ISIS's Encrypted Messaging App Isn't Real; But Backdooring Encryption Still Won't Help The NSA
from the be-real dept
So we recently reported on a claim that ISIS had been spotted making use of their very own encrypted messaging app, and highlighting how totally useless US laws requiring tech companies to backdoor encryption would be in that situation. However, it turns out that we should have been a lot more skeptical of the original report, coming from a single sourced security company. Over the years, we've learned that single-sourced security company claims are often highly suspect, and designed much more to get attention or increase FUD, than based on any real issue. The good folks over at Daily Dot are now reporting that this encrypted messaging app doesn't really appear to exist, and their investigation is pretty thorough and fairly convincing. Just like the claims that ISIS had a "training manual for encryption," this claim appears to be false.That said, it still doesn't mean that ISIS is actually relying on encrypted apps that would be opened up by a US legal change requiring encryption backdoors. As we noted in our last post, research from the Open Technology Institute showed that almost all the popular encrypted communications app that were named as being used by ISIS were either open source or not maintained by a US company, meaning any such law would be basically meaningless to ISIS folks trying to communicate.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: backdoors, encryption, going dark, isis, messaging
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in thread ]
Just backdoor the encryption already!
1. Create a "secure" messaging application that has a hidden back door.
2. Infiltrate ISIS, share secure messaging app with them.
3.Release news articles about how this new messaging app that ISIS is using is uncrackable.
4.Pat yourself on the back for a job well done
Maybe step 3 is whats really going on here?
This is not that difficult to pull off, everyone trusted TrueCrypt until the people behind it said its insecure.
[ link to this | view in thread ]
Daesh sticks with Telegram, pkTron, ICQ, tor
Ariel.
[ link to this | view in thread ]
Re:
Why?
[ link to this | view in thread ]
Re: Re:
DAESH is the acronym for the same thing in their native tongue but has pun-like connotations with the word for "coward".
It's similar to how we call the MPAA/RIAA the MAFIAA because it mocks them by alluding they are something we see them as vs. what they want to be seen as.
[ link to this | view in thread ]
Calling The Islamic State "Daesh" or whatever.
The Islamic State is an organization intent on global conquest and the erection of a society against which I have clear conflicting interests (given I want a society that celebrates pluralism and social equality). Giving ISIL a name would only distract from this point.
I do think it is appropriate to mock methods such as Hollywood Accounting since that serves as a mnemonic and shorthand of a terrible practice. Hollywood accounting is cause to despise the MPAA and IP law, and is part of an argument.
[ link to this | view in thread ]
Because you respect them? I'm sure DAESH would happily remove your head and rape your young sister or daughter anyway. They deserve neither neutrality or respect.
[ link to this | view in thread ]
It's not about deserve.
To be fair, at the government level respect is commanded not by gentle regard (or crimes against humanity) but by brute force, and they do seem to be holding territory despite our efforts to depose them.
And the US continues a drone strike program in at least two theaters that annihilates civilians at a greater rate than gun fatalities in the US, and we continue to detain and torture people without due process. So our own record of humane treatment and war crimes is direly lacking as well.
The US doesn't have the moral high ground, and we can't really say that the US is even pushing for a more egalitarian system anymore, they're just more subject to pressure.
So yeah, what members of the Islamic State might do to my family is not very relevant. What the US would do to my family (were I on the other side) is pretty bad.
And as I noted, my point is not that either one has a derisible name, but that they both engage in derisible behavior. Both really shitty when it comes to confining the devastation and massacre from their conflict to just belligerent forces. In fact both sides seem eager to make a big mess that affects everyone.
I think that if I point that out without mocking them in the meantime, it keeps the focus on aforementioned mess.
[ link to this | view in thread ]
Re: It's not about deserve.
The drone strikes are questionable and Guantanamo a blight on the US record. The DAESH have intentionally killed Christians and raped hundreds of innocent young girls. Did I mention drowning prisoners and throwing gay men off of buildings. DAESH are sick animals.
Back on topic, the US should still not undermine encryption because of these lowlife scum.
[ link to this | view in thread ]
It's almost like a movie.
[ link to this | view in thread ]
As I said, it's not about deserve.
And any dubiousness of drone strikes is because we choose not to look very hard at it. Though we do like to count bugsplats. (Yes, we really do call drone-strike victims that.)
The US massacres villages full of children on the intel that there's a village there. Not because there's someone we want to kill, though that would still be horrific. But because we don't know that we don't want to kill them. So we presume that we do. We strike at maximum range without any clear idea of what we're striking at or who it is.
We could stop the CIA drone strike program today. We'd lose no strategic ground for it and lots of people would have a better year for it. The only reason we don't because our government likes massacring brown people.
The Islamic State are evil shits. But the US is batting well into the evil shit threshold as well. It's a shitty war and neither side has a moral high ground.
[ link to this | view in thread ]
Encryption...
[ link to this | view in thread ]
Re: Daesh sticks with Telegram, pkTron, ICQ, tor
[ link to this | view in thread ]
Foreign language?
Not that rare foreign languages haven't been famously used as military encryption. The US use of Native American code talkers served to be the strongest obfuscation of WWII transmitted communication.
But I don't think any Middle Eastern languages are obscure enough to be implemented that way. I could be wrong. I know a Dane whose family speaks a dying language used only in a single village, not that anyone ever hire the villagers to send obscured communications.
[ link to this | view in thread ]
Re: Just backdoor the encryption already!
I'll use a very very simplistic example of a "secret back door" in an encryption algorithm. When a hacker goes through the encryption algorithm that has no back door (again extremely simplistic) this is what it would look like metaphorically of coures.
22222222222
22222222222
22222222222
with a good encryption there are no holes or back doors.
Now your encryption with a back door
22222222222
22222223222
22222222222
This is how easy it is for an expirenced hacker to find the secrete back door.
any hole in encryption is like taping your house key to your front door after locking it. not under the matt taped to the door
not so easy now is it?
[ link to this | view in thread ]