ISIS's Encrypted Messaging App Isn't Real; But Backdooring Encryption Still Won't Help The NSA

from the be-real dept

So we recently reported on a claim that ISIS had been spotted making use of their very own encrypted messaging app, and highlighting how totally useless US laws requiring tech companies to backdoor encryption would be in that situation. However, it turns out that we should have been a lot more skeptical of the original report, coming from a single sourced security company. Over the years, we've learned that single-sourced security company claims are often highly suspect, and designed much more to get attention or increase FUD, than based on any real issue. The good folks over at Daily Dot are now reporting that this encrypted messaging app doesn't really appear to exist, and their investigation is pretty thorough and fairly convincing. Just like the claims that ISIS had a "training manual for encryption," this claim appears to be false.

That said, it still doesn't mean that ISIS is actually relying on encrypted apps that would be opened up by a US legal change requiring encryption backdoors. As we noted in our last post, research from the Open Technology Institute showed that almost all the popular encrypted communications app that were named as being used by ISIS were either open source or not maintained by a US company, meaning any such law would be basically meaningless to ISIS folks trying to communicate.
And given the open source nature of many of those apps, it wouldn't be surprising at all to find out that, eventually, someone forks an existing project to create a separate one relied on by ISIS. And none of that would be impacted by US laws anyway. So the only impact would be on weakening the safety and security of Americans who rely on encryption every day to keep themselves safe.

Filed Under: backdoors, encryption, going dark, isis, messaging


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Pixelation, 29 Jan 2016 @ 9:27am

    Even if the DAESH (let's stop calling them ISIS) had an app that had encryption the NSA couldn't break, it would be a bad reason to break all encryption.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 29 Jan 2016 @ 11:07am

      Re:

      let's stop calling them ISIS

      Why?

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 29 Jan 2016 @ 11:26am

        Re: Re:

        It's the name they want to be called as it seems to imply they're a legitimate "State".

        DAESH is the acronym for the same thing in their native tongue but has pun-like connotations with the word for "coward".

        It's similar to how we call the MPAA/RIAA the MAFIAA because it mocks them by alluding they are something we see them as vs. what they want to be seen as.

        reply to this | link to this | view in chronology ]

        • icon
          Uriel-238 (profile), 29 Jan 2016 @ 11:54am

          Calling The Islamic State "Daesh" or whatever.

          When I'm talking about ISIL or any entity, I'm inclined to name them by a neutrak or respectful term since I want to focus on my specific point.

          The Islamic State is an organization intent on global conquest and the erection of a society against which I have clear conflicting interests (given I want a society that celebrates pluralism and social equality). Giving ISIL a name would only distract from this point.

          I do think it is appropriate to mock methods such as Hollywood Accounting since that serves as a mnemonic and shorthand of a terrible practice. Hollywood accounting is cause to despise the MPAA and IP law, and is part of an argument.

          reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 29 Jan 2016 @ 10:37am

    Just backdoor the encryption already!

    This going dark "problem" is flipping simple to fix.

    1. Create a "secure" messaging application that has a hidden back door.
    2. Infiltrate ISIS, share secure messaging app with them.
    3.Release news articles about how this new messaging app that ISIS is using is uncrackable.
    4.Pat yourself on the back for a job well done

    Maybe step 3 is whats really going on here?

    This is not that difficult to pull off, everyone trusted TrueCrypt until the people behind it said its insecure.

    reply to this | link to this | view in chronology ]

    • identicon
      chris, 1 Feb 2016 @ 1:49am

      Re: Just backdoor the encryption already!

      In computer encryption there is no such thing as a secret back door.

      I'll use a very very simplistic example of a "secret back door" in an encryption algorithm. When a hacker goes through the encryption algorithm that has no back door (again extremely simplistic) this is what it would look like metaphorically of coures.

      22222222222
      22222222222
      22222222222
      with a good encryption there are no holes or back doors.

      Now your encryption with a back door

      22222222222
      22222223222
      22222222222

      This is how easy it is for an expirenced hacker to find the secrete back door.

      any hole in encryption is like taping your house key to your front door after locking it. not under the matt taped to the door

      not so easy now is it?

      reply to this | link to this | view in chronology ]

  • identicon
    Ariel Nahal, 29 Jan 2016 @ 11:02am

    Daesh sticks with Telegram, pkTron, ICQ, tor

    Rumour has it that both friend and foe (daesh,anonymous,...) are mostly using ICQ (stupid), Telegram Messenger (a bit less stupid) and PkTron Chatstream (smarter) via Tor browser or vpn. Both Telegram's and PkTron's owners/administrators/sysops are the real weak links. Even better than a backdoor is an inside man... Having said that, I guess they use pkTron for the anonymity and obfuscation. Hiding / cloaking possibly beats encryption anyway.

    Ariel.

    reply to this | link to this | view in chronology ]

    • icon
      Monday (profile), 30 Jan 2016 @ 1:16pm

      Re: Daesh sticks with Telegram, pkTron, ICQ, tor

      You forgot using "Land Lines and speaking foreign language."

      reply to this | link to this | view in chronology ]

      • icon
        Uriel-238 (profile), 30 Jan 2016 @ 4:36pm

        Foreign language?

        Our intel guys can't speak Arabic or Farsi?

        Not that rare foreign languages haven't been famously used as military encryption. The US use of Native American code talkers served to be the strongest obfuscation of WWII transmitted communication.

        But I don't think any Middle Eastern languages are obscure enough to be implemented that way. I could be wrong. I know a Dane whose family speaks a dying language used only in a single village, not that anyone ever hire the villagers to send obscured communications.

        reply to this | link to this | view in chronology ]

  • identicon
    Pixelation, 29 Jan 2016 @ 12:56pm

    "I'm inclined to name them by a neutrak or respectful term "

    Because you respect them? I'm sure DAESH would happily remove your head and rape your young sister or daughter anyway. They deserve neither neutrality or respect.

    reply to this | link to this | view in chronology ]

    • icon
      Uriel-238 (profile), 29 Jan 2016 @ 1:18pm

      It's not about deserve.

      Maybe it's because I'm more respectful than they are.

      To be fair, at the government level respect is commanded not by gentle regard (or crimes against humanity) but by brute force, and they do seem to be holding territory despite our efforts to depose them.

      And the US continues a drone strike program in at least two theaters that annihilates civilians at a greater rate than gun fatalities in the US, and we continue to detain and torture people without due process. So our own record of humane treatment and war crimes is direly lacking as well.

      The US doesn't have the moral high ground, and we can't really say that the US is even pushing for a more egalitarian system anymore, they're just more subject to pressure.

      So yeah, what members of the Islamic State might do to my family is not very relevant. What the US would do to my family (were I on the other side) is pretty bad.

      And as I noted, my point is not that either one has a derisible name, but that they both engage in derisible behavior. Both really shitty when it comes to confining the devastation and massacre from their conflict to just belligerent forces. In fact both sides seem eager to make a big mess that affects everyone.

      I think that if I point that out without mocking them in the meantime, it keeps the focus on aforementioned mess.

      reply to this | link to this | view in chronology ]

      • identicon
        Pixelation, 29 Jan 2016 @ 6:17pm

        Re: It's not about deserve.

        The only thing I can come up with that they deserve, is pity.

        The drone strikes are questionable and Guantanamo a blight on the US record. The DAESH have intentionally killed Christians and raped hundreds of innocent young girls. Did I mention drowning prisoners and throwing gay men off of buildings. DAESH are sick animals.

        Back on topic, the US should still not undermine encryption because of these lowlife scum.

        reply to this | link to this | view in chronology ]

        • icon
          Uriel-238 (profile), 29 Jan 2016 @ 8:11pm

          As I said, it's not about deserve.

          Guantanamo is not a blight. Camp delta still exists. We're still detaining and torturing people. This is a thing that continues to go on.

          And any dubiousness of drone strikes is because we choose not to look very hard at it. Though we do like to count bugsplats. (Yes, we really do call drone-strike victims that.)

          The US massacres villages full of children on the intel that there's a village there. Not because there's someone we want to kill, though that would still be horrific. But because we don't know that we don't want to kill them. So we presume that we do. We strike at maximum range without any clear idea of what we're striking at or who it is.

          We could stop the CIA drone strike program today. We'd lose no strategic ground for it and lots of people would have a better year for it. The only reason we don't because our government likes massacring brown people.

          The Islamic State are evil shits. But the US is batting well into the evil shit threshold as well. It's a shitty war and neither side has a moral high ground.

          reply to this | link to this | view in chronology ]

  • identicon
    David, 29 Jan 2016 @ 7:35pm

    It's almost like a movie.

    Specifically: Sneakers. Where they snag a code breaking machine, but figure out that it's only good for breaking codes of US encryption. So who are they really spying on again?

    reply to this | link to this | view in chronology ]

  • icon
    Monday (profile), 30 Jan 2016 @ 1:13pm

    Encryption...

    All this makes me wanna do is check out the ones in the "Safest" column.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Show Now: Takedown
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.