Skip to main content

ISIS has an OPSEC manual

ISIS operatives are using the same methods of online protection as journalists and civil activists use when trying to protect their identities, the identities of their sources and the integrity of the information they report.

Wired has reported on a 34 pages long operational security guide (PDF), originally written in Arabic, but roughly translated through Google's translator, explaining some of the basics of online security.

“The guide offers a handy compilation of advice on how to keep communications and location data private, as well as links to dozens of privacy and security applications and services, including the Tor browser, the Tails operating system; Cryptocat, Wickr, and Telegram encrypted chat tools; Hushmail and ProtonMail for email; and RedPhone and Signal for encrypted phone communications,” the report says.

Gmail was also mentioned as only being secure if the account is created using false credentials, and accessed through Tor or a virtual private network. Android and iOS platforms are only secure when communications are routed through Tor, as well.

The manual also advises ISIS operatives not to use Facebook or Instagram, as Facebook has a poor track record on privacy. It advises readers to use encrypted phones like Cryptophone or BlackPhone instead.

Dropbox was, expectedly, also condemned, saying that President Bush’s former Secretary of State Condoleezza Rice is on the company’s investors board. Whistleblower Edward Snowden has also openly spoken against Dropbox.

However, writing a guide explaining how ISIS should move in the digital environment, and actually sticking to the guide are two different things. As it turns out, the terrorists which attacked Paris recently were pretty careless when going about the virtual realm, which allowed the authorities to find their safehouse.