Tuesday, 3. May 2016

Dark Motives Online: An Analysis of Overlapping Technologies Used by Cybercriminals and Terrorist Organizations

To answer the question we posed before: Yes, cybercriminals and terrorists are more similar than we think – they use similar platforms and services online, but also with some key differences.

Clamor for Anonymity

Unsurprisingly, remaining anonymous is of utmost importance to cybercriminals and terrorist organizations alike. Cybercriminals have been known to leverage the Deep Web and use TOR or personal VPNs to avoid being tracked, and the case appears to be the same for terrorist organizations.

For example, underground email services used by cybercriminals are now increasingly being adopted by terrorist organizations. Services such as SIGAINT, RuggedInbox, and Mail2Tor are often recommended in forums, with the motivation of keeping off nation states’ prying eyes.



Figure 1. SIGAINT service

It should be noted that these services are not specifically meant to be used by cybercriminals or terrorist organizations, but have been favored by both groups because of the anonymity they offer. Another example of this is seen in the messaging platforms we saw linked to terrorists’ accounts. Telegram, a messaging platform known for its strong encryption, is the most commonly listed contact detail.



Figure 2. Terrorist account on Telegram

Spreading Propaganda

One key difference in the online activities of cybercriminals and terrorist organizations and their supporters is the latter’s usage of the Internet to spread propaganda messages.



Figure 3. Propaganda videos being spread online

While communications among cybercriminals are often limited to those they are interested in doing business with, terrorist organizations are more inclined to sending out messages towards the public in general. This is most likely done in order to attract supporters for their cause. We saw terrorist organizations use file sharing services and even social media to disseminate their content.

Customized Terrorist Tools

While we saw terrorists taking tools from the cybercriminals’ toolkit for most of their needs, we also saw some applications that have been specifically developed for their purpose. We were able to uncover several tools that are commonly used among terrorist organizations. The said tools are used to encrypt communication as well as distribute information among contacts.

The details of our findings can be found in our article, Dark Motives Online: Analyzing Overlaps between Technologies Used by Cybercriminals and Terrorist Organizations.

Post from: Trendlabs Security Intelligence Blog - by Trend Micro

Dark Motives Online: An Analysis of Overlapping Technologies Used by Cybercriminals and Terrorist Organizations