Paris – After having used the Internet profusely for propaganda and recruitment, jihadist organizations have realized that investigators are gleaning crucial information online and are increasingly concealing their web presence, experts say.

Apart from recent orders given to fighters to limit their exposure, erase the footprint of their online activity and avoid revealing too many place names or faces, the Islamic State and Al-Nusra Front groups are increasingly using the “Dark Web” — the hidden part of the Internet protected by powerful encryption softwares.

“Sometimes we get the geographical location of some fighters thanks to Facebook,” Philippe Chadrys, in charge of the fight against terrorism at France’s judicial police, said earlier this week.

“Some even publish it on the public part of their account. That gives us elements to build a case. Because of course we don’t go to Syria, we have no one on the ground, and we lack proof.”

In November, Flavien Moreau, a 28-year-old jihadist who travelled to Syria and then returned to France, was jailed for seven years exclusively on the basis of what he posted online.

And those who just months ago had happily posted videos, photos of themselves holding Kalashnikovs or of beheadings on Facebook have now realised that they were single-handedly building a case against themselves, if they ever decided to come home.

“We are starting to notice the beginnings of disaffection with Facebook — they have understood that’s how we get incriminating evidence,” said Chadrys.

Related Content: ISIS Cyber Ops: Empty Threat or Reality?

“They are resorting more and more to Skype or WhatsApp, software that is much harder to intercept. “We realise that the people we are interested in are increasingly specialised in computing. They master encryption software and methods to better erase data.”

‘Cyber-surveillance’ key

Chadrys also said that jihadists were increasingly using the “Dark Web.”

“That makes our probes much more complicated. The terrorists are adapting, they understand that the telephone and Internet are handy, but dangerous.

He pointed to Mehdi Nemmouche, saying last year’s alleged Brussels Jewish museum killer had no mobile phone and no Facebook account.

Faced with this problem, police are resorting to calling in cryptography and computing experts, but there are never enough, which slows down investigations.

Last autumn, the Islamic State group (IS) published guidelines for its members, asking fighters not to tweet precise location names, to blur faces or stop giving too many details about on-going operations.

“Security breaches have appeared, which the enemy has taken advantage of,” read the text, written in Arabic.

“The identity of some brothers has been compromised, as have some sites used by mujahedeen. We know that this problem does not only involve photos, but also PDF, Word and video files.”

In a recent report, Helle Dale of the US-based Heritage Foundation think-tank wrote that cyber-surveillance was key to the fight against IS “as human intelligence is hardly available on the ground, especially in Syria, and the number of unmanned drones is limited.”

But, she added, the group “is changing is communications strategy. It is encrypting its electronic communications, limiting its presence online and using services that delete messages as soon as they are sent.”

Related: ISIS Cyber Ops: Empty Threat or Reality?

Tags:

• Cyberwarfare
• NEWS & INDUSTRY

Security experts and eBay have confirmed that a recent user database being advertised on Pastebin was not obtained as a result of the data breach suffered by the online marketplace earlier this year.

On May 21, eBay admitted that its corporate network had been breached sometime between late February and early March 2014. The attackers compromised the login credentials of a small number of employees and used the data to gain access to the details of eBay’s 145 million customers. The breach was discovered only in early May.

While there’s no evidence that financial information has been compromised, or that PayPal customers are impacted, the cybercriminals have managed to gain access to names, email addresses, physical addresses, phone numbers, dates of birth and encrypted passwords.

It’s uncertain who is behind the attack, but other cybercriminals and scammers are already trying to profit from the incident. Experts have reported seeing a higher number of PayPal and eBay phishing attacks, and, a post on Pastebin was found offering to sell 145,312,663 eBay customer records for 1.453 Bitcoin (around $ 750).

The seller has published a sample of 12,663 names, password hashes, email addresses, physical addresses, phone numbers and dates of birth allegedly belonging to eBay customers in the Asia-Pacific region.

Both security experts and eBay have analyzed the sample and determined that the data is fake. eBay representatives say none of the credentials appear to belong to customers.

Security expert Kenn White has also analyzed the data and found that it appears to originate from older leaks.

Security blogger Brian Krebs also believes that the data is fake. Allison Nixon, a threat researcher with Deloitte & Touche LLP, has told Krebs that the scammers are most likely hoping that security companies will purchase the data for research purposes.

In its official data breach announcement, eBay failed to disclose how it encrypts customer passwords, but  company representatives have told Reuters that a “sophisticated, proprietary hashing and salting technology” is used to protect them. On Twitter, eBay noted that passwords are hashed and salted, and there is no evidence that the encryption has been broken.

However, users are advised to change their passwords as a precaution. While some have criticized the company for not forcing password resets, as Australian security expert Troy Hunt highlights, that might not be such a good idea.

First of all, if the passwords are stored cryptographically and the company is confident that the information can’t be cracked easily, forcing a reset may be “overkill.” Furthermore, as Hunt explains, resetting the passwords of 145 million people at the same time and asking them to visit the site to set new ones might be too much for eBay’s servers, and it could be like launching a DDOS attack against themselves.

Another important aspect emphasized by Hunt and other security experts is the fact that it took eBay such a long time to detect the breach.

“What I find very distressful is the fact that the breach occurred 2 months ago and they found out just two weeks ago,” IT security expert Sorin Mustaca told SecurityWeek.

As far as disclosing information about the incident, Mustaca noted, “eBay is very careful in what they disclose because they are afraid of being sued. And indeed, I’ve seen in the media that there are already some attempts to sue them over their practices in what the security of the network is concerned.”

Tags:

• NEWS & INDUSTRY
• Incident Management