In an effort to help obscure its communications from the many worldwide intelligence agencies trying to hunt them down, members of terrorist group Daesh now have their own encrypted chat application. This follows members of the organisations being kicked off of the likes of WhatsApp, Telegram and other platforms.
Governments and intelligence agencies of various countries, including the U.S. and U.K. have warned loud and often that groups like Daesh use encrypted chat services to communicate. They claim that that is the reason that they need to have backdoors to commercial messaging applications.
However that won't help much when it comes to the Daesh built “Alrawi,” messenger service. Although its security isn't as high as more commercial ventures, as Fortune points out, that doesn't matter as much when there is no central company to try and requisition meta data or message contents from.
App created by IS-affil Amaq Agency “news” org to streamline access to IS propaganda, Screenshots courtesy @CtrlSec pic.twitter.com/kKc0IZo2wi
— Michael S. Smith II (@MichaelSSmithII) December 7, 2015
The app, discovered by digital counter terrorism group Ghost Security, purportedly offers one-to-one messaging, a scrolling news feed and video sharing capabilities; just about everything you would expect from a contemporary social application. Except with a very-specific target audience.
One avenue of attack against the app could be that because it is not an official installation, putting better protections against unauthorised applications could help. However jailbreaking phones is something that has been done for years and in some instances has some very legitimate uses. Blocking that in any meaningful way could anger consumers and wouldn't do anything to prevent the already open-platform smartphones already out there.
Discuss on our Facebook page, HERE.
KitGuru Says: How do you guys think governments and intelligence agencies should combat groups like Daesh communicating through encrypted channels?
At least logically this should alleviate our governments bullshit efforts to get rid of our encryption. Just not though is it
Why exactly does Joe Average need encryption? Encryption is purely to hide information, so what is it you are trying to hide?
This app probably has made the NSA very happy – it gives them one app to target rather then a plethora of them.
What am I trying to hide? Oh you know, maybe a confidential or NDA conversations, bank details are a pretty important one, passwords in general too.
Shit doesn’t have to be malicious to need to be encrypted and it’s your shitty mindset of “nothing to hide nothing to fear” that causes these kinda problems in the first place
For information that you don’t want all other parties to be aware of, you know, what encryption has always been used for since the dawn of cryptography. Personal, private, confidential information that pertains to your life or affairs. Not information that you want to specifically hide from the government, though it could legitimately include this, but information that you don’t want every Tom, Dick and Harry to be able to access on a whim.
You could just as soon say “Why does the average person need a company to have a data protection policy?” and the answer would be the same. Who cares if a company gets hacked and loses your data, what does the average citizen have that others would want. Who cares if your medical records are freely available, or your credit card details, or enough of your personal information to commit identity theft. None of that is important or sensitive, none should be encrypted.
Online banking and credit card purchases without encryption would be hopelessly insecure. Encryption in messaging apps is a different question but life without encryption would be a massive backward step. Also, if Apple, Google, Microsoft et al didn’t use encryption for Skype and Facetime my guess is that Daesh wouldn’t feel obliged to follow suit.
Messaging systems and banking encryption are very different things, as in the government is trying to stop one of them, not both.
The government isn’t trying to do away with data encryption, just messaging apps with it, which seems fair.
If you want to talk about “retarded”, the idea that an NDA conversation would be had via IM is “retarded”. As I said, your average person does not need an encrypted messaging app. If you want to discuss this topic, try to bring something to the table other than “OMG U R RONG!” and infantile comments that show you don’t work with the information you are talking about.
Loving how you ignored every other argument I threw at you for one that is merely situational. Still fine with anyone with basic “hacking” knowledge able to see where you live, what your income is and exactly how to take that all from you then?
If you are sharing NDA, confidential info, passwords and other information via chat apps, you need to re-access your security practices. It really is as simple as that.
Life goes further than chatting apps dude. Take, for example, HTTPS. That uses encryption
Yes, and the government isn’t looking to ban all encryption – a lot of government departments require encryption with their own data when used online. Here’s a quick example: https://www.usa.gov/
That may be the position on the face of it but it is clear the NSA in particular wants to degrade and subvert encryption so even if it is used in a particular application they will be able to crack it open. This Daesh story proves the point – it is pointless opening up legitimate applictions to catch low grade criminals when states, international gangs and terorists will develop their own software.
Wow…. Thats more of a lack of computer knowledge that I’ve ever seen on a computer page group.
Please go look up encryption and govs wish to “ban all effective encryption”
And this is the situatiuon where X is only legal when the government do it (public executions of critisisisers, something dubai currently does).
Before any time at all we become Korea. Only gov approved forked OS’s, bans on encryption, then “hate speech”, then anything that dissagrees with their political views.
The government doesn’t want to specificaly ban it, but install backdoors and be sent passwords, and any company that refuses will be breaking the law, and any person who invents a new encryption app, protocal or program is now a cyber criminal.
Are you telling me I should not use “bad and terrorist illegal” encryption to store bank details I can’t remember? Because thats all you’ve done today. Tell everyone they should have all their details, personal and otherwise avalible for all to see.
What if they were trying to ban physical safes? would we then suddenly have a right to secure locations for physical and intelectual property?
What is the difference between my bank details encrypted and in a safe? I can store far more illegal shit in the safe, but they haven’t been “banned to protect people” out of computer and logical ignorance.
You clearly don’t understand what the government wants to do. They are proposing to ban ONLY encrypted messaging services, NOT encryption as a whole. So it is certainly not a case of being legal for some people and illegal for others and will have absolutely no effect on storing bank details in something like AES-256.
Instead of going on a dystopian rant, double check that you have your facts right.
No they don’t want to ban all effective encryption – that is categorically untrue.
Considering how stupid terrorists can be, you’d be surprised how just opening up the existing messaging apps would benefit intelligence agencies. Here’s an example of some of how stupid they can be: http://www.bbc.co.uk/news/uk-england-35195311
A few days ago new McLaren F1 subsequent after earning 18,512$,,,this was my previous month’s paycheck ,and-a little over, 17k$ Last month ..3-5 h/r of work a day ..with extra open doors & weekly paychecks.. it’s realy the easiest work I have ever Do. I Joined This 7 months ago and now making over 87$, p/h.Learn More right Here
as…..
➤➤
➤➤➤ http://GlobalSuperEmploymentVacanciesReportsNet/GetPaid/98$hourly…❦.❦.❦.❦.❦.❦.❦.❦.❦.❦.❦.❦.❦.❦.❦.❦.❦.❦.❦.❦.❦.❦.❦.❦.❦.❦.❦.❦.❦.❦.❦.❦.❦.❦.❦.❦.❦.❦..
GCHQ, and by extension the government, are pushing for altered encryption standards that have in-built back doors for them to use. At the same time they block stronger smartphone encryption standards from being used, such as in 2010, which affects a lot more than just messaging apps. Their approach leaves a lot to be desired and could amount to a large additional risk for everyday users.
For the purpose of monitoring messaging apps. Not in general. If someone transfers sensitive information via a messaging app, they desperately need to readdress their security practices. For joe average, these changes would affect them as much as the Internet affects Jupiter.
Are you serious? Are you saying everyone should walk around with their bank account and sensitive passwords to all their accounts stored in PLAIN TEXT on their devices? If you want to go ahead and do that, knock yourself out. See how long before your information ends up on some TOR hidden site, for sale to the highest bidder.
If it has a built in back door then what is the point?
How do you ensure that the people who use the back door are the good guys?
Look at what happened to “Hacking Team” — their entire storage tiers, all their servers, everything, hacked, and dumped on to the internet — They were a for-hire security group that did business with shady governments and criminal cartels… And these guys were security experts…In the end, they got owned.
Yeah it’s not like the NSA has tried and successfully hacked SSL / HTTPS itself on numerous occasions…Oh wait. /s
How do you ban something that has open source libraries all over the place on the internet that any beginner programmer can use to build a simple encrypted chat program with in about 25 minutes? It would be easier to track down and seize every single civilian firearm in the USA than to actually an encryption ban.
And you know what? I have some free time this weekend — just as a fuck you, I’m going to put together a simple Java end to end encrypted chat app and put the source on my github.
How do you prevent “banking encryption” (SSL/TLS?) libraries that are open source from being used for messaging systems? Please answer me that, Einstein.
I’m not arguing the how, but what it is they are wanting to do. Find your argument elsewhere kid.
That’s neither what I said, nor what the government is proposing.
Not my concern how it’d be implemented – I’m saying what it is they want to do, not how they’ll do it.
Well “they” clearly have not thought this through.
HTTPS by itself can be used to securely exchange messages, if you wanted to.
Any encrypted TCPIP channel can be called a “message” —
There’s a sender, and a receiver, and they exchange information…How is that any different from something like iMessage?
I fail to see how a law could differentiate a “messaging app” from something like HTTPS or IPSec, both of which are necessary to conduct business on the Internet.
I believe they would start by banning all encryption, and offering an “encryption” service themselves, to be used by banks, facebook etc…
Then they would either fill it with backdoors, or stop FB from using it, then stop anyone from using it…
How can you ban something that is proliferated all over the world and free? It will be like the war on drugs! Banning drugs in the 60s has now made drugs more available and in better quality than they were previously and made usage increase by orders of magnitudes. The same will happen with encryption. You can’t ban something that is readily available and built in to every operating system in the world.