Search
Paris Turns Blue, White and Red For Victims Of Friday's Terrorist Attacks
The Eiffel Tower is illuminated in Red, White and Blue in honor of the victims of November's terrorist attacks in Paris, France. Christopher Furlong—Getty Images

This is How ISIS Communicates Online

Nov 19, 2015

Some of the world's most feared terrorist organizations are using an encrypted chat-like service known as Telegram to communicate. But that may just be the tip of the national security iceberg.

Germany-based Telegram, which was co-founded by the "Mark Zuckerberg of Russia," Pavel Durov, announced on Wednesday that it had blocked 78 ISIS-related channels across 12 languages on its service. The company says it was "disturbed" to learn that ISIS was using its platform to "spread their propaganda."

At the center of the removal, of course, are the tragic attacks on Paris that began late Friday night, leaving 129 dead and hundreds injured. Reports soon surfaced, saying that encrypted communication may have been used in connection with the attacks. The pressure on Telegram intensified earlier this week after ISIS used a Telegram account to warn its members how to safeguard themselves against a cyber war launched against it by hacking collective Anonymous.

Telegram was founded in 2013 by Durov, who is best known for founding VK, the largest European social network. Telegram allows users to send messages, photos, videos, and files of any kind to up to 200 people in so-called "channels." Private chatting is also available. What makes Telegram different than competing services like Facebook-owned WhatsApp, however, is its commitment to privacy. All messages sent through the service are fully encrypted, providing practically no way for a third party to access them. The service also includes a self-destruct feature that will let users send a message or file and have it automatically destroyed in a set amount of time.

"At Telegram we think that the two most important components of Internet privacy should be protecting your private conversations from snooping third parties, such as officials, employers, etc. [and] protecting your personal data from third parties, such as marketers, advertisers, etc.," the company writes on its FAQ page.

Telegram's message seems to have resonated. Two years after its launch, Telegram announced in August that it was delivering 10 billion daily "telegrams" between users.

ISIS Tries Out Telegram

At some point, ISIS and other militant groups found a happy home on Telegram. While ISIS had been using Twitter (twtr) for propaganda and other communication, the militant group was found to have moved much of its communication to Telegram in the last several months. The Middle East Media Research Institute issued a study at the end of October, saying that ISIS, along with Al-Qaeda in the Arabian Peninsula (AQAP), had been using Telegram's "secure" service to communicate sensitive information between their members.

"Content shared on Telegram channels goes beyond the mere re-posting of jihadi groups' propaganda, and includes tutorials on manufacturing weapons and launching cyberattacks, calls for targeted killing and lone-wolf attacks, and more," the study claimed. "Some channels, such as those belonging to ISIS, show various levels of coordination among them, even using bots to aid their efforts."

While Telegram says that it may remove illegal content posted to channels, bots, or other "publicly available" places on its service, the company's FAQ page says it has not, and will not, remove private chats.

"All Telegram chats and group chats are private territory of their respective participants and we do not process any requests related to them," the FAQ site says in response to a question asking how Telegram handles illegal content.

Telegram did not respond to a request for comment on this report.

MORE: Anonymous Declares Cyber War on ISIS

ISIS's use of Telegram, among other encrypted communications, is part of the organization's increasingly tech-savvy focus, experts say.

"ISIS has been focusing very heavily on understanding and developing offensive cyber capabilities and understanding technology," says David Kennedy, CEO of information-security firm TrustedSec and a former NSA hacking instructor. "What’s different about this organization versus other groups such as Al-Qaeda is they are very tech savvy and use modes of communication that facilitate secure communications."

Ben FitzGerald, director of the technology and national security program at the Center for a New American Security, says while it's "hard to know for certain what ISIS discusses on Telegram," the group appears to have stringent rules on how to use such services.

"It appears that they maintain strong operational security (OPSEC) even when using encrypted communications," he says. "They would therefore be sending short messages sharing logistical information, updates on their operations and coordinating their actions."

Fred Cate, a cybersecurity expert and professor at Indiana University, says the allure of Telegram is that it goes beyond simple encryption. He believes that ISIS in part chose the service because it may have been a relatively unknown platform and based outside the U.S.

"At least until recently, Telegram was less well known and therefore likely subject to less scrutiny by intelligence agencies," Cate says. "Another possible reason is that, unlike Facebook (fb), Telegram isn’t based in the U.S. and therefore might be less likely to cooperate with U.S. or western authorities."

The Fight Against Encryption

Although the U.S. government has not tapped Telegram as a potentially dangerous service, law enforcement officials have railed against encryption for years.

In Oct. 2014, FBI director James Comey made his most impassioned argument against data encryption. Speaking at the Brookings Institution last year, Comey said that while his agency may have "the legal authority to intercept and access communications from information pursuant to court order," it often lacks "the technical ability to do so."

His comments came as part of a broader debate over the balance between law enforcement and privacy. Both Apple (aapl) and Google (goog) have encrypted messaging communications between their platforms. So, if a person were to use Apple's iMessage on a Mac or iOS-based device and send something to another iMessage user, the content would be fully encrypted. On several occasions this year, Apple CEO Tim Cook said that not even Apple may retrieve the key that would unlock the encryption and allow law enforcement officials to see the message. The result is an entirely private conversation between individuals that Comey and others say could harm national security.

Several U.S. government departments declined to comment on this report.

MORE: ISIS Calls Anonymous 'Idiots' as Cyber War Heats Up

With more than 1 billion phones in the world and the vast majority of those running iOS and Android, experts say, it's entirely possible that encrypted communications are ongoing with few chances for governments to see their contents.

Although there has been a steady drumbeat on Capitol Hill to modify encryption laws and Comey continues to argue that encryption is a national threat, calls for an end to encryption have only intensified since the Paris attacks. Lawmakers and law enforcement officials say that encryption-based technology makes it too easy for criminals and terrorists to do what they want.

Privacy advocates argue, however, that the issue is overblown. Indeed, they say that whether messages are encrypted or not, criminals will always find a way to communicate outside the prying eyes of government. Encryption, those folks argue, provides for the privacy of law-abiding individuals who desire free speech and want to know that their information isn't being monitored.

"The challenge is that powerful software, in this case encrypted communication systems, is no longer controlled only by government agencies," says FitzGerald. "Widely available encrypted software certainly makes the intelligence community's job more difficult but terrorist groups have always found ways to communicate and will continue to do so regardless of whether they use encryption or not."

Cate adds that even if governments tried to take down encryption-based platforms, it's impossible to find them all. What's more, encrypted services like Telegram and iMessage offer another benefit: They may help people in "repressive governments" speak freely.

"New tools are being created all the time, so this creates an added challenge for intel and law enforcement agencies," Cate says. "They may figure out a way to bypass or infiltrate one of these tools, only to have the organization or key members switch to another. But encryption tools like Telegram also let people evade repressive governments. It’s a double-edged sword."

Another Way to Do Battle

So, perhaps there is another way to fight dangerous foes.

Anonymous, the hacking collective that has launched a cyber war against ISIS, has taken its own tack over the last several days. The group has removed thousands of alleged ISIS-related Twitter accounts, started to scrub Telegram channels allegedly tied to the militant group, and has targeted everything from ISIS-owned websites to e-mails. While Anonymous is technically not working within traditional law enforcement rules, Kennedy, who was formerly a member of the Marine Corps cyberwarfare unit, argues something may be learned from Anonymous-like techniques.

"There are ways to circumvent encryption, such as human intelligence and signal intelligence," he says. "The government may also have to take a more aggressive stance with its cyber operations. It may have to use Trojans, man-in-the-middle, sinkholes, brute-forcing, and forensic techniques like cold booting to bypass encryption. We should be talking about ways to lessen the red tape for these types of operations against targeted suspects, rather than removing privacy protections altogether."

Cate, too, believes the U.S. government may find other ways around the issue of encrypted communication.

"There are many avenues the U.S. government can pursue, from breaking the encryption protecting ISIS communications to bringing political pressure to bear on Telegram to block at least public channels used for ISIS communications," Cate says. "The U.S. government can work directly and through other friendly governments, such as Germany’s."

Still, if anything is clear, it's that the Internet has become a useful tool for militant groups. And it may be their use of the web that is posing one of the greatest threats to the security of people both in the U.S. and abroad.

"Sometimes, the increased reliance by terrorists on the Internet can be an advantage, especially when governments crack the communications and then monitor them," Cate says. "Other times, of course, the Internet increases the power of terrorists to communicate, at least temporarily, without detection. Over the past year, we have seen ISIS use the Internet as a powerful tool for recruiting, and this may pose the most immediate threat to national security."

For more Fortune coverage of ISIS and Anonymous, watch this video:

Sign up for Data Sheet, Fortune’s daily newsletter about the business of technology.

All products and services featured are based solely on editorial selection. FORTUNE may receive compensation for some links to products and services on this website.

Quotes delayed at least 15 minutes. Market data provided by Interactive Data. ETF and Mutual Fund data provided by Morningstar, Inc. Dow Jones Terms & Conditions: http://www.djindexes.com/mdsidx/html/tandc/indexestandcs.html. S&P Index data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved. Terms & Conditions. Powered and implemented by Interactive Data Managed Solutions