Although driven by different motives, terrorist organisations and cyber criminals use the same level of proficiency in abusing legitimate online tools and services.
According to a report published this week by cyber security firm Trend Micro, terrorist groups can be considered cyber criminals in their own right because their online activities also run afoul of the law.
However, the two groups have different motives, with cyber criminals usually chasing financial gains and terrorists wanting to spread propaganda instead of malware.
The research shows how cyber criminals and terrorists overlap in their abuse of technology and online platforms to benefit their causes.
Terrorism FAQs
Another private intelligence firm, Flashpoint, recently pointed out that terrorist group ISIS is taking new steps to make sure it's only communicating with militants and supporters - and filter out undercover police.
ISIS is increasingly migrating conversations to invite-only channels, Flashpoint notes. "They include very detailed explosive manuals, advice on avoiding capture, how to deal with interrogation - you name it. Everything from the nitty-gritty of cyber security to building explosives and chemical mixtures," says Laith Alkhouri, Flashpoint's director of research and analysis for the Middle East and North Africa.
Flashpoint says ISIS tightly controls invitations to small, private channels. They repeat the process over and over again, and the communication circles keep getting smaller and smaller, it adds, explaining this is meant to weed out potential government intelligence agents.
"If you're not abiding by strict rules, you get blacklisted from the community and there's no way back in," says Alex Kassirer, a Flashpoint terrorism analyst.
The Internet has also emerged as a key technology for terror group Al Qaeda and other jihadist movements waging their so-called electronic jihad globally, with digital multiplier effects.
Anonymous programs
Trend Micro points out that due to the obviously illegal nature of their goals, cyber criminals and terrorists share the need to remain untraceable and anonymous online. Both groups are known to abuse tools and services that have been developed to help those who have a legitimate reason to hide their identities (such as journalists, whistleblowers, and activists), it points out.
Some examples of these tools include anonymising programs such as TOR, and certain encryption tools found in the Deep Web.
Another example of a Web service Trend Micro saw being abused by terrorists is the DDOS mitigation service, Cloudflare. A legitimate service designed to provide a working mirror for Web sites that are either experiencing heavy traffic or being subjected to denial of service attacks, Cloudflare is abused to hide the real hosted IP address of the Web site.
"We've seen this used time and again by cyber criminals looking to distract or delay authorities from being able to track the location of their hosted servers. We found terrorists have also begun to adopt Cloudflare to give propaganda Web sites another level of anonymity," says Trend Micro in the report.
Instant messaging is another method of communication that cyber criminals and terrorists have in common, but used more for communication and co-ordination rather than for information theft or to spread malicious links.
The security solutions company studied 2 301 accounts that openly support terrorist groups and found instant messaging service Telegram is the most favoured among terrorists, with 34% listing their contact information as a Telegram address.
Wickr, Surespot, Signal and Threema accounted for the rest, along with WhatsApp and other messaging apps. WhatsApp previously saw much more use than the 15% Trend Micro saw of it today - the reduced use may have stemmed from recent terrorist arrests made through the use of the messaging app, it explains.
Clearest differences
Cyber criminals and terrorists also share the use of file hosting and sharing services. These services are mostly used by terrorists to send and spread propaganda and large digital media.
Examples of such services used in this fashion include top4top.net, Sendspace and SecureDrop, Trend Micro found.
However, the company says one of the clearest differences between cyber criminals and terrorists is their desire to spread propaganda. While cyber criminals' main goals are to commit cyber crime and stay hidden while they do it, terrorists aim to have their content go viral, to be seen and consumed not only by their followers but also by a wider public audience.
At the same time, terrorist groups try their best not to be banned or censored from the channels they use to spread their propaganda, or to have their real-life identities traced and detected while doing it, the security firm concludes.
Share