Snowden leaks show that terrorists are JUST LIKE US
... on infosec, that is. Jihadis' OPSEC rivalled GCHQ's, says Glenn Greenwald
NSA whistleblower Edward Snowden's media allies have launched a counteroffensive against allegations by intelligence agencies that terrorists have upped their game in cryptography as a result of his leaks about NSA spying.
Glenn Greenwald's The Intercept published leaked GCHQ mobile phone OPSEC guidance from 2010 alongside excerpts from a comparable jihadist handbook from 2003 to argue that terrorist groups were focused on mobile phone spying risks years before the Snowden leaks began last year.
"So sophisticated is the 10-year-old 'Jihadist Manual' that, in many sections, it is virtually identical to the GCHQ’s own manual, developed years later (in 2010), for instructing its operatives how to keep their communications secure," The Intercept argues.
Greenwald's piece attempts to rubbish a recent NPR Morning Edition radio report suggesting that the Snowden revelations harmed national security and allowed terrorists to develop countermeasures to state surveillance. NPR used research from web intelligence and predictive analytics firm Recorded Future to back up this accusation, which has repeatedly been aired by everyone from Sir Iain Lobban, director of Britain's GCHQ spy agency, who did so last year in front of a parliamentary committee, to former NSA General Counsel Stewart Baker earlier this month (here).*
"Following the June 2013 Edward Snowden leaks, we observe an increased pace of innovation, specifically new competing jihadist platforms and three major new encryption tools from three different organizations – GIMF, Al-Fajr Technical Committee, and ISIS – within a three to five-month time frame of the leaks," Recorded Future states.
NPR failed to point out that financial backers of Recorded Future include In-Q-Tel, the CIA’s investment arm. Mario Vuksan, chief exec of ReversingLabs, a cybersecurity expert who worked on Recorded Future's report, entered into a "strategic partnership" In-Q-Tel two years ago.
"Beyond all these CIA connections, the conclusion touted in the NPR report—that al-Qaeda developed more sophisticated encryption techniques due to the Snowden reporting—is dubious in the extreme. It is also undercut by documents contained in the Snowden archive," The Intercept argues.
Off the shelf
Recorded Future subsequently claimed that terrorists were turning to "off the shelf" methods of cryptography.
It’s pretty clear our earlier point that we’re observing increased pace of innovation in encryption technology by Al-Qaeda post Snowden stands true. And this innovation is based on best practice, off the shelf, algorithms.
Noted cryptographer Bruce Schneier maintains that the changes terrorists appear to be making will, if anything, make the counter-terror role of signals intelligence agencies such as the NSA and GCHQ easier rather than harder.
"Cryptography is hard, and the odds that a home-brew encryption product is better than a well-studied open-source tool is slight," Schneier writes. "Last fall, Matt Blaze said to me that he thought that the Snowden documents will usher in a new dark age of cryptography, as people abandon good algorithms and software for snake oil of their own devising. My guess is that this an example of that."
Compare & contrast: OPSEC advice
The debate about cryptography and the Snowden revelations is politically important and technically significant but Reg readers are also likely to be interested in the consensus view shared between terrorists and intel agencies about mobile phone operational security.
Both GCHQ and the jihadi manual instruct operatives that merely turning off mobile phones is insufficient to avoid tracking. Both the battery and SIM card must be removed.
A partially redacted version of six-page GCHQ guide – which was classified "secret" – is available via whistleblower site cryptome.org here (PDF). Experts in operational security and infosec have been picking through the release to uncover interesting nuggets about the tradecraft of spies.
The Foreign Office provides non-attributable official and personal mobile phones to GCHQ officers while on deployment. Covert mobile phones are equipped with Bluetooth and therefore they must not be switched on or used within a 50-mile radius of GCHQ's Cheltenham HQ, operatives are instructed.
Infosec consultant the grugq said the guidance made sense.
Spy Blog notes that GCHQ's covert mobile phone security guide that only other intelligence agencies - and not terrorists - would have the capability to track mobile phone locations.
Cyberspies are further instructed to use the landline payphones when at airports, rather than their covert mobiles, which can only be charged and not used in international transport hubs. ®
*By contrast, newly installed NSA chief Admiral Michael Rogers has played down the impact of the Snowden revelations on the spy agency's work and the suggestion that terrorists' communications in parts of the world had "gone dark" in the wake of Snowden.
Sponsored: Global DDoS threat landscape report