Support 100 years of independent journalism.

  1. Science & Tech
22 March 2016

Burner phones and mysterious encryption: how is Isis communicating now?

One thing’s for sure: not everything is being intercepted.

By Barbara Speed

In the wake of today’s terror attacks in Brussels, for which Isis has now claimed responsibility, anti-EU voices in the UK have already piped up to say that unregulated movement throughout Europe is allowing these kinds of attacks to take place.

Yet in a digital world, tracking individuals’ movements and their likelihood of carrying out a terror attack has a lot less to do with their passport than it does with their phone. The Brussels attack was coordinated across different locations and by different perpetrators, and, as Shiraz Maher wrote for us earlier today, they suggest that there is a strong network of Isis members operating in Belgium. So why weren’t communications about the planned attacks intercepted? What technology is Isis using to communicate?

Thanks to a private French police report obtained by the by the New York Times about the operations of the Paris attackers, we may now have some idea. While the attacks also had their differences, what follows is the latest information we have on how Isis cells in western countries were operating and communicating at the end of last year. 

Burner phones and stolen phones 

Security services are pretty good at tracking phones, but this relies on them knowing which phones to track. Reports from the Paris attacks suggest that attackers at the Bataclan nightclub threw away a Samsung phone outside the venue, which had been activated only the day before and contained maps of the club’s floorplan.

When police raided an apartment where Abdelhamid Abaaoud, who lead the assaults, was staying, they found further boxes of phones, which would presumably have been used in a similarly disposable way.

Sign up for The New Statesman’s newsletters Tick the boxes of the newsletters you would like to receive.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy

During the hostage situation at the Bataclan, the attackers also took cellphones from the hostages in order to try and get onto the internet. As the New York Times notes, while Isis members in 2014 and 2015 were sloppy and sent unencrypted messages which were then intercepted, 

….the three teams in Paris were comparatively disciplined. They used only new phones that they would then discard, including several activated minutes before the attacks, or phones seized from their victims.

Encryption – but not as we know it

What was odd about the phones found by investigators was that none of them had any electronic messages on them whatsoever. This implies that the attackers had some other way of exchanging information which didn’t rely on email, or recognisable apps like Whatsapp.

During the Bataclan raid, according to a hostage, one of the attackers “pulled out a laptop” and turned it on to show a “line of gibberish”:

It was bizarre — he was looking at a bunch of lines, like lines of code. There was no image, no Internet.

Experts believe that this implies Isis is using encryption software to send messages which would be difficult for security services to intercept and decrypt.

Silence 

The use of disposable phones (most of which were not even connected to email accounts) and refusal to use any method of communication for long show that the network operating out of Brussels is aware that silence is the best defence. If no communication is sent, none can be intercepted. 

From this, we can take two things: first, that panic over the encryption of Whatsapp messages or mainstream websites is misplaced. And second, that western Isis cells seem to be far ahead of our security services in terms of their communication tactics.