ISIS Has a “Jihadi Help Desk” and an Online Privacy Manual, Because Terrorists Need Tech Support Too
Apple has its Genius Bars. Amazon has a Mayday Button. And ISIS, we learned this week, has a 24-hour Jihadi Help Desk.
It’s a handy convenience for the terrorist on the go, who doesn’t have time to read the Islamic State’s 32-page manual on online privacy and encryption techniques—which Yahoo News’s Alyssa Bereznak got her hands on and published Wednesday.
One of the key questions in the wake of the Paris attacks is how ISIS managed to plan and perpetrate them without being detected by French and international authorities. Law enforcement officials in the United States were quick to argue that the massacre highlighted the danger of encrypted communication technologies. They’ve been pushing for “backdoors” that would enable government access to otherwise private messaging services.
This week has brought some surprising evidence to support the concern that terrorist networks are growing increasingly tech-savvy. NBC News reported on Monday night that ISIS maintains a 24-hour help desk, “manned by a half-dozen senior operatives,” to solve the tech conundrums that inevitably arise as they endeavor to conspire online without attracting unwanted attention. As described by NBC News, it isn’t so much a desk as a cadre of experts with professional IT training who make themselves available via various online forums, encrypted messaging apps, and even public social media accounts. Their job is to keep abreast of the latest developments in online security, distribute news updates and tutorials, and dispense advice on the best way to interact online without arousing suspicion. “Clearly this enables them to communicate and engage in operations beyond what used to happen, and in a much more expeditious manner,” a counterterrorism analyst told NBC News.
The manual that Yahoo News uncovered reinforces the picture of ISIS as a tech-savvy, 21st-century operation. It dispenses a mixture of common-sense privacy advice, like turning off location services on your phone and using a VPN for your browsing, with useful recommendations for secure apps, like TrueCrypt and Hushmail. It also includes some country-specific tips, like avoiding the Opera Mini browser when you’re in Saudia Arabia. Yahoo News' Bereznak posted the full manual on Scribd, and you can read it below:
This is not ultra-sophisticated stuff, but it doesn’t have to be. It’s just meant to help ISIS affiliates and self-styled jihadis around the world avoid making the sorts of really dumb mistakes that basic law enforcement techniques would be most likely to detect.
Along the same lines, the Wall Street Journal reported recently that an ISIS “technical expert” circulated a list that ranks 33 popular communication apps on a scale of “unsafe” to “safest.” In the “unsafe” category are globally popular chat apps such as WhatsApp, Kakao Talk, and WeChat. Leading U.S.-based apps, including Apple’s iMessage, Google Hangouts, and Facebook Messenger, are rated “moderately safe,” likely because they come with some high-end security features, but are also suspect due to the attention those companies have received from the NSA. Wickr and Telegram are among the “safe” options—or at least they were until Telegram announced it would block ISIS-related channels this week after coming under fire as a favorite tool of the terrorist group. Redphone and SilentCircle are among those considered safest of all. All of this would seem to play into the law-enforcement narrative that new technology, specifically the rise of commercial encryption, has made its job harder and the public less safe. (Here’s a good, nontechnical explainer on encryption, in case you’re wondering what exactly it means.)
It isn’t that simple, however. For one thing, most technologists agree that the government’s proposed antidote to encryption—backdoors—would cause more mayhem than it would prevent. For another, there’s a good case to be made that government spooks have more access to our personal data than they’ve ever had before, even accounting for the small portion that’s encrypted.
Finally, it’s worth noting the source of all these recent news stories about ISIS’ encryption strategies. For the most part, they’re coming from intelligence officials and counterterrorism analysts, some of whom might have their own reasons for painting the group as terrifyingly tech-savvy.
That’s not to say the stories of tech manuals, help lines, and app ratings are untrue. It seems clear that ISIS is in many ways a modern operation that takes online privacy seriously. Even religious extremists need 21st-century skills. But we still don’t know exactly how the French attacks were planned and coordinated, and it would be premature to blame encryption tools for authorities’ intelligence failures.
There are already signs that the image of ISIS as a technological juggernaut has been exaggerated: The Intercept reported Wednesday that at least some of the attackers’ communications were sent via unencrypted SMS, including a text message that read, “we’re off; we’re starting.” A cellphone that apparently belonged to one of the attackers was found to have unencrypted data, including location records. And, as the Intercept notes, authorities did in fact intercept ISIS conspirators’ communications in advance of a failed attack on Belgium earlier this year, which a key figure apparently tried to coordinate via cellphone from Greece. Far from using Tor or SilentCircle, it turned out the attackers were simply talking on the phone in obscure Moroccan dialects.
Why would the Paris attackers have ignored ISIS’ own best practices for secure communications? Who knows—maybe the Jihadi Help Line was busy assisting other customers.
Previously in Slate:
Go Turn On This New Amazon Feature That Will Make Your Account Much More Secure
The more people hear about big corporate hacks in the news, the more they want to protect themselves. But if it takes too much effort, a lot of people will give up. So to improve account security while also keeping things simple, most mainstream digital services have started offering a feature called "two-factor authentication" over the past few years. And Amazon is finally among the enlightened.
Amazon has been notably missing from the list of services (Google, Facebook, Twitter, even Venmo!) that have deployed two-factor. Richard Lawler of Engadget noticed that the company had added the feature early Wednesday morning, and Twitter users chimed in that Amazon's security setting exited beta testing a couple of weeks ago.
Enabling two-factor protects your accounts, because someone trying to access them needs both your normal login credentials and another piece of information—usually a randomly generated code that you get from an app or an SMS text that only works for a limited time. The first "factor" is your username and password and the second "factor" is the code you got from a device you own, usually your smartphone. A bad actor would have to know your username and password and have access to your phone in order to break into your account.
Since there's a good chance that Amazon accounts include active credit cards, it's extra important to protect them. From amazon.com click Your Account-->Settings-->Change Account Settings-->Advanced Security Settings. Once you're there, clicking Get Started will initiate a series of screens where Amazon walks you through the choices for getting two-factor codes from either text messages or an app. It takes three minutes and is totally worth it.
Amazon's security isn't perfect, and Amazon accounts can definitely get hijacked if someone reuses an email address and password combination a lot and then it gets compromised. But so far the retailer has been relatively hack-free. Add two-factor now, in case that ever changes.
Do Not Answer: How To Save Yourself From Obnoxious Callers
It’s easy to forget that near-universal caller ID is a relatively recent innovation. Prior to the rise of cellphones, it was a rare luxury to know who you were about to deal with when the phone rang. Even with it, however, some of us still answer automatically, failing to check who’s on the other end until it’s too late. We should be able to dodge them—we have the technology!—but sometimes we end up talking. And talking. And talking.
Inspired by a Slate employee with this problem who prefers to remain nameless, we’d like to offer what we think might be a solution: Slate web designer Holly Allen has designed a series of images intended to remind you what you’re getting into when your phone rings. Assign one as a contact photo for each of your irritating callers. Even if you don’t notice their name, you’re bound to catch sight of the picture in time to let it go to voice mail. Just make sure your contacts never notice.
For those who make you burn with rage or explode with anger:
For those who make you sick:
For those who just don’t smell right:
For those who are always on the attack:
And, lastly, for those who are truly terrifying:
Sometimes it’s best not to pick up the phone.
These Ridiculously Premature Drone Registration Services Look Like a Huge Waste of Money
When the U.S. Department of Transportation and the Federal Aviation Administration announced last month that they planned to devise and implement a national drone registration program before the end of 2015, the news prompted an obvious question: How will this work? The government did not immediately answer that question—its drone-registration task force will reportedly release its recommendations this Friday—and this lag has sparked fears that the answer to that question will be not well. According to the FAA, at least one company has already decided to prey on these concerns by offering to handle the registration process for you—for a fee.
Given that the drone registry doesn’t even exist yet and that it’s difficult to promise to expedite and ease the registration process when nobody actually knows what that process will look like, the need for such a Sherpa service is more than a little premature. The FAA apparently agrees: earlier this week, the agency advised drone users to avoid these services for the time being. “[T]here's no need [for unmanned aircraft owners] to work with a ‘drone registration’ company to help them file an application for a registration number,” the FAA counseled on Monday. “Owners should wait until additional details about the forthcoming drone registration system are announced later this month before paying anyone to do the work for them.”
The federal government definitely has a track record of overcomplicating the process of filling out forms, so it’s not crazy to imagine that registering your drone might turn out to be an arduous task. Aware of projections that suggest up to 1 million drones might be sold to recreational users this holiday season, the FAA has also said it wants the registration system in place by mid-December, adding an extremely compressed timetable to the mix. So it’s not crazy to imagine that the agency might bungle the registry’s rollout and implementation. But it just might be crazy to spend money on a service when nobody knows what that service will actually do.
And even though the drone registrations guidelines aren’t out yet, it’s probably safe to say that the whole thing won’t be particularly complex. The FAA really only needs to know three things: your name, your contact info, and some basic information about your drone. It would be very surprising if the registry is much more complicated than that. The drone registry will only be effective if compliance is easy, and the FAA knows this; the agency’s administrator, Michael Huerta, has stressed the need for a “registration process that will be simple and easy to complete.” If the registry is too complicated, no one will use it.
There are ways in which using a third-party drone registration firm might eventually make sense, I guess. Perhaps you are an eccentric millionaire who enjoys spending money on unnecessary things, like the protagonist of the film Brewster’s Millions. Maybe you have an army of drones, and you don’t have time to fill out the paperwork (though I’m guessing the paperwork won’t be your problem in that case). Perhaps the FAA will just do a really, really awful job implementing this program. Until that day comes, though, save your money.
This article is part of a Future Tense series on the future of drones and is part of a larger project, supported by a grant from Omidyar Network and Humanity United, that includes a drone primer from New America.
A Congressman Wants to Censor the Internet to Thwart ISIS’ Digital Strategy. Horrible Plan.
Everyone is concerned about how the Islamic State communicates, both in general and to orchestrate violent acts. The attacks in Paris have motivated fresh debates weighing the privacy and safety implications of digital services that encrypt communications but do not provide backdoors for law enforcement. But there is a far less complicated way to deal with both digital propoganda and clandestine communication channels: Shut them down!
The approach seemed to appeal to Rep. Joe Barton, Republican of Texas, on Tuesday during a House Energy and Commerce committee hearing. The Hill reports that Barton asked the Federal Communications Commission, "Isn't there something we can do under existing law to shut those Internet sites down?" He realized that there might be practical challenges to this plan, saying, "I know they pop up like weeds," but the potential First Amendment issues didn't seem to weigh on him until later.
In a statement Tuesday afternoon, the Washington Post reports, Barton explained that he was "in no way suggesting we shut down the Internet." And added, "I am very mindful of privacy and First Amendment issues on the Internet." FCC chairman Tom Wheeler also clarified that the agency doesn't have the authority to shut websites down.
Cutting ISIS off from digital connectivity seems to appeal to some Twitter users, though.
@JohnKerry Mr secretary is it possible to cut off internet from the region of Isis so they can't communicate,at least not through internet?— Shahram (@iravani0760) November 18, 2015
@POTUS cut off Isis ability to communicate, cell towers, electricity, internet, etc in their strongholds along with seiges— Drew Curtis (@drewcurtis65) November 17, 2015
Why can't we cut off Internet in areas where Isis are making these threatening videos? Give them no phone or Internet- do they pay bills?— Jeff Gruarin (@jeffgruarin) November 16, 2015
But as commenters in a Hacker News forum point out, "ISIS uses the same infrastructure that innocent people use across multiple countries ... They are not isolated in caves using their own infrastructure." And more generally you can see how it wouldn't be ideologically sound to censor a group that is widely condemned for ... human rights violations like censorship. Quick fixes are alluring, but usually aren't as simple as they seem.
The Most Intense El Niño Ever Observed Is Already a Worldwide Disaster
Last week, I wrote about new evidence that shows Earth’s climate system has moved into an unprecedented state over the last several months, at least since the invention of agriculture 10,000 years ago. This week, our planet doubled down—raising new concerns about adverse impacts worldwide, some of which have already begun.
El Niño—a periodic warming of the tropical Pacific Ocean—is the most immediate reason for this year’s global heat wave, but global warming has also been stashing heat in the oceans for decades now. There’s now a 99.9 percent chance that 2015 will be the warmest year on record and most likely by a wide margin.
Fresh data this week show that the current El Niño is now the most intense ever measured, at least on a weekly basis, pushing ahead of huge events in 1982–83 and 1997–98, and likely 1877–78 as well. (Ocean data from the 19th century is less reliable than that from the Space Age.) On Twitter, one federal meteorologist said the new data were so extreme, he was initially in disbelief that they were accurate.
Wow! Just updated Weekly 3.4 SST Anomaly for NIño 3.4 region has spiked to a record +3.0. pic.twitter.com/qfVkXbEPda— Jan Null (@ggweather) November 16, 2015
Broader measures of El Niño are updated only monthly or seasonally, and this El Niño is still strengthening, so we still don’t know for sure how huge it will become. But one thing’s for sure: Humanity has never before had to deal with global oceans quite like this.
“This event is playing out in uncharted territory. Our planet has altered dramatically because of climate change,” said Michel Jarraud, the secretary-general of the World Meteorological Organization, in a statement on the latest data. “This naturally occurring El Niño event and human induced climate change may interact and modify each other in ways which we have never before experienced.”
Data from NASA and the National Oceanic and Atmospheric Administration confirmed that October 2015 was the most unusually warm month ever measured, beating the previous record set just last month. Record warmth was observed on every continent and in every ocean.
For a taste of how weird last month was: Octobers have been warming by an average pace of about 0.11 degrees Fahrenheit per decade since 1880. But October 2015 broke the monthly record by 0.2 degrees, essentially fast-forwarding global warming by more than 10 years. Such a surge has never been witnessed before.
All this extra heat is having a huge effect on the planet’s ecosystems and cities, with the most acute impacts in Indonesia, where massive forest fires have made more than 500,000 people sick due to persistent smoke and haze. A spokesperson for Indonesia’s national weather service has called the fires a “crime against humanity.” In India, weak monsoon rains linked to El Niño have created food shortages. Food shortages are also expected over the coming months across East and Southern Africa, Central America, and Southeast Asia.
Earlier this summer, NOAA declared a global coral bleaching event, warning that the exceptionally warm oceans could cause permanent damage. As of this week, heat stress on coral reefs south of Hawaii moved literally off the charts:
Global warming and El Nino break another graph. Heat stress on coral reefs in the Line Islands, S of Hawaii pic.twitter.com/BypHAkWxmN— Simon Donner (@simondonner) November 17, 2015
Further north, a confused sea turtle was spotted last week in the San Joaquin River in central California—thousands of miles north of its typical range.
Though the world is a vastly different place now, millions of people died in El Niño–related famines in the 1870s, and tens of billions of dollars of economic impact were blamed on the 1997 event. The biggest achievement since then has been improved prediction. In California, officials in San Diego have declared a preemptive state of emergency to help prepare for likely heavy rains. The city of Los Angeles is stockpiling sandbags.
The impacts aren’t all bad, however: The world’s driest desert in Chile, the Atacama, has sprung to life in recent weeks thanks to unusual rains earlier this year—including a dazzling display of flowers.
Later this month, more than 100 heads of state, including President Obama, will gather in Paris to negotiate the first-ever global agreement on climate change.
Future Tense Newsletter: Digital Prophecies and Present Fears
The tragic attacks last week in Paris provided a powerful demonstration of just how central social media has become to modern life. Even as breaking news crisscrossed the world through Twitter, ordinary Parisians were using hashtags to keep each other safe. Similarly, Facebook deployed its safety check feature, allowing users to tell their networks when they were in the clear. Although Safety Check debuted in 2014, lFriday’s events marked one of its first prominent activations. Even as she praised this feature, Lily Hay Newman warned that it may be almost too effective for its own good, not least of all because the assurance it provides feels so necessary.
Meanwhile, some in the intelligence community warned that consumer-accessible encryption technologies may also be too effective, making it difficult to detect and prevent terrorism. As Marcy Wheeler pointed out, however, the “metadata dragnet” failed well before cryptography got in the way, meaning that it would have been difficult to identify encrypted communications in the first place. These developments may necessitate other approaches, such as the Good Judgment Project, a zany federal project that recruits everyday citizens to predict future events.
Jim O’Donnell, university librarian of Arizona State University, offered a different sort of prophecy at a Future Tense event last week, weaving a narrative about the library of 2100. Though not all librarians agree with his extrapolations, his story was nevertheless a compelling one. And as Elizabeth Garbee’s research into the representation of female scientists in pulp literature shows, science fiction can have sweeping real-world effects. Garbee concludes that “our stereotypical scientist needs a makeover,” as does our stereotypical computer scientist, a fact demonstrated all too plainly by the underrepresentation of women at hackathons.
Here are some of the other stories that had us motorizing our picnic tables this week:
- Pseudoscience: David Auerbach investigated facilitated communication, which claims to give voice to the disabled but actually preys on the most vulnerable.
- Quantified self: A new app lets you monitor elderly relatives’ vitals through their Fitbits (with their permission, of course).
- Self-driving cars: Will Oremus explored the paradoxical dangers of Tesla’s new autopilot. Will it make us too safe?
- Zombies: Even as truly conscious machines elude us, Adam Elkus proposed that we may be able to create artificial intelligences that resemble us in other ways.
- Join Future Tense in Washington, D.C., for a screening of October Sky hosted by Dr. France Córdova, director of the National Science Foundation, at 6:30 p.m. on Dec. 2. To attend, please RSVP to firstname.lastname@example.org with your name, email address, and any affiliation you’d like to share.
- Join Future Tense in New York on Dec. 3 at 6:30 p.m. for “Afrofuturism: Imagining the Future of Black Identity.” Click here to RSVP.
Taking my hands off the wheel,
for Future Tense
Future Tense Event: Come Watch October Sky with Dr. France Córdova in Washington, D.C.
Dr. France Córdova, director of the National Science Foundation, invites you to join her to watch October Sky. The 1999 film, which helped launch Jake Gyllenhaal’s career, is about how the Soviet Union’s Sputnik satellite triggered a new era of scientific innovation in America.* Gyllenhaal plays a West Virginia miner’s son eager to reach for the stars as a rocketeer. An inspirational tale of determination and ingenuity, October Sky captures the human side of the space age.
Future Tense and the National Science Foundation will be screening October Sky at 6:30 p.m. on Dec. 2 at Washington, D.C.'s Landmark E Street Cinema at 555 11th Street NW. This is the latest installment of our “My Favorite Movie” series, in which leaders in technology and science fields screen films they love and lead short discussions about them after.
If you would like to attend, please RSVP to email@example.com with your name, email address, and any affiliation you’d like to share. You may RSVP for yourself and up to one guest. Please include your guest’s name in your response. Seating is limited.
Correction, Nov. 18, 2015: This post originally misspelled Jake Gyllenhaal's last name.
Can This New App Use Fitbits to Transform Care for the Elderly?
Inevitably, those responsible for elderly or infirm relatives outside the home must live with a degree of uncertainty, not always confident about how and when they need to intervene. Now Care|Mind, a new smartphone app that allows its users to remotely track the vitals of their loved ones, promises to allay such worries. To begin, however, we'll have to start equipping them with Fitbits.
Developed by a company called Reassure Analytics, Care|Mind draws its data from Fitbit trackers, turning the fitness devives into de facto medical monitoring systems. It takes advantage of Fitbit’s ability to share information with paired devices over Bluetooth connections to transmit activity levels, sleep patterns, and even (with the right device) heart-rate patterns. In theory, the app can convey this information in something like real time, allowing it to send out alerts during some health crises and provide other notifications. This last capability may make it an ideal fit for cardiac patients, but the developers hope it will be adopted in elderly care more generally, especially by those with aging parents, grandparents, and other relatives who live alone.
As Hanson Chang, CEO of Reassure Analytics, pointed out to me, digital health technologies have traditionally been “geared toward a younger population.” The so-called “quantified-self” movement is easy to mock, largely because it’s not always clear what we’re actually learning when we use our smartphones to monitor calorie intake or our watches to record heart rates. Moreover, it’s a surprisingly slippery slope from tracking our footsteps to measuring the emotional lives of our pets. Though Care|Mind treads into similar, if less ridiculous, terrain, it targets those who might benefit more directly from acquiring and sharing information about their well-being.
There’s some evidence that this data exchange could make a difference. An increasingly large body of research has begun to investigate whether medical wearables can be used to treat conditions such as osteoporosis that tend to affect elderly populations. One recently published study connected Fitbit use by postmenopausal women to increased physical activity. Lisa Cadmus-Bertram, one of the authors of that study, told me by email that she believes fitness trackers can be “useful tools to work towards behavior change, particularly when combined with additional support.” And in a roundup of research into Fitbit efficacy last year, Mikel Delgado noted that the devices appear to be most helpful when users actively and consistently engage with the data they’re generating. Some research still suggests that Fitbits may not provide enough information to truly transform behaviors, but it’s still possible that Care|Mind will contribute to positive changes by involving others in the monitoring process.
Because it wanted to target the elderly, Reassure Analytics aimed to keep its product as simple as possible. Hanson told me that his company settled on Fitbit in part because of its large share of the wearables market and in part because it was a relatively simple device. By contrast, the Apple Watch and the Microsoft Band offered too many features, potentially obscuring the practical app’s functionality. In its simplicity, the Fitbit is relatively unobtrusive, making it easier to convince the less tech-savvy to incorporate it into their lives. Further, the devices can go days on a single charge, meaning it doesn’t place new burdens on its wearer. (That being said, constant Bluetooth connectivity can rapidly drain a phone’s battery, which may be an issue for some users.)
Inevitably, certain elements of Care|Mind are bound to raise concerns, most obviously around issues of privacy and security. When I brought this up, Chang explained that privacy consciousness is fundamental to the app itself. “We set up the workflow so that it requires authorization from every person who’s being monitored,” he told me. It likewise insists that the monitored give permission to anyone surveilling them. Other problems may remain, not least of all because research indicates that fitness wearables are highly vulnerable to hacking, as Lily Hay Newman reported in Slate last year.
For some, the emotional effects of the Care|Mind approach may be more troubling still. When you come to think of yourself in terms of the data you generate, falling short of your targets can be a source of frustration or shame. Constantly sharing that information with others can therefore be difficult, since it sometimes leaves you projecting an undesirable image of yourself to the world.
Aware of these issues too, Chang suggests that Reassure Analytics has tried to address them through the app’s design. In addition to the alerts it provides for crises, abnormalities, and the like, Care|Mind can notify its users when those they’re monitoring hit their targets, encouraging them to reach out or send a note of congratulation. Chang claims that the app has improved his relationship with his grandmother, who’s been using it during its trial phase. He told me that it’s inspired them to talk more often, allowing him to learn things about her and her life—not just about her health—that he’d never known or thought to ask before.
In the longer term, apps like Care|Mind may help transform various arenas of medical care. Connected to a constant glucose monitor, for example, they could allow diabetics to share blood sugar information with their endocrinologists, making it easier to develop more flexible treatment plans. While the quantified self can get a little silly, it’s possible that Reassure Analytics’ emerging model could offer something else: Call it the quantified other.
Motorized Picnic Tables Are Cruising Around Perth With Australian Police in Hot Pursuit
If driving around on motorized picnic tables isn't living the dream, I don't know what is. These friends seem to have a pretty sweet setup going: They retrofitted picnic tables to add wheels and motors. And they drive around on streets in Perth, Australia, alongside regular cars and trucks. Who wouldn't root for this? Well, local police.
On Tuesday, the Western Australia Police posted on Facebook about its investigation into the joy rides around Scarborough Beach, Perth:
Police are concerned for the safety of those riding on the tables with no protective clothing, especially when on roads alongside motor vehicles. There are overall safety concerns particularly if a traffic incident was to occur, resulting in the persons subjecting themselves to potential injury. The people using these vehicles could face a number of charges including driving an unlicensed vehicle, driving an unroadworthy vehicle and drink driving.
To that last point, Caleb Bloomer (the YouTube user who posted the video above) noted that, "These guys know what to do when you can't get a seat at the pub on a Sunday." The Washington Post rightly called the picnic tables "the latest in ride-sharing."
Commenters on the police Facebook post, which included CCTV photos of the motorized tables, seem split about the investigation. Some argued that the police should be worrying about bigger crimes, while others said that the police were right to try to intervene. One noted a potential municipal issue, "If there were more picnic tables in the city of stirling there wouldn't be a need for these."
There are all sorts of portable, motorized transportation options out there, but a picnic table is by far the most exciting way to eat some lunch and get around.