are beyond stupid or they aren't targeting ISIS as others mentioned up there. I'm not sure which is worse.

    reply to this | link to this | view in thread ]

  44. identicon
    Anonymous Coward, Jan 22nd, 2016 @ 5:24am

    Re: Re:

    For once they would honestly deserve a bailout. It would be the professional bedwetters who would have caused it then.

    reply to this | link to this | view in thread ]

  45. icon
    That One Guy (profile), Jan 22nd, 2016 @ 7:31am

    Re: Re: Bloodthirsty thugs? Yes. Lawbreakers? Why of course not!

    Between the two, mass idiocy vs dishonesty, I think I'll go with the latter.

    I can absolutely believe that a few of those involved are just that stupid when it comes to encryption, but too many people who should absolutely know better calling for crippling a key safety feature that protects the public under the guise of 'combating crime/terrorism'? No, that I do not buy.

    They aren't stupid, they're dishonest, and they're using the boogiemen to try and frighten people into undermining safety for their sake, not the sake of the public they claim their trying to 'protect'.

    reply to this | link to this | view in thread ]

  46. identicon
    Wendy Cockcroft, Jan 22nd, 2016 @ 7:43am

    Re: Re: Re: Re: too big to fail

    LOL of the week!

    reply to this | link to this | view in thread ]

  47. icon
    icarusthecow (profile), Jan 22nd, 2016 @ 8:22am

    So what they're saying is that open source is material support for terrorism, and that we should ban all open source cryptography tools... right? right!?!? that'll fix everything!

    reply to this | link to this | view in thread ]

  48. icon
    klaus (profile), Jan 22nd, 2016 @ 9:25am

    Re: Anyone here?

    The BBC World Service is quite good. Also, mention the BBC to Rupert Murdoch and he starts frothing.

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
New And For A Limited Time

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.