ORIGINAL SIM

Fatal Attraction: ISIS Just Can’t Resist Social Media

From the Taliban to the so-called Islamic State, computers, cellphones, and social media are used as vital weapons—and offer critical vulnerabilities.

01.03.17 5:00 AM ET

“No computer is safe,” Donald Trump told us over the weekend. And nobody knows that better than the world’s terrorists. But at the end of the day, just like the rest of us, they still stay online—and in many cases, fortunately, that costs them.

As ISIS overtook much of Iraq and Syria in 2014, the terrorist organization ran a parallel campaign on the internet from Facebook and Twitter to Telegram and WhatsApp. Social media offered the militants an opportunity to recruit jihadi followers and spread radical interpretations of Islam. Articles in The New York Times, The Wall Street Journal, and The Washington Post foretold the dangers of the caliphate’s rule over internet messaging platforms and social networking services popular with teenagers.

The news media neglected to mention what the militants had risked in their ambitious online venture. In theory, every computer and phone that ISIS used intelligence, law-enforcement, and security agencies could track, passing the information to warplanes stalking the skies of the Middle East.

It emerged last year that the U.S. Air Force was relying on social media to locate and target ISIS command hierarchies. In one incident, a fighter posted a picture of himself in an ISIS operations room with a geotag. American airstrikes hit the military base 22 hours later.

Insurgents across Africa and Asia have struggled to balance the importance of public relations in the Information Age with the dangers of the internet, a cesspool of hackers, informants, and spies. “Surveillance has had a role in the liquidation and murder of a large number of insurgents,” said Nasser Abu Sharif, an official of Palestinian Islamic Jihad (PIJ). “Our military policy is not to carry cellphones, but there are unfortunately some fighters who do not abide by these axiomatic rules.”

The militants who must use cellphones and computers, such as propagandists and spokespeople, find themselves most at risk.

“The social media spokespeople of terrorist organizations are often high on the targets list for drone strikes by the U.S. and others,” noted Dan Gettinger, co-director of the Center for the Study of the Drone at Bard College. “People like Junaid Hussein, Reyad Khan, and even Anwar al-Awlaki all demonstrated their ability at using the internet and social media to spread their message and encourage attacks against their U.K. and U.S. homelands and were all killed in drone strikes.”

The Intercept reported that the CIA and the NSA have cooperated to monitor terrorists’ SIM cards through mass surveillance and metadata. One target was al-Awlaki, the Yemeni–American ideologue of al Qaeda in the Arabian Peninsula killed in a 2011 American airstrike.

The leadership of the Taliban has tried to confuse Western intelligence agencies, distributing SIM cards to random fighters and reshuffling them at impromptu meetings.

“We take a range of measures, such as not communicating classified information over the phone,” Zabihullah Mujahid, the Taliban’s primary spokesman, told The Daily Beast over WhatsApp. “Senior leaders don’t talk on the phone to avoid the tracking of their location.” The Taliban only allows Mujahid and secondary spokesman Qari Muhammad Yousuf Ahmadi to talk to the news media to minimize the risk of airstrikes.

“Well-established terrorist organizations are generally quite conscious of the risks of electronic surveillance and interception and take security measures in response, such as frequent swapping of phones or SIM cards,” said Paul R. Pillar, a former executive assistant to the Director of Central Intelligence. “Such measures do not preclude them from use of social media and the internet for propaganda and recruitment; cut-outs can be used in posting material so that it is difficult to trace key individuals involved.”

But the Taliban’s commitment to cybersecurity has limits. American intelligence agencies last May assassinated Mullah Akhtar Mansour, the insurgents’ previous leader, by intercepting his mobile devices. Mansour’s predecessor, Mullah Muhammad Omar, had avoided a similar fate by living in secrecy; the Taliban even managed to hide news of his 2013 death for two years. Osama bin Laden, Omar’s ally and friend, evaded detection for years by foregoing cellphones (though his aides owned them).

“Any time an individual interacts with information networks, that does present an opportunity for law enforcement or the intelligence community to attempt to identify someone, determine a location, or otherwise gather available electronic information,” observed Susan Hennessey, a former attorney with the NSA.

Taliban spokespeople have lapsed in the past. In 2012, Ahmadi CC’d subscribers to a Taliban email list instead of BCC’ing them, revealing the email addresses of over 400 recipients. In 2014, Zabihullah Mujahid tweeted his location in Pakistan by accident.

“The spread of easy-to-use encryption and other countersurveillance tools allow these groups to develop complex communications networks and reduces the number of mistakes which might be exploited for collection,” Hennessey told The Daily Beast.

Get The Beast In Your Inbox!
By clicking "Subscribe," you agree to have read the Terms of Use and Privacy Policy
Thank You!
You are now subscribed to the Daily Digest and Cheat Sheet. We will not share your email with anyone for any reason

Terrorist organizations prefer application software secured by end-to-end encryption. The putschists in Turkey’s failed coup d’état plotted over WhatsApp. Telegram, an internet messaging platform developed by Russian dissident entrepreneurs, remains a favorite of ISIS.

But both apps come with their own hazards.

Participants in the Taliban’s WhatsApp chatrooms can view the cellphone numbers of all the other members, allowing even the laziest intelligence officer to see with ease who is controlling and following the Taliban’s instant messaging. Gizmodo has also questioned the privacy afforded by Telegram, ranking iMessage as more secure.

As rebels grapple with the pros and cons of media manipulation over the internet, even states without access to the Western world’s high technology are enjoying the benefits of mass surveillance in their bloody counterinsurgencies. Leaders in the Justice and Equality Movement (JEM) and the Sudanese Liberation Movement/Army (SLM/A) alleged that the Sudanese government launched an airstrike in 2011 on Khalil Ibrahim, the most prominent of Darfur’s rebels, after tracking his cellphone.

“The death of Dr. Khalil resulted from the Global Positioning System,” Adam Eissa Abakar, a JEM leader, told The Daily Beast. “When an individual speaks on the telephone, there will be an airstrike within half an hour.”

“The government in Khartoum controls the telecommunications market in Sudan and brought sophisticated surveillance equipment to monitor all calls and messages within the country,” claimed Muhammad Abdulrahman al-Nair, an SLM/A spokesman. He asserted that Sudanese intelligence officers had studied computer and network surveillance in China, Iran, Malaysia, Pakistan, Russia, and South Korea. According to him, the Sudanese government relied on Emirati support to locate Ibrahim.

Elsewhere in Africa, failed states depend on Western intelligence sharing to target well-armed insurgents. “We know that our Libyan enemies are watching our phones, but they couldn’t know this technique without Western help,” asserted Muhammad Idris Taher, a press secretary for the Derna Mujahideen Shura Council, a Libyan militia with alleged links to al Qaeda.

The Middle East Eye confirmed the West’s relationship with Khalifa Haftar, a renegade Libyan warlord and self-proclaimed secularist enemy of jihadis, after obtaining recordings of air traffic controllers with American, British, and French accents directing airstrikes. Human rights defenders accuse Haftar of war crimes in Benghazi and Derna, strongholds of Libya’s Islamist militias.

Vastly outgunned and out-spent by Western militaries and intelligence services, terrorist organizations have embraced high- and low-tech methods of evasion and subversion.

ISIS fooled Europe intelligence agencies into believing that Abdelhamid Abaaoud, who masterminded suicide attacks in Belgium and France, was still in Syria by using his WhatsApp account there after he left. The militants have embraced bitcoin, a cryptocurrency, and the dark web, a system of overlay networks requiring custom software to access.

PIJ has managed to hack Israeli drones, stoking fears of cyberterrorism against Western governments.

For now, however, most terrorists must confront more mundane challenges.

The Ghost Security Group, a hacker organization tied to Anonymous, keeps harassing the Taliban’s websites. It will take some time before insurgents have the capabilities and technologies to respond in kind.

Intelligence agencies, meanwhile, also rely on more traditional methods of espionage.

“Keeping track of recruitment trends and the substance of messaging is the most useful purpose for intelligence and security services of monitoring social media,” Pillar, the former CIA official, told The Daily Beast. “It is not a matter of pros and cons of doing this versus collecting human intelligence,” he notes. Human intelligence is “necessary to learn of any operational plans.”

The collection of defectors, double agents, and informants, has played a critical role in operations such as the assassination of Osama bin Laden. It can explain the interpersonal relationships that signals intelligence might overlook. Still, human intelligence comes with its own risks. A triple agent posing as an informant killed seven Khost-based CIA operatives in a 2009 suicide attack. And there have always been tensions between proponents of human intelligence and signals intelligence: HUMINT vs. SIGINT.

“Successful operations often involve multiple agencies using a variety of specialized methods,” said Hennessey, the former NSA official. “For example, a signals intelligence interception might generate a lead which is then investigated and verified through non-SIGINT methods. Or human intelligence sourcing about a terrorist’s identity and approximate location or use of a particular phone or number might be supplemented with more SIGINT metadata information to determine an exact location.”

Insurgents will always need to prepare countermeasures to protect themselves from the informants living among them and the spies watching their cell phones. Then, Western intelligence, law-enforcement, and security agencies reap the benefits of the terrorists’ strategic errors online.