November 23, 2024

Jihadists Increasingly Wary of Internet, Experts Say

Posted on January 31, 2015 by in Security

Paris – After having used the Internet profusely for propaganda and recruitment, jihadist organizations have realized that investigators are gleaning crucial information online and are increasingly concealing their web presence, experts say.

Apart from recent orders given to fighters to limit their exposure, erase the footprint of their online activity and avoid revealing too many place names or faces, the Islamic State and Al-Nusra Front groups are increasingly using the “Dark Web” — the hidden part of the Internet protected by powerful encryption softwares.

“Sometimes we get the geographical location of some fighters thanks to Facebook,” Philippe Chadrys, in charge of the fight against terrorism at France’s judicial police, said earlier this week.

“Some even publish it on the public part of their account. That gives us elements to build a case. Because of course we don’t go to Syria, we have no one on the ground, and we lack proof.”

In November, Flavien Moreau, a 28-year-old jihadist who travelled to Syria and then returned to France, was jailed for seven years exclusively on the basis of what he posted online.

And those who just months ago had happily posted videos, photos of themselves holding Kalashnikovs or of beheadings on Facebook have now realised that they were single-handedly building a case against themselves, if they ever decided to come home.

“We are starting to notice the beginnings of disaffection with Facebook — they have understood that’s how we get incriminating evidence,” said Chadrys.

Related Content: ISIS Cyber Ops: Empty Threat or Reality?

“They are resorting more and more to Skype or WhatsApp, software that is much harder to intercept. “We realise that the people we are interested in are increasingly specialised in computing. They master encryption software and methods to better erase data.”

‘Cyber-surveillance’ key

Chadrys also said that jihadists were increasingly using the “Dark Web.”

“That makes our probes much more complicated. The terrorists are adapting, they understand that the telephone and Internet are handy, but dangerous.

He pointed to Mehdi Nemmouche, saying last year’s alleged Brussels Jewish museum killer had no mobile phone and no Facebook account.

Faced with this problem, police are resorting to calling in cryptography and computing experts, but there are never enough, which slows down investigations.

Last autumn, the Islamic State group (IS) published guidelines for its members, asking fighters not to tweet precise location names, to blur faces or stop giving too many details about on-going operations.

“Security breaches have appeared, which the enemy has taken advantage of,” read the text, written in Arabic.

“The identity of some brothers has been compromised, as have some sites used by mujahedeen. We know that this problem does not only involve photos, but also PDF, Word and video files.”

In a recent report, Helle Dale of the US-based Heritage Foundation think-tank wrote that cyber-surveillance was key to the fight against IS “as human intelligence is hardly available on the ground, especially in Syria, and the number of unmanned drones is limited.”

But, she added, the group “is changing is communications strategy. It is encrypting its electronic communications, limiting its presence online and using services that delete messages as soon as they are sent.”

Related: ISIS Cyber Ops: Empty Threat or Reality?

Subscribe to the SecurityWeek Email Briefing

view counter

© AFP 2013


SecurityWeek RSS Feed

Microsoft Preps Critical Internet Explorer Security Update for Patch Tuesday

Posted on September 4, 2014 by in Security

Microsoft is set to release four security bulletins next Tuesday covering issues in Windows, Internet Explorer and other products.

Only one of the bulletins – the one dealing with Internet Explorer – is rated ‘Critical.’ The other three are classified by Microsoft as ‘Important.’

“Looks like a very light round of Microsoft Patching this month,” said Ross Barrett, senior manager of security engineering at Rapid7. “Only four advisories, of which only one is critical. The sole critical issue this month is the expected Internet Explorer role up affecting all supported (and likely some unsupported) versions.  This will be the top patching priority for this month.”

Many organizations do not routinely stay up-to-date with the latest version of the browser, noted Eric Cowperthwaite, vice president of advanced security and strategy at Core Security.

“I checked with a couple recently and they are still running two or three versions of IE behind the current version,” he said. “The IE vulnerabilities are likely to impact significant portions of the enterprise computing space. Clearly the IE vulnerabilities that will allow remote code execution on every desktop OS and most server OS is the vulnerability that should be addressed first. Because it is so widespread and requires system restarts, this is going to be challenging for most IT organizations.”

The three non-critical bulletins address issues in Windows, the .NET Framework and Microsoft Lync Server. Two of the bulletins deal with denial of service issues, while the other addresses an escalation of privilege.  

“The few number of patches expected out next week doesn’t mean you can take a pass on patching this month however,” noted Russ Ernst, director of product management at Lumension. “The critical class patch is for at least one remote code execution vulnerability in IE – likely another cumulative update for the browser.”

The updates are slated to be released Tuesday, Sept. 9.

Brian Prince is a Contributing Writer for SecurityWeek.

Previous Columns by Brian Prince:


SecurityWeek RSS Feed

Microsoft Plans Critical Internet Explorer, Windows Updates for Patch Tuesday

Posted on July 4, 2014 by in Security

Microsoft announced plans today to release six security bulletins as part of this month’s Patch Tuesday.

Of the six, two are rated ‘critical’, while three are rated ‘important’ and one is considered ‘moderate.’ The updates are for Microsoft Windows, and Microsoft Server Software and Internet Explorer, with the critical ones targeted at IE and Windows.

It’s the time of year where many people take vacation away from the office but this won’t be the month to push off patching, blogged Russ Ersnt, director of product management for Lumension.

“Datacenter administrators shouldn’t plan to be away too much next week since every bulletin impacts nearly every supported Windows Server version,” he added. “Two of the bulletins even impact Windows Server set to Core mode.”

Wolfgang Kandek, CTO of Qualys, called the IE bulletin the most critical, and noted it affects all versions of the browser from Internet Explorer 6 to Internet Explorer 11.

“This patch should be the top of your list, since most attacks involve your web browser in some way,” he blogged. “Take a look at the most recent numbers in the Microsoft SIR (Security Intelligence Report) report v16, which illustrated clearly that web-based attacks, which include Java and Adobe Flash are the most common.”

Bulletin 3, 4, and 5, he added, are all elevation of privilege vulnerabilities in Windows and affect all versions of Windows.

“They are local vulnerabilities, i.e they cannot be used to achieve code execution remotely through the network, but require that the attacker already haves a presence on the targeted machine as a normal or standard user,” Kandek blogged. “Exploits for these types of vulnerabilities are part of the toolkit of any attacker as they are extremely useful, when the attackers get an account on the machine, say through stolen credentials. In any practical scenario, the attacker then wants to assure continued control of the machine and will need to become administrator of the machine to install their controlling malware. This is where these vulnerabilities come in – we consider these extremely important to fix to help frustrate or slow down attackers once they are on the target machine.”

The final bulletin is rated ‘moderate’ and impacts Microsoft Service Bus for Windows Server, Ernst explained.

“Microsoft Service Bus is a messaging service used by many third-party web applications as well as by Microsoft Azure, so even though this is rated as Moderate, it is probable that this vulnerability would be used in conjunction with other vulnerabilities to target those applications,” he blogged.

The Patch Tuesday updates will be released July 8 at approximately 10 am PT.

Brian Prince is a Contributing Writer for SecurityWeek.

Previous Columns by Brian Prince:


SecurityWeek RSS Feed

Consumers Ready for Internet of Things, But Fear Data Privacy and Security Implications: Survey

Posted on June 23, 2014 by in Security

Security vendor Fortinet released a survey that shows homeowners want to embrace the Internet of Things (IoT), but are worried about privacy and security.

In a survey of 1,801 homeowners, Fortinet found that 61 percent of U.S. respondents believe the connected house – a home where appliances and home electronics are seamlessly connected to the Internet – is “extremely likely” to become a reality during the next five years. Eighty-four percent of homeowners in China felt that way.

But the excitement over the prospect is tempered by security concerns. A majority of respondents (69 percent) globally said they were extremely or somewhat concerned a connected appliance could result in data breach of sensitive information. Among U.S. homeowners, the figure was 68 percent. When asked how they would feel if a connected device in their home was secretly or anonymously collecting information about them and sharing it with third-parties, 62 percent said they would feel “completely violated and extremely angry to the point where I would take action.” The strongest responses came from South Africa, Malaysia and the U.S., with the U.S. coming in at 67 percent.

Fifty-seven percent of respondents in the U.S. also agreed with the statement that “privacy is important to me, and I do not trust how this type of data may be used.”

“The Internet of Things promises many benefits to end-users, but also presents grave security and data privacy challenges,” said John Maddison, vice president of marketing at Fortinet , in a statement. “Crossing these hurdles will require clever application of various security technologies, including remote connection authentication, virtual private networks between end-users and their connected homes, malware and botnet protection, and application security − applied on premises, in the cloud and as an integrated solution by device manufacturers.”

Many of respondents said they felt they should have access to any data collected by a connected home appliance. Sixty-six percent said that only themselves or others whom they have given permission should have access to this information. In the U.S., the number was 70 percent, with about a quarter also stating they thought the device manufacturer or their Internet Service Provider (ISP) should have access to the collected data as well.

Forty-two percent said the government should regulate collected data, while 11 percent said regulation should be enforced by an independent, non-governmental organization. In the United States, only 34 percent of respondents felt the government should regulate collected data.

Still, the respondents felt the device manufacturers should be primarily responsible for securing the device if a vulnerability is found. Forty-eight percent of all those surveyed agreed that the manufacturer is responsible for updating and patching their technology. However, almost 31 percent responded that it was the responsibility of the homeowner to keep the device up to date.  

“The battle for the Internet of Things has just begun,” Maddison said. “According to industry research firm IDC, the IoT market is expected to hit $ 7.1 trillion by 2020. The ultimate winners of the IoT connected home will come down to those vendors who can provide a balance of security and privacy vis-à-vis price and functionality.”

Brian Prince is a Contributing Writer for SecurityWeek.

Previous Columns by Brian Prince:


SecurityWeek RSS Feed