A new 24-page cybersecurity magazine for ISIS supporters walks jihadists through step-by-step security for smartphones — while encouraging them to use a computer instead for more secure terror-related business — and warns of “nightmare” Windows collecting user data from geolocation to browsing history.
The inaugural issue of “The Supporter’s Security,” published in English and Arabic versions, was produced by the Electronic Horizons Foundation, which launched in January 2016 as an IT help desk of sorts to walk ISIS supporters through how to encrypt their communications and otherwise avoid detection online while coordinating with and recruiting jihadists.
“It is time to face the electronic surveillance, educate the mujahideen about the dangers of the Internet, and support them with the tools, directives and security explanations to protect their electronic security, so that they don’t commit security mistakes that can lead to their bombardment and killing,” the group said in its founding announcement.
The EHF publishes a weekly cybersecurity bulletin consisting of a handful of headlines pulled from tech news publications, including topics ranging from data breaches to Google and Windows vulnerabilities. The group has also released a series of print and video tutorials covering a range of mobile security and dark-web how-tos.
The new magazine notes that “supporters rely on computers for media work and publishing, starting with design, montage, programming and publishing on social networks, communication, coordination and management of work, and the most popular operating systems that supporters use is Windows developed by Microsoft, which is a security nightmare as it collect all your data, and sends it to Microsoft.”
ISIS supporters are urged to use alternate operating systems such as Qubes, Tails or Whonix. EHS follows this advice with two pages of detailed Whonix system installation instructions.
The magazine laments that tech development is “led by polytheists” and “they have the upper hand of it, they work their efforts day and night to use it against the religion of Allah, and humiliate the Muslims, so that they become under their control and mercy, and move under their surveillance.”
Islam “has obligated in such a case that Muslims should learn and prepare what strengthens them,” the EHF argues, and “one of the most important tools of our time is Information technology.”
“Some of it needs specialization and long study, and some of it needs some serious attention, and Muslims are in such big need for both of them, the need is urgent,” the group adds. ” …We are inside a fierce war, our sites and accounts in social media got deleted because the intelligence services realize the danger of Muslims gaining security awareness, which will make it difficult to track them and cut off the ways for them to arrest the monotheists, but we do not leave this field, Allah willing, until Allah decides what needs to be done.”
The magazine begins with a lengthy assessment of the pros and cons of smartphone use, with the former limited to cost and accessibility and the latter being that “the Mujahideen started to use smartphones to communicate, publish, plan and work without knowing the real security risks they face.”
“The Mujahideen have been warned more than once about the danger of smartphones, which led to the arrest of many brothers due to the security negligence, so you must realize as a supporter of the truth that the security measures that need to be applied for you are completely different from the security measures used by anyone else,” the article states. “Understand the security threats facing you and how to choose the appropriate tools and methods to conduct your business and bypass electronic control, which includes every device connected to the Internet or cellular networks now.”
EHF walks through various operating systems for Android in their setup guide, pages of graphics detailing what settings to use on both Android and iPhone to better secure their communications. “Good iOS security starts with having a really strong passcode,” the group advises. “If this is something that’s easily guessable then everything else you do is pretty much pointless.”
The writers acknowledge that choosing the right smartphone can be confusing for a jihadist, thus let readers know they can “contact us via technical support accounts to guide you to the phone that is suitable for you.”
The ISIS cyber group also highlights “wrong security practices” including browsing the internet without Tor or VPN, downloading apps from third-party sources, failing to encrypt the device or storage devices, neglecting to install security updates, failing to use fake credentials on social media, and using social media via apps instead of logging on through a browser. Jihadists are also warned against opening potentially malicious links that can open them to a security breach.
“You must trust the underlying operating system running the program,” EHF says. “The tasks of the program are limited to what the operating system tells it to do, so you must trust that the operating system prevents leaks of the tasks you are working on for anyone else.”