ISIL’s Online Safety Guidelines

 

 

After the Paris attacks last month, many international counter-terrorism authorities were surprised at the ease of tracking the perpetrators movements after the fact through their use of technology. Over the past years, ISIS operatives have been notoriously hard to track because of their technological proficiency and because of the 34 page handout that all of the new recruits receive. Originally written by a professional security firm to aid journalists and whistleblowers, ISIS has adopted the guide for their own use. The handbook has handy links to tools like Tor, ProtonMail, and other encrypted communication platforms. Alongside this also lie some helpful tips to make tracking harder, like disabling GPS on your cell phone. But the question still remains: if the Paris attackers had access to all of this information, then why was it so easy to track them? Well, that’s simple. Even if someone has access to all of the tools they need, they are useless if not effectively utilized. The attackers communicated thought unencrypted channels and were generally sloppy, making things much easier for the authorities.

-John zumBrunnen

http://www.wired.com/2015/11/isis-opsec-encryption-manuals-reveal-terrorist-group-security-protocols/

Wi-Fi for Tomorrow

There is a new wireless technology being developed and currently tested in Estonia. It is called LiFi and was originally discussed by German physicist Harold Haas in 2011. It is similar to WiFi but instead uses Visible Light Communication. The data is transmitted by LED lights that flicker at an incredibly high rate to send data. This new technology can transmit data at speeds up to 1GBps. The future of this technology could mean having every light bulb made with a microchip that would allow it to transmit data.

Many people have some concerns about the practical use of this type of technology. Because this method relies on visible light, transmissions cannot pass through walls. This is a serious issue for home or office use, and could make the technology much less viable short term.

Another issue is the requirement to always be running lights in order to maintain the network. This would be a potential burden on any business or personal network that might want to use it. Falling asleep to tv in bed could get much more difficult soon.

Joshua James

 

News Week Li-Fi

India Times

South Korea training students to hack for the military

an-instructor-points-to-a-line-of-code-in-the-programming-language-java-displayed-on-a-projection-screen-during-a-cyber-defense-programming-class-in-the-war-room-at-korea-university-in-seoul-south-korea-last-week

In an effort to boost it’s defenses, South Korea has enlisted 120 of it’s most talented programmers, offering full scholarships for 7 years of military service. Korea University’s national cyber-defense department will produce it’s first batch of graduates next year.

This program is just a part of a broader build-up though. South Korea is increasing the size of it’s cyber command to 1,000 people and increased information security spending by almost %50 between 2009 and 2015.

Unfortunately though, the South is racing to catch up. North Korea started training it’s hackers in the early 90’s and, according to the chief of S.K.’s defense security command, has 1,700 highly skilled and specialized hackers. He also called North Korea a ‘global cyber power.’

The South has been playing catch up for awhile actually, it wasn’t until a ‘suspected’ North Korean attack in 2009, that paralyzed a large number of government websites, that the South set up a cyber-defense command. In 2013 North Korean hackers attacked South broadcasters and banks. An estimated 32,000 computer servers were paralyzed, and the country lost an estimated 750 million dollars in economic damage.

Luckily South Korea seems to be training some excellent talent in their national cyber-defense department. This is shown by their students winning the ‘Hackers World Cup’ this year in August at Defcon in Las Vegas.

 

Robert Levasseur

http://www.arkansasonline.com/news/2015/nov/30/young-programmers-in-s-korea-groomed-to/?f=business

Way to go VTech.

One month ago a hacker revealed that he had broken into the toymaker VTech and retrieved a lot of information that was disturbing. Apparently, VTech had been storing  images, chat logs, home addresses, emails, names, genders and even birthdays of every customer. This would include the parents and their children who the products were most likely being used by.  Around 4,000,000 parents and 200,000 of the children using the products information was readily available for anyone who knew what they were doing. The hacker did not relinquish the way he was able to break into VTech, probably in an attempt to keep this information secret from people who want it but do not know how to hack, but has commented that he retrieved 190GB worth of photos and shared 3832 images with motherboard, a blogging site, with all the faces blocked out.VTech has yet to concretely say what their exact reasoning was but the wording of their attempt to justify it was so that they can send the password to the user directly. You know because that is such a GREAT idea, instead of just having them reset their password every time they forgot it because the company made it entirely impossible for them to access it on their own and with ease, I will just send you it back. The person that thought this was a good idea should get fired, like, two years ago.

https://nakedsecurity.sophos.com/2015/12/01/photos-of-kids-and-parents-chatlogs-audio-files-stolen-in-vtech-breach/

Covert Communications: Using Gaming Networks to Plot Terror

With all of the monitoring software that has been turned from legend into fact in the recent years, it can be perplexing that terroist organizations are still able to remotly plan and, as we have seen in recent days, execute attacks on high profile targets. However, officials in Belgum have come up with a way they were able to plan attackes such as Paris: using gaming networks such as Sony’s Playstation Network used on their Playstation 4

This is just the most recent in commercial networks and applications being used to plan terrorist activities. Before the use of the Playstation Network, terrorist organizations have been seen using a mobile application called WhatsApp, which uses the internet to send messages from person to person, and has been shown to be difficult to monitor due to its high traffic and method of sending messages.

The Playstation Network, however, has proven more difficult than WhatsApp when it comes to intercepting terrorist communications, due to their lack of ability to intercept peer-to-peer IP based voice chat. This would mean that a terrorist meet up could happen in something as simple as an online game, and authorities would never know about it.

This doesn’t mean that they haven’t tried to gain legal access to VoIP communications. In 2010, the FBI pushed to have all lanes of communication monitoried, though the FCC had declined to give them access to the network then.

The main issue, however, is beyond the legal scope. While we are able to profile potential terror affiliates based on their internet usage, it is very hard to do so based on their console usage (uless we already know a terror affiliate uses a certain account). This, along with the Playstation Network having over 110 million users (for scope, that would make it the 11th largest country in the world), makes it a really hard field to narrow down.

And that is just for voice communication. If you start thinking about it, there are even ways to conduct non-verbal communication over a gaming network, from in-game destructables to placing items to form words or symbols that could mean something, that would not be traceable later, as they would be reset according to the loading of the game.

With these in mind, communicating over gaming networks may be the next large step in clandestine communications between persons or bodies that do not want anyone listening in to their conversations, as there are currently no real steps to trace anything that might happen there. This could lead to governments and groups not being able to trace the traditonal methods of communication, and increases the likelyhood of an unexpected attack on a high profile target.

-Will G. Eatherly

Sources:

Daily Mail article on topic: http://tinyurl.com/pxxekka

List of Countries according to population: http://tinyurl.com/qb8f8mv

Forbes article on topic: http://tinyurl.com/omftmlk