ISIS's Encrypted Messaging App Isn't Real; But Backdooring Encryption Still Won't Help The NSA

from the be-real dept

Fri, Jan 29th 2016 8:32am — Mike Masnick

So we recently reported on a claim that ISIS had been spotted making use of their very own encrypted messaging app, and highlighting how totally useless US laws requiring tech companies to backdoor encryption would be in that situation. However, it turns out that we should have been a lot more skeptical of the original report, coming from a single sourced security company. Over the years, we've learned that single-sourced security company claims are often highly suspect, and designed much more to get attention or increase FUD, than based on any real issue. The good folks over at Daily Dot are now reporting that this encrypted messaging app doesn't really appear to exist, and their investigation is pretty thorough and fairly convincing. Just like the claims that ISIS had a "training manual for encryption," this claim appears to be false.

That said, it still doesn't mean that ISIS is actually relying on encrypted apps that would be opened up by a US legal change requiring encryption backdoors. As we noted in our last post, research from the Open Technology Institute showed that almost all the popular encrypted communications app that were named as being used by ISIS were either open source or not maintained by a US company, meaning any such law would be basically meaningless to ISIS folks trying to communicate.

And given the open source nature of many of those apps, it wouldn't be surprising at all to find out that, eventually, someone forks an existing project to create a separate one relied on by ISIS. And none of that would be impacted by US laws anyway. So the only impact would be on weakening the safety and security of Americans who rely on encryption every day to keep themselves safe.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: backdoors, encryption, going dark, isis, messaging

15 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Pixelation, 29 Jan 2016 @ 9:27am

Even if the DAESH (let's stop calling them ISIS) had an app that had encryption the NSA couldn't break, it would be a bad reason to break all encryption.
[ link to this | view in chronology ]
- Anonymous Coward, 29 Jan 2016 @ 11:07am
  
  Re:
  let's stop calling them ISIS
  
  Why?
  [ link to this | view in chronology ]
  - Anonymous Coward, 29 Jan 2016 @ 11:26am
    
    Re: Re:
    It's the name they want to be called as it seems to imply they're a legitimate "State".
    
    DAESH is the acronym for the same thing in their native tongue but has pun-like connotations with the word for "coward".
    
    It's similar to how we call the MPAA/RIAA the MAFIAA because it mocks them by alluding they are something we see them as vs. what they want to be seen as.
    [ link to this | view in chronology ]
    - Uriel-238 (profile), 29 Jan 2016 @ 11:54am
      
      Calling The Islamic State "Daesh" or whatever.
      When I'm talking about ISIL or any entity, I'm inclined to name them by a neutrak or respectful term since I want to focus on my specific point.
      
      The Islamic State is an organization intent on global conquest and the erection of a society against which I have clear conflicting interests (given I want a society that celebrates pluralism and social equality). Giving ISIL a name would only distract from this point.
      
      I do think it is appropriate to mock methods such as Hollywood Accounting since that serves as a mnemonic and shorthand of a terrible practice. Hollywood accounting is cause to despise the MPAA and IP law, and is part of an argument.
      [ link to this | view in chronology ]
Anonymous Coward, 29 Jan 2016 @ 10:37am

Just backdoor the encryption already!
This going dark "problem" is flipping simple to fix.

1. Create a "secure" messaging application that has a hidden back door.
2. Infiltrate ISIS, share secure messaging app with them.
3.Release news articles about how this new messaging app that ISIS is using is uncrackable.
4.Pat yourself on the back for a job well done

Maybe step 3 is whats really going on here?

This is not that difficult to pull off, everyone trusted TrueCrypt until the people behind it said its insecure.
[ link to this | view in chronology ]
- chris, 1 Feb 2016 @ 1:49am
  
  Re: Just backdoor the encryption already!
  In computer encryption there is no such thing as a secret back door.
  
  I'll use a very very simplistic example of a "secret back door" in an encryption algorithm. When a hacker goes through the encryption algorithm that has no back door (again extremely simplistic) this is what it would look like metaphorically of coures.
  
  22222222222
  22222222222
  22222222222
  with a good encryption there are no holes or back doors.
  
  Now your encryption with a back door
  
  22222222222
  22222223222
  22222222222
  
  This is how easy it is for an expirenced hacker to find the secrete back door.
  
  any hole in encryption is like taping your house key to your front door after locking it. not under the matt taped to the door
  
  not so easy now is it?
  [ link to this | view in chronology ]
Ariel Nahal, 29 Jan 2016 @ 11:02am

Daesh sticks with Telegram, pkTron, ICQ, tor
Rumour has it that both friend and foe (daesh,anonymous,...) are mostly using ICQ (stupid), Telegram Messenger (a bit less stupid) and PkTron Chatstream (smarter) via Tor browser or vpn. Both Telegram's and PkTron's owners/administrators/sysops are the real weak links. Even better than a backdoor is an inside man... Having said that, I guess they use pkTron for the anonymity and obfuscation. Hiding / cloaking possibly beats encryption anyway.

Ariel.
[ link to this | view in chronology ]
- Monday (profile), 30 Jan 2016 @ 1:16pm
  
  Re: Daesh sticks with Telegram, pkTron, ICQ, tor
  You forgot using "Land Lines and speaking foreign language."
  [ link to this | view in chronology ]
  - Uriel-238 (profile), 30 Jan 2016 @ 4:36pm
    
    Foreign language?
    Our intel guys can't speak Arabic or Farsi?
    
    Not that rare foreign languages haven't been famously used as military encryption. The US use of Native American code talkers served to be the strongest obfuscation of WWII transmitted communication.
    
    But I don't think any Middle Eastern languages are obscure enough to be implemented that way. I could be wrong. I know a Dane whose family speaks a dying language used only in a single village, not that anyone ever hire the villagers to send obscured communications.
    [ link to this | view in chronology ]
Pixelation, 29 Jan 2016 @ 12:56pm

"I'm inclined to name them by a neutrak or respectful term "

Because you respect them? I'm sure DAESH would happily remove your head and rape your young sister or daughter anyway. They deserve neither neutrality or respect.
[ link to this | view in chronology ]
- Uriel-238 (profile), 29 Jan 2016 @ 1:18pm
  
  It's not about deserve.
  Maybe it's because I'm more respectful than they are.
  
  To be fair, at the government level respect is commanded not by gentle regard (or crimes against humanity) but by brute force, and they do seem to be holding territory despite our efforts to depose them.
  
  And the US continues a drone strike program in at least two theaters that annihilates civilians at a greater rate than gun fatalities in the US, and we continue to detain and torture people without due process. So our own record of humane treatment and war crimes is direly lacking as well.
  
  The US doesn't have the moral high ground, and we can't really say that the US is even pushing for a more egalitarian system anymore, they're just more subject to pressure.
  
  So yeah, what members of the Islamic State might do to my family is not very relevant. What the US would do to my family (were I on the other side) is pretty bad.
  
  And as I noted, my point is not that either one has a derisible name, but that they both engage in derisible behavior. Both really shitty when it comes to confining the devastation and massacre from their conflict to just belligerent forces. In fact both sides seem eager to make a big mess that affects everyone.
  
  I think that if I point that out without mocking them in the meantime, it keeps the focus on aforementioned mess.
  [ link to this | view in chronology ]
  - Pixelation, 29 Jan 2016 @ 6:17pm
    
    Re: It's not about deserve.
    The only thing I can come up with that they deserve, is pity.
    
    The drone strikes are questionable and Guantanamo a blight on the US record. The DAESH have intentionally killed Christians and raped hundreds of innocent young girls. Did I mention drowning prisoners and throwing gay men off of buildings. DAESH are sick animals.
    
    Back on topic, the US should still not undermine encryption because of these lowlife scum.
    [ link to this | view in chronology ]
    - Uriel-238 (profile), 29 Jan 2016 @ 8:11pm
      
      As I said, it's not about deserve.
      Guantanamo is not a blight. Camp delta still exists. We're still detaining and torturing people. This is a thing that continues to go on.
      
      And any dubiousness of drone strikes is because we choose not to look very hard at it. Though we do like to count bugsplats. (Yes, we really do call drone-strike victims that.)
      
      The US massacres villages full of children on the intel that there's a village there. Not because there's someone we want to kill, though that would still be horrific. But because we don't know that we don't want to kill them. So we presume that we do. We strike at maximum range without any clear idea of what we're striking at or who it is.
      
      We could stop the CIA drone strike program today. We'd lose no strategic ground for it and lots of people would have a better year for it. The only reason we don't because our government likes massacring brown people.
      
      The Islamic State are evil shits. But the US is batting well into the evil shit threshold as well. It's a shitty war and neither side has a moral high ground.
      [ link to this | view in chronology ]
David, 29 Jan 2016 @ 7:35pm

It's almost like a movie.
Specifically: Sneakers. Where they snag a code breaking machine, but figure out that it's only good for breaking codes of US encryption. So who are they really spying on again?
[ link to this | view in chronology ]
Monday (profile), 30 Jan 2016 @ 1:13pm

Encryption...
All this makes me wanna do is check out the ones in the "Safest" column.
[ link to this | view in chronology ]