ISIL/ISIS/Daesh says no need for encryption -- but Telegram caves to pressure

ISIL ISIS Telegram encryption

SMS is secure enough, because 72 virgins*

ISIS use of Telegram is the latest bogeyman in the security services' breathless demonization of encryption. But it turns out the self-styled Islamic State of Iraq and the Levant -- some prefer to call it Daesh -- used barely-encrypted SMS to communicate in Paris and Belgium.

But the Telegram app has nuked "78 ISIS-related channels across 12 languages." See? See? End-to-end encryption helps terrorists!

Err, except Telegram isn't end-to-end encrypted. Idiots.

And it gets worse. Telegram closing these IS-themed Channels has probably blocked a valuable source of intelligence.

In IT Blogwatch, bloggers are mad as heck. And they're not gonna take it any more... Not to mention: 'ISIS Is Weak'...

curated these bloggy bits for your entertainment.
[Developing story: Updated 9:21 am PST with more comment]


Dan Froomkin says we've been lied to. In his article, Signs Point to Unencrypted Communications Between Terror Suspects, he implies this whole encryption push is a smokescreen:

News emerging from Paris [the] Belgian ISIS raid in January suggest that the ISIS terror networks...were communicating in the clear, and that the data on their smartphones was not encrypted.

The location of...a suspected safe house...was extracted from a cellphone, apparently belonging to one of the attackers, found in the trash outside the Bataclan concert hall.

Details about the major ISIS terror plot averted 10 months ago in Belgium also indicate that while...Abdelhamid Abaaoud, the suspected strategist...previously attempted to avoid government surveillance, he did not use encryption.

Abaaoud directed the foiled operation there by cellphone from Greece and...his communications were in fact intercepted. ... Some of the telephone conversations that were intercepted used code or obscure...dialects.

When it comes to defeating electronic surveillance, there’s good reason to question his tradecraft.  MORE


Karl Bode is infuriated. His headline says it all -- After Endless Demonization Of Encryption, Police Find Paris Attackers Coordinated Via Unencrypted SMS:

Encryption has continued to be a useful bogeyman.

[But there's] no evidence...that the terrorists used incredibly sophisticated encryption techniques. [And] claims the attackers had used encrypted Playstation 4 communications also wound up being bunk.

Yet amazingly enough, as actual investigative details emerge, it appears that most of the communications...was conducted via unencrypted vanilla SMS.

Existing capabilities stopped the Belgium attacks and could have stopped the Paris attacks. ... To use a tragedy to vilify encryption, push for surveillance expansion, and...make everybody less safe is nearly as gruesome as the attacks themselves.  MORE


Don't worry. The mighty Michelle Quinn has got this. After Paris attacks, technology is the scapegoat:

Blame technology. ... An obvious scapegoat is encryption. ... It's an understandable reaction.

We don't know much about how the attacks were carried out. That hasn't stopped intelligence officers, law enforcement officials and others from calling attention to technology's potential role.

Everyone needs to take a breath. ... Do we want to live in a world where we sacrifice our privacy and...security so that law enforcement has a long-shot chance to stop the next attack?

I don't envy law enforcement. ... But our freedoms are vital too; they make us who we are.  MORE


Were Sean Gallagher and others perhaps misled by security sources? He implies use of "unbreakable" end-to-end encryption -- Telegram encrypted messaging service cracks down on ISIS broadcasts:

In the wake of revelations that groups affiliated with the Islamic State were using the Telegram messaging service to communicate and spread propaganda...the nonprofit...running the service announced that it had moved to block [them].

The channels were identified and blocked in part because of abuse reports filed by Telegram users. ... While the channels are connected to a specific profile by the service, the user can post content...anonymously.  MORE


Encrypted, yes -- but nothing that the NSA can't access under its current powers. In fact, closing the channels down was perhaps an own-goal. The ACLU's Christopher Soghoian clarifies in a series of tweets:

"Channels" on Telegram...were likely a valuable source of intel for govs.

Messages...Group Chats [and] Channels [are] not e-2-e encrypted.

Legislation to ban burners and require mandatory registration of cell phones in 3, 2, 1.....  MORE


Oh. Here we go again. And Trevor Timm sounds ironically impressed:

Masterful PR job by intel agencies, who've spent the last week blaming encryption to cover up their own failings.  MORE


Where's that Golf Clap emoji?


Update: But Sarah Kaplan remembers an inconvenient truth. Pavel Durov, the Telegram honcho, seems to be contradicting himself -- Founder of app used by ISIS once said ‘We shouldn’t feel guilty’:

“I think that privacy, ultimately, and our right for privacy is more important than our fear of...terrorism,” [he said] in September.

“I propose banning words, There’s evidence that they’re being used by terrorists to communicate,” he wrote [after Paris].

Which is why [the] statement from Telegram...is such a surprising reversal:..“We were disturbed to learn that Telegram’s public channels were being used by ISIS to spread their propaganda.”

The statement had a ring of insincerity to it, given Durov’s comments.


And Finally...
'ISIS Is Weak' by Waleed Aly for The Project


You have been reading IT Blogwatch by , who curates the best bloggy bits, finest forums, and weirdest websites… so you don’t have to. Catch the key commentary from around the Web every morning. Hatemail may be directed to @RiCHi or itbw@richi.uk.
Opinions expressed may not represent those of Computerworld. Ask your doctor before reading. Your mileage may vary. E&OE.

From CIO: 8 Free Online Courses to Grow Your Tech Skills
View Comments
Join the discussion
Be the first to comment on this article. Our Commenting Policies