A new report by the US security firm Flashpoint has highlighted the extent to which VPNs are being used by ISIS and other pro-jihadist groups in an effort to evade online detection from law enforcement agencies.
The report, which is entitled “Tech for Jihad: Dissecting Jihadists’ Digital Toolbox” has been produced through analysis of the content and forums on the dark web. And it indicates there is a growing technical understanding of how VPNs work and how they can be put to good use.
Back in 2012, Flashpoint, which specializes in analyzing dark web content and trends, first found references to VPNs on jihadi sites. Initially, this was an al-Qaeda site which was encouraging users to make use of CyberGhost VPN to ensure all their communication was encrypted.
But since these early recommendations, the references to VPNs has grown rapidly and now also includes critiques of the pros and cons of different services and even manuals and guides on how to put them to use.
For example, in 2014, it was established on another jihadi forum that CyberGhost VPN did not change a computer’s hard disk serial number and this was a vulnerability that could be exploited by law enforcement agencies to identify users.
At the present time, it seems that the most popular VPN for jihadists is Opera, which includes a ‘free’ VPN service. (It remains to be seen if the sale of Opera to a Chinese consortium will be seen as a problem for ISIS supporters too).
As well as not costing any money, one of the appeals of Opera is that it works well with Android mobile devices, which are particularly popular in the Middle East and other developing nations.
It should be noted that VPNs are not the only legal and legitimate online privacy tool that jihadists are exploiting. The report also highlights encrypted email services, messaging apps, and secure browsers as being in common use.
The report is likely to add further fuel to the debate over encryption and whether back-door access should be made available for use by law enforcement agencies. This will, of course, be no solution to the problem though because, as the report highlights, jihadists are very aware of any vulnerabilities in technology and will simply move on to another service if one becomes insecure.
And of course, just because a tool can be used for illegal and undesirable means doesn’t mean it should be clamped down on. People can still go into a shop and buy a knife, even though it could be used to commit a horrible crime.
The overwhelming majority of VPN users employ the service to enhance their own online privacy and protect themselves from cyber-criminals. VPN use is recommended by many online security professionals as an essential cyber-security tool.
Online privacy is a right we should all be entitled to. This has recently been confirmed by the UN Human Rights Council. But since 9/11, security is all too often being used as an excuse to undermine this.
The privacy vs security debate is a false premise, though, and this report should not be seized upon as an excuse to attack VPNs, but rather used as a vital piece of intelligence in the ongoing battle against terrorism.