Google has Known Your Every Move for Years

The surveillance state continues. Google is widely accepted by internet and smart phone users as the ‘go-to’ application while few understand the historical implications of what Google knows about each user. Reading terms of services with each update is key to explaining how intrusive Google and Windows 10 is, so this begs the question, is this a good thing? Have you been told and read the facts on the collaboration between Google and the Federal government? Perhaps it is a good time to being your own research.

How Law Enforcement Can Use Google Timeline To Track Your Every Move

by Jana Winter:

THE RECENT EXPANSION of Google’s Timeline feature can provide investigators unprecedented access to users’ location history data, allowing them in many cases to track a person’s every move over the course of years, according to a report recently circulated to law enforcement.

“The personal privacy implications are pretty clear but so are the law enforcement applications,” according to the document, titled “Google Timelines: Location Investigations Involving Android Devices,” which outlines the kind of information investigators can now obtain.

The Timeline allows users to look back at their daily movements on a map; that same information is also potentially of interest to law enforcement. “It is now possible to submit a legal demand to Google for location history greater than six months old,” the report says. “This could revitalize cold cases and potentially help solve active investigations.”

The report was written by a law enforcement trainer, Aaron Edens, and provides detailed guidance on the wealth of historic location information available through Google Timeline and how to request it. A copy of of the document was obtained by The Intercept.

The expansion of Google’s Timeline feature, launched in July 2015, allows investigators to request detailed information about where someone has been — down to the longitude and latitude — over the course of years. Previously, law enforcement could only yield recent location information.

The 15-page document includes what information its author, an expert in mobile phone investigations, found being stored in his own Timeline: historic location data — extremely specific data — dating back to 2009, the first year he owned a phone with an Android operating system. Those six years of data, he writes, show the kind of information that law enforcement investigators can now obtain from Google.

The document also notes that users can edit or delete specific locations in their history, or an entire day, stressing the importance of preservation letters for criminal investigators involving Android phones. “Unfortunately, Google has made it very easy to delete location history from a specific date,” he wrote.

There is no indication data is recoverable from Google once it has been deleted by the user, the report says.

Location data is only stored in users’ Google accounts if they enable the feature. Individual Android users can turn it off, but users often don’t.

The ability of law enforcement to obtain data stored with privacy companies is similar — whether it’s in Dropbox or iCloud. What’s different about Google Timeline, however, is that it potentially allows law enforcement to access a treasure trove of data about someone’s individual movement over the course of years.

The report also advises investigators to remember there is a significant amount of other information retained by Google.

“Consider including Gmail, photos and videos, search history, contacts, applications, other connected devices, Google Voice and Google Wallet, if they are relevant to the investigation,” the report suggests. Investigators are also advised to include a non-disclosure order with their search warrants for Google data, which prevents the company from notifying the account holder that their data is being provided to law enforcement.

It’s impossible to know how many of these requests for historic Timeline location information have been made by law enforcement, since Google does not specify what types of requests it gets from law enforcement. Google’s transparency report provides information on the number of requests received from law enforcement, and the most recent requests go up to the end of 2014 and do not cover the time period after the expanded Timeline was launched. (In the first half of 2014, Google received 12,539 criminal legal requests in the U.S. and in the second half it received 9,981.)

The major barrier law enforcement faces is that Google does not provide any additional advice or help on deciphering data, once it is turned over under subpoena or warrant. “Based on conversations with other law enforcement investigators and prosecutors, they have resisted attempts to bring them into court to discuss the issue,” Edens wrote.

“Google does not provide expert witness testimony,” Edens said in response to The Intercept’s questions, noting that this is a similar practice to that of other companies, like Facebook. His report, he added, was written to help law enforcement in the absence of assistance from Google.

“Google has always been wary of any perceived cooperation with law enforcement, even before [Edward] Snowden,” he said.

“We respond to valid legal requests, and have a long track record of advocating on behalf of our users,” a Google spokesperson told The Intercept.

Research: Micah Lee

[Update: In an email, the Google spokesperson notes that the company requires a warrant to obtain detailed user data, such at that available in Timeline. “A subpoena,” the  spokesperson writes, “is not and has never been sufficient to get it.” The article has been updated to reflect this.]

Hillary DID Sign the NDA

The FBI is still investigating Hillary yet some interesting items continue to surface and even perhaps be leaked.

Remember when Jen Psaki at the State Department said she did not know whether Hillary signed the appropriate documents on protecting classified material? Heh, well low and behold, Hillary did as is evidenced below.

Hillary Clinton's SCI Nondisclosure Agreement

Thanks to FreeBeacon and DailyMail: Hillary signed State Department contract saying it was HER job to know if documents were classified top secret, and laid out criminal penalties for ‘negligent handling’

  • Clinton signed ‘Sensitive Compartmented Information Nondisclosure Agreement’ on her second day at the State Department
  • It says she was personally responsible for determining if sensitive documents in her possession were classified at the highest level
  • Spelled out criminal laws under which she could be prosecuted
  • Hillary has said on the campaign trail that top-secret classified info found on her private email server wasn’t classified originally and it wasn’t her job to know better 

 

 

Hillary Clinton‘s claim that she was unaware top secret documents on her private email server were highly classified took a hit on Friday, with the revelation of a State Department contract she signed in 2009.

The ‘Sensitive Compartmented Information Nondisclosure Agreement,’ which Clinton inked during her second day as Secretary of State, declared that she was personally responsible for determining if sensitive documents in her possession were classified at the government’s highest level.

‘I understand that it is my responsibility to consult with appropriate management authorities in the Department … in order to ensure that I know whether information or material within my knowledge or control that I have reason to believe might be SCI.’

SCI – Sensitive Compartmented Information – is the highest level of ‘top secret’ classification, applying to information so sensitive because of the sources and methods used to obtain it that it can only be viewed in a special room, hardened against electronic eavesdropping, constructed for that purpose. The agreement Clinton signed in 2009, which warns against ‘negligent handling’ of state secrets, conflicts with her more recent positions on the presidential campaign trail.

Clinton has said none of the hundreds of classified documents found among emails on her unsecured server were classified at the time she sent or received them, and suggested that without a marking from intelligence officials, she wasn’t expected to know what is classified.

The libertarian Competitive Enterprise Institute think-tank obtained the document with Hillary’s signature, which the State Department declassified on Thursday, and gave it to the conservative Washington Free Beacon.

‘I have been advised that the unauthorized disclosure, unauthorized retention, or negligent handling of SCI by me could cause irreparable injury to the United States or be used to advantage by a foreign nation,’ the agreement Clinton signed states.

The U.S. Intelligence Community’s inspector general has said two of the Clinton emails released by the State Department so far in complying with a federal judge’s order contained SCI-level information, and had to be sanitized by experts before they could be published.

A spokesman for Hillary’s presidential campaign did not respond to DailyMail.com’s request for comment on Friday.

But the text of the agreement spells out plainly that Clinton agreed she was responsible for seeking help if she wasn’t clear about what was classified at the SCI level.

It also spelled out what might happen if she broke the terms of the contract.

‘I have been advised that any breach of this Agreement may result in my termination of my access to SCI and removal from a position of special confidence and trust requiring such access,’ the agreement reads, ‘as well as the termination of my employment or other relationships with my Department of Agency that provides me with access to SCI.’

‘In addition,’ she agreed, ‘I have been advised that any unauthorized disclosure of SCI by me may constitute violations of United States criminal laws, including provisions of Sections 793, 794, 796, and 952, Title 18, United States Code; and of Section 783(b), Title 50, United States Code.’

‘Nothing in this Agreement constitutes a waiver by the United States of the right to prosecute me for any statutory violations.’

Government officials who sign the same document Clinton signed acknowledge ‘agree that I shall return all materials that may have come into my possession or for which I am responsible because of such access, upon demand by an authorized representative of the United States Government or upon the termination of my employment.’

Clinton never returned her email server to the federal government. She housed it in her Chappaqua, New York home while she was America’s top diplomat, and then moved it when she left the Obama administration – entrusting it to a Colorado company that was not cleared to handle SCI-level documents.

The State Department acknowledged in September that Clinton’s home-brew server also was never authorized to handle such information.

The FBI is currently investigating Hillary’s email mess, in an information dragnet that has also roped in her former chief of staff Cheryl Mills and current top campaign aide Huma Abedin.

Both of those women also signed the DCI nondisclosure agreement.

*** One more thing, there were at least 5 attempts, perhaps even successful by the Russians hacking into Hillary’s emails.

Shake Your Head at This DoJ Case, Netcracker

Ever wonder where the NSA was on this? Ever wonder where the background check was for Netcracker as a bona fide government contractor? More fleecing that several people in the decision chain approved this.

USDOJ: Netcracker Technology Corp. and Computer Sciences Corp. Agree to Settle Civil False Claims Act Allegations  (The spin in this statement is in full testimony of how things operate in the Federal government, meanwhile the risk, well frankly the treasonous decision is epic.

 

Pentagon Farmed Out Its Coding to Russia

By Patrick Malone, Center for Public Integrity

The Pentagon was tipped off in 2011 by a longtime Army contractor that Russian computer programmers were helping to write computer software for sensitive U.S. military communications systems, setting in motion a four-year federal investigation that ended this week with a multimillion-dollar fine against two firms involved in the work.

The contractor, John C. Kingsley, said in court documents filed in the case that he discovered the Russians’ role after he was appointed to run one of the firms in 2010. He said the software they wrote had made it possible for the Pentagon’s communications systems to be infected with viruses.

Greed drove the contractor to employ the Russian programmers, he said in his March 2011 complaint, which was sealed until late last week. He said they worked for one-third the rate that American programmers with the requisite security clearances could command. His accusations were denied by the firms that did the programming work.

“On at least one occasion, numerous viruses were loaded onto the DISA [Defense Information Systems Agency] network as a result of code written by the Russian programmers and installed on servers in the DISA secure system,” Kingsley said in his complaint, filed under the federal False Claims Act in U.S. District Court in Washington, D.C., on March 18, 2011.

Asked to confirm that the Russians’ involvement in the software work led to the presence of viruses in the U.S. military’s communications systems, Alana Johnson, a spokeswoman for the Defense Information Systems Agency, declined to answer on the grounds that doing so could compromise the agency’s “national security posture.”

“It’s something that we take very seriously,” Johnson said in a telephone interview on Tuesday. “The Department of Defense’s posture on cybersecurity ultimately affects national security.”

Kingsley first told a Defense Information Systems Agency official on Jan. 10, 2011, that Russians had been doing computer programming for Massachusetts-based NetCracker Technology Corporation under a federal contract, through an arrangement that corporate officials referred to as its “Back Office,” he said in his complaint. He said the work had been done in Moscow and elsewhere in Russia.

The DISA official confirmed that the practice of outsourcing the work to employees in Russia violated both the company’s contract and federal regulations that mandate only U.S. citizens with approved security clearances work on classified systems, Kingsley’s complaint said.

On Monday, NetCracker and the much larger Virginia-based Computer Sciences Corporation—which had subcontracted the work—agreed to pay a combined $12.75 million in civil penalties to close a four-year-long Justice Department investigation into the security breach. They each denied Kingsley’s accusations in settlement documents filed with the court.

The agency’s inspector general, Col. Bill Eger, who had investigated Kingsley’s allegations, said the case was a good example of how his office combats fraud. In a separate statement released Monday, Channing D. Phillips, the U.S. Attorney for the District of Columbia, said that “in addition to holding these two companies accountable for their contracting obligations, this settlement shows that the U.S. Attorney’s Office will take appropriate measures necessary to ensure the integrity of government communications systems.”

The $22 million contract the companies were working on dates from 2008, when the Pentagon first asked Computer Sciences Corporation to fortify and administer the computer networks of the Defense Information Systems Agency. The agency supports battlefield operations by running communication systems that enable soldiers, officers, and coalition partners to communicate in secret.

Computer Sciences Corporation collected a total of $1.5 billion from the Pentagon in fiscal year 2014, according to the Federal Procurement Data System. The work at the heart of this case was part of a $613 million contract between the Defense Information Systems Agency and the corporation. Netcracker, which has done direct work for the Air Force and the General Services Administration, worked as a subcontractor on the deal.

In his complaint, Kingsley asserted that Computer Sciences Corporation executives knew about Netcracker’s work in Russia. But a corporation spokeswoman, in a written statement, denied it. “[Computer Sciences Corporation] believes it is as much a victim of NetCracker’s conduct as is our [Defense Information Systems Agency] customer and agreed to settle this case because the litigation costs outweigh those of the settlement,” Heather Williams wrote. “Security is of the utmost importance” to the corporation, she wrote.

Kingsley also said in his whistleblower complaint that when he questioned NetCracker’s general counsel about the propriety of the arrangement, the counsel assured him nothing was wrong. When he asked the company’s board of directors for permission to discuss the Russians’ participation with the Defense Information Systems Agency, his “requests were rebuffed,” he said in the complaint.

The next day, in an email to the board of directors at NetCracker Government Services, the company’s general counsel characterized Kingsley’s conversation with the government official as an “unscheduled, one-on-one meeting” that ended with a “vitriolic rampage” and left the Defense Information Systems Agency officer with the impression that Kingsley was a “lunatic,” according to Kingsley’s complaint. Kingsley said in his complaint that this description of the meeting was incorrect and intended to hurt Kingsley’s reputation with the company’s other board members.

Joanna Larivee, a spokeswoman for Netcracker, responded with a written statement that it “has cooperated fully with the Department of Justice throughout its review of this matter and explicitly denies liability for any wrongdoing. We have always taken responsible steps to ensure that best practices are deployed when managing client information and that NetCracker is compliant with the terms of our contracts. We have decided that it is in the best interest of all stakeholders to settle the matter.”

Of the total fines, NetCracker agreed to pay $11.4 million while the Computer Sciences Corporation agreed to pay $1.35 million. Under the False Claims Act, Kingsley’s share of the settlement is $2.3 million, according to the Justice Department.

Kingsley did not respond to a phone message left at his home in Fairfax, Virginia, on Tuesday. His lawyer, Paul Schleifman, said Kingsley spoke up about the Back Office in Russia because he was worried that it could harm national security. “[Kingsley] believes that his obligation is to the United States first,” Schleifman said, “not to his pocket.”

The settlement agreement leaves the door open for the Justice Department to pursue criminal charges based on Kingsley’s allegations. A Justice Department spokeswoman did not respond before deadline when asked whether any such charges are expected.

 

Iran: Death to America, Back ‘Atcha’ Iran

 Iran’s hardliners mark hostage anniversary with ‘infiltration’ warning

Reuters: Thousands of Iranians rallied to celebrate the anniversary of the 1979 hostage-taking at the U.S. embassy on Wednesday, as hardliners alleged Western “infiltration” following a landmark nuclear deal with world powers.

President Hassan Rouhani, however, in remarks highlighting division between moderates and hardliners, criticised the arrest of at least two journalists, the latest in a series of detentions also including dissident writers and artists.

“We should not arrest people without reason, making up cases against them and say they are a part of an infiltration network,” Rouhani told a cabinet meeting.

Demonstrators gathered in front of the abandoned U.S. Embassy in Tehran chanting “death to America” and urging Iran’s foreign minister and chief nuclear negotiator, Mohammad Javad Zarif, “Don’t trust the Americans.”

The U.S. embassy was sacked by students in the early days of the Islamic Revolution in 1979. The ensuing U.S. hostage crisis lasted 444 days and Washington and Tehran have yet to restore diplomatic ties.

Some protesters dragged a coffin marked “Obama” through the street while others carrying long balloons representing Iran’s latest ballistic missile, which was tested in October in defiance of a United Nations ban.

It is about time to terminate the Iran nuclear agreement and to declare a new adversarial front against Iran. The reasons are countless, one reason is above and the other is below.

U.S. Officials: Iranian Cyber-Attacks, Arrest of Americans May Be Linked

U.S. officials believe that the increasing number of hacking attacks carried out this past month by Iran’s Islamic Revolutionary Guard Corps (IRGC) against American government personnel may be linked to the arrests of American-Iranian citizens by the regime, The Wall Street Journal reported (Google link) Thursday.

The Islamic Revolutionary Guard Corps, or IRGC, has routinely conducted cyberwarfare against American government agencies for years. But the U.S. officials said there has been a surge in such attacks coinciding with the arrest last month of Siamak Namazi, an energy industry executive and business consultant who has pushed for stronger U.S.-Iranian economic and diplomatic ties.

Obama administration personnel are among a larger group of people who have had their computer systems hacked in recent weeks, including journalists and academics, the officials said. Those attacked in the administration included officials working at the State Department’s Office of Iranian Affairs and its Bureau of Near Eastern Affairs.

“U.S. officials were among many who were targeted by recent cyberattacks,” said an administration official, adding that the U.S. is still investigating possible links to the Namazi case. “U.S. officials believe some of the more recent attacks may be linked to reports of detained dual citizens and others.”

At the time of his arrest, the IRGC seized Namazi’s computer.

According to the Journal, friends and associates of Washington Post reporter Jason Rezaian were similarly targeted following his arrest last year.

Associates of Namazi say that the IRGC, which is believed to be responsible for his arrest and which reports directly to Iranian Supreme Leader Ayatollah Ali Khamenei, is using the cyber-attacks to help “build a false espionage case” against him.

Last month, the Journal reported that a cyber-security company, Dell Secureworks, had identified a scheme where Iranian hackers had set up false LinkedIn accounts in order to learn sensitive information from the defense and telecommunications sectors. In August, it was reported that Iran was targeting political dissidents living abroad with cyber-attacks.

Earlier this year, The New York Times revealed that the United States had enlisted the help of its allies, including Britain and Israel, to confront the escalating Iranian cyber-attacks.

A report released in 2014 by cyber-security firm Cylance highlighted Iran’s growing cyber-terror capabilities, including “bone-chilling evidence” that its hackers had taken control of gates and security systems at airports in South Korea, Saudi Arabia, and Pakistan.

Iran’s cyber-attacks are not just directed at other countries and individuals abroad, but also its own citizens. Massive attacks on Iranian Google accounts were detected prior to the presidential election two years ago as part of a broader crackdown on dissent.

In Iran Has Built an Army of Cyber-Proxies, published in the August 2015 issue of The Tower Magazine, Jordan Brunner examined how Iran became one of the world’s leading forces in cyber-warfare:

Iran is adept at building terrorist and other illicit networks around the world. Its cyber-capabilities are no different. It uses the inexpensive method of training and collaborating with proxies in the art of cyber-war. It may also have collaborated with North Korea, which infamously attacked Sony in response to the film The Interview. It is possible that Iran assisted North Korea in developing the cyber-capability necessary to carry out the Sony hack. While acknowledging that there is no definite proof of this, Claudia Rosett of the Foundation for Defense of Democracies raised the question in The Tower earlier this year.

More importantly, Iran is sponsoring the cyber-capabilities of terrorist organizations in Lebanon, Yemen, and Syria. The first indication of this was from Hezbollah. The group’s cyber-activity came to the attention of the U.S. in early 2008, and it has only become more powerful in cyberspace since then. An attack that had “all the markings” of a campaign orchestrated by Hezbollah was carried out against Israeli businesses in 2012.

Lebanon’s neighbor, Syria, is home to the Syrian Electronic Army (SEA), which employs cyber-warfare in support of the Assad regime. There are rumors that indicate it is trained and financed by Iran. The SEA’s mission is to embarrass media organizations in the West that publicize the atrocities of the Assad regime, as well as track down and monitor the activities of Syrian rebels. It has been very successful at both. The SEA has attacked media outlets such as The Washington Post, the Chicago Tribune, the Financial Times, Forbes, and others. It has also hacked the software of companies like Dell, Microsoft, Ferrari, and even the humanitarian program UNICEF.

The group has carried out its most devastating cyber-attacks against the Syrian opposition, often using the anonymity of online platforms to its advantage. For example, its hackers pose as girls in order to lure opposition fighters into giving up seemingly harmless information that can lead to lethal crackdowns. The SEA’s sophisticated use of cyberspace developed in a very short time, and it is reasonable to infer that this was due to Iranian training. Iran has long supported the ruling Assad regime in Syria and would be happy to support those who support him.

In recent months, a group called the Yemen Cyber Army (YCA) has arisen, hacking into systems that belong to Saudi Arabia. The YCA supports the Houthi militia, which is fighting the Yemenite government and the Saudis; the Houthis are, in turn, supported by Iran. Thus far, the YCA has attacked Saudi Arabia’s Foreign, Interior, and Defense Ministries. They have also hacked the website of the Saudi-owned newspaper Al-Hayat. Messages from the group indicate that they are sponsored by Iran, and might even be entirely composed of Iranians.

Telegram App Moves Terror Money Globally

Mixing the good with the bad. Founderscode.com has previously posted about Telegram, the phone app, where Islamic State was using it for communications due to end to end encryption. Today, TRAC Insight took a deeper dive. A recommendation to smart phone users, think twice about using this app.

TRAC Insight: Massive Migration to Telegram, the new Jihadist Destination

October 30, 2015 from TRAC Insight
Submitted by

Veryan Khan
Brian Watts
Bethany Rudibaugh
Cat Cooper

 

Introduction

The roller coaster of social media suspensions and removed jihadi content is well documented. However, the jihadis’ struggle to keep up with the relentless suspensions and removal of jihadi social media content, may have finally run its course. The new frontier of jihadi communication is taking place on a recently launched tool, in a messaging platform that has revolutionized the social media sphere, and at least for now put an end to any watchdog oversight.

This TRAC project does not merely document that many groups have shifted to Telegram, it describes how they operate on Telegram.  The following report is divided into three sections:

  • Jihadi Infrastructure on Telegram,
  • Money Transferring on Telegram, and
  • Cross Section of TRAC’s Telegram Archives.
The New Virtual Underground Railroad

Telegram was created as a free, encrypted, messaging application that guarantees both privacy and never to delete accounts. On September 22, 2015, Telegram introduced a new feature, called “channels”  – it is this new feature that has been enthusiastically embraced by many militant groups, becoming an underground railroad for distributing and archiving jihadi propaganda materials. Moreover, Telegram’s chat feature continues to be essential to both the recruiting and money moving activities.

For More on TRAC Insight: Adaptation Strategies in the Islamic State Twitter War

For More on TRAC Insight: Google Plus- Hidden Passage to Recruitment

Not a Fad

Though TRAC has seen sporadic attempts to jump to other social media platforms by many different militant groups worldwide, we have good reasons to believe this is an actual resettlement — a grassroots movement to shift communication styles. The usual pattern of initial attempts to transit from a mainstream social media outlet like Twitter, to another social media platform for covert communications is: initial patchy use; followed by a dropping off of content; then, ultimately becoming a “back-channel” for propaganda when all other media outlets are unavailable for one reason or another. This current migration to Telegram looks nothing like the past attempts to move from the more mainstream social media platforms like Twitter.  The sheer scale and momentum of the Telegram migration is hard to fathom. The force of the numbers using Telegram channels is staggering, watching hundreds of new members in an hours’ time; thousands coming on in over a few days is commonplace for many channels.

Membership in Elite Messaging: Telegram Channels

Since it went live on August 14, 2013, the messaging application Telegram has seen major success, both among ordinary users as well as jihadis; but it wasn’t until their launch of “channels” in September 2015, that TRAC began to witness a massive migration from other social media sites, most notably Twitter.

Advantages
  • Channels work like Twitter on steroids, you become a member, and then you are automatically updated anytime a new item appears on a channel. No need to check it every minute of the day; it simply pings you when new information is available. Only the channel administrator can post to the channel but as a user you can forward any message they post to any one of your contacts. Administrators of one channel can also forward content from a channel they visit to the one they administer.
  • Since many people were already using Telegram as a messaging application, the proliferation of messages on channels spreads like a virus. Often you will see a channel that has very few members but the posted messages will have 1,000s of views.
  • Any medium of any file size can be included in a channel message and then downloaded from by channel visitors or users, avoiding pesky YouTube or Just Paste It deletions. You do not have to join a channel to access messages or download content.
  • Telegram is nimble in use; one can ‘be on-the-go’ so to speak and access their account in many different ways. Telegram can be loaded to your mobile device or used as an application on your laptop or can simply be seen on the internet from any type of browser.  One can also log into all points of access simultaneously.

TRAC’s Archive

TRAC has archived 200+ major, mainstream jihadi channels. While many of the channels have Islamic State affiliations, there are an increasing number of channels from other major players in the global jihadi world. From al Qaeda in the Arabian Peninsula (AQAP) to Jabhat al-Nusra (JN) to Ansar al-Sharia in Libya (ASL) to Jaysh al-Islam, the rate of membership escalation for each discrete channel is staggering. Within a week’s time, one single Islamic State channel went from 5,000 members to well over 10,000 members. Though it is unclear if what is commonly referred to as “the ISIS fan club” will migrate to Telegram, what is clear is that the hard core disseminators already have.

Jihadi Infrastructure

Nearly half the channels TRAC has archived belong to the Islamic State. Many of them have thousands of members, who seem to regularly access the posted message; messages in these channels get at many as 6,000 views in real time. Therefore, the Islamic State channels are the best example of how jihadis are currently using (and will continue to develop) Telegram as both an operational theater, and as a repository. The Islamic State has begun to create channel infrastructure and templates for each type of content in at least 12 different languages. The notorious Nashir (alternative: Nasher) distribution network has the most distinct matrix within Telegram. Languages include: Arabic, Bengali, Bosnian, English, French, German, Indonesian, Italian, Kurdish, Russian, Turkish, and Urdu.

Planning for the Future

There is also evidence that the Islamic State considers Telegram a permanent part of its future. Their most popular website for video distribution, ISDARAT, has five distinct Telegram channels, each with a corresponding new website that contains different content, tailor-made to its Telegram channel. ISDARAT is well-known and its website is constantly shut down by authorities or vigilante attacks. Thousands of twitter profiles include one version or another of the oft-changing URL. With Telegram’s promise of permanence, and the ability to transfer any type of file via a channel, ISDARAT no longer needs to play hide and seek with its followers.

Protected Repository

Telegram is not just a tool for file sharing but rather it has become “the protected repository” of resources for the Islamic State. The images that follow include the info page for Khilafah News, which shows the number of shared media resources available, as well as a page of both the video and file listings for that channel.

Click to Enlarge
Click to enlarge                             Click to enlarge                      Click to enlarge 

Screen shots (above): Khilafah New’s Telegram feed nearly one month after establishment. As of 28 October 2015: 1,875 photos shared; 71 video files; 130 data files; 14 voice messages; 816 shared links.

For More on TRAC INSIGHT: Media Outlets of Islamic State

Creation and Background

Image: Screen shot of Telegram’s features, note look very much like Monopoly characters.

The Brothers Durov

Telegram was created by two Russian brothers, Pavel and Nikolai Durov. Pavel is the financial and visionary figure of the company, while Nikolai specializes in the technical and programming aspects. However, Telegram’s website states that the company is actually based in Berlin and holds no geographical or litigious ties to Russia.[1]

The company describes Telegram as an application that serves as a fusion between text messaging and sending e-mails. This is not to say that Telegram offers an e-mail component, rather that the design of the application is one that blends the functions of text messages and e-mails.[2] Furthermore, Telegram is a free service and currently operates as a nonprofit company. It is financed by Pavel Durov’s fund Digital Fortress.[3]

Security

Privacy and security are Telegram’s primary attraction to potential users and are a key reason for its widespread adoption. The company has been seemingly effective in riding the wave of privacy scares following Edward Snowden’s revelations regarding government encroachment on privacy. Notably, Pavel Durov publicly offered Snowden a job, an offer he declined.[4]

For More on Three Insider Leaks

Privacy

Telegram’s website highlights the services’ stance on internet privacy. It states, “At Telegram we think that the two most important components of internet privacy should be:

  1. Protecting your private conversations from snooping third parties, such as officials, employers, etc.
  2. Protecting your personal data from third parties, such as marketers, advertisers, etc.”[5]
Keeping Russian Eyes Off

Pavel Durov later echoed these sentiments when he stated that the prime motivation for creating Telegram was to establish a means of communicating that cannot be accessed by “the Russian security agencies.”[6] It is important to note that Telegram’s target market is a generation that grew up on social media and who currently have a heightened awareness of privacy issues.

End-to-End Encryption

The application boasts about its end-to-end encryption and the fact that its programming is not veiled, but is open-source and available to users. Telegram is so confident in its encryption that it has offered $300,000 rewards to the first individual to crack the encryption.[7] In an interview with TechCrunch, Pavel Durov stated that the encryption has not been cracked, but a developer received $100,000 for discovering a significant vulnerability.[8] Nevertheless, skeptics state it is only a matter of time before Telegram’s encryption system is breached.

User Information is Stored

Telegram provides an environment that is genuinely respectful of the user’s privacy, as opposed to other major social media and internet services such as Facebook and Google. Telegram posits that merely offering users options to make their posts or information “private” does not mean that the information itself, which is shared through given service, is protected. Conversely, Telegram argues that many sites use these methods to quell users’ privacy concerns, but user information is stored, “mined” for targeted advertising and remains prone to being shared with third parties.[9]

Self-Destruct Feature

The “self-destruct” option is particularly useful for those who move around a lot and forget passwords or have limited use of the internet for long periods of time. There are privacy settings for each individual account that can either set messages to self-destruct after a certain period of time (see Secret Chat below) or accounts to self-destruct after chosen periods of inactivity.

Channels

On September 22, 2015, Telegram announced channels as a way for users to “broadcast” their postings to a wide audience.[10] Prior to adding channels, Telegram served groups of up to 200 people using a broadcast feature to share information. Although Telegram is adding functionality to channels, it appears that the biggest attractions of the channel feature has been its feature of having an unlimited number of members, as well as non-member access to channel content.

Not surprisingly, the channel feature has become quite popular with jihadis. Although Telegram is still technically a messaging application, channels allow users to produce and share content with ever-growing audiences.

Downloads

The messaging only version of Telegram was enormously popular in the Middle East.  In December 2013, merely four months after Telegram’s launch, it was reported that users in the Middle East downloaded Telegram over 100,000 times in one day. This surge dwarfed previous Telegram downloads in the Middle East that had been approximately 2,000 per day.[11] Clearly not all of its earlier users in the Middle East were jihadis, especially since the militant and political ecosystem of the region is vastly different today than it was at the end of 2013. Nevertheless, the it has proven to be very attractive as an outlet for jihadi propaganda.

Promoting your Channel

Many of the larger jihadi channels have attracted thousands of members, and the view count for each message suggests some channels are visited more by non-members than by members. At least three channels have well over 10,000 members. Back on Twitter, Twitter account holders are pushing their followers to Telegram – they tweet and retweet information about how to get the Telegram app and which channels to join. Others on Twitter have implored their followers to join their Telegram channels. They rarely state that they are motivated by their next, imminent suspension.  But for followers who repeatedly search for “shout-outs” that point them to the new accounts of their favorite jihadis, the reason to switch to Telegram is apparent.

An Islamic State Nashir channel posted an infographic on how to spread material from a channel.

The image announced: “To support the channel, do not copy published material but follow these steps:

  1. Choose the desired post
  2. Press ‘Forward’
  3. Then choose the future recipient”

Transferring Funds

A Virtual Hawala System

Secret Chats

It has always been possible to transfer funds via text message – by using services that just require a person to establish their identity and provide a transaction number. Telegram makes that type of exchange more appealing because the encryption and self-destruct features of the “Secret Chat” limit access to the information. And for even more anonymity, bitcoin and other crypto-currencies don’t even require that an individual establish there identity.

Untraceable

Law enforcement agencies have been emphasizing the potential for bitcoin to be used in all manner of criminal enterprises. But in the US, by obtaining a warrant, they are typically able to get data from unencrypted conversations. Telegram has asserted that they will not comply with such warrants – that private conversations are private. However, even if Telegram changes its policy to allow warrant access, the Secret Chat function deletes any information passed via the self destruct feature making it the virtual Hawala system of Telegram.

For More on Cyber Crime Nexus: Liberty Reserve, Freedom Hosting and Silk Road

For More on Concealment Practices Among Cybercriminals & Terrorists

Using ‘Bots’

In addition to transactions that involve merely exchanging information, there are bots designed to facilitate the actual transfer of crypto-currency. The most publicized is Julia – an app dependent bot developed by GetGems to move funds to and from Coinbase accounts (Coinbase is a bitcoin “bank”).

The Telebit Bot

Another well-established bot – that operates entirely within Telegram – is Telebit. It is accessed by searching Telegram to find the bot (by entering “telebit” in the search box, then selecting @Telebit (Telebit Sender). The result looks like an empty chat, but as shown in the following images, sending the message “help” produces all of the information needed to access all the Telebit functions.

   

Creating Bots

Telegram encourages individuals to create new bots and there are already quite a few of these fund-transfer bots. The following Tweet is from the creator of another Telegram bot, who has developed a way to transfer the bitcoin value of phone minutes via a Telegram chat.

Numerous Outlets for Asset Transfer on Telegram

There are undoubtedly numerous other bots and informal fund transfer systems operating on Telegram. The use of Telegram and other messaging applications to transfer funds (and other assets of value) is expected to be a rapidly changing environment that will require constant monitoring. TRAC will provide regular updates regarding the rapid adoption of Telegram, as well as changes in the way it is utilized in support of terrorist communication and operations.

Cross Section of TRAC’s Archive

TRAC’s archive is consistently expanding, the 200+ channels have an estimated 150,000 ever-increasing total membership levels. The following is a cross-section of some of the more interesting accounts from the archive.

Image: 07 October 2015, Screen shot of Tweet advertising AQAP’s Telegram channel.

Must Be Directed to Channel Addresses

Its very important to note that Telegram channels are not easy to just “stumble upon,” account names are case sensitive and there is no autofill function to help one search for channels. Jihadis have been passing Telegram channel “addresses” so to speak a number of ways, advertising on Twitter accounts, advertising on specific Blogs like https://ansarukhilafah.wordpress.com/news-sources/, or advertising on specific websites like ISDARAT (mentioned above in Infrastructure section). Because Telegram was already widely used as an encrypted messaging application, it can be assumed that direct messaging was the initial way to spread new channel accounts. Like Twitter, the hash tag #function is operational on Telegram but the hashtags only work if you already subscribe to a channel.

Telegram Channel

Affiliation

Membership 10.29.2015

Icons

IS_new_2 IS 9,904
IS_new IS 3,310
a3maqagency IS 10,672
nasherislamicstate IS – Arabic 11,195
Is_news_ru IS – Russian 2,410
nashirislamicstateDE IS – German 401
nashirislamicstateBN IS – Bengali 240
nashirislamicstateINA IS – Indonesian 1,451
nashirislamicstateEN IS – English 1,264
nasherislamicstateFR IS – French 424  
nashirislamicstateKURDI IS – Kurdish 111  
nashirislamicstateIT IS – Italian 4
nashierislamicstateBOS IS – Bosnian 275
nasherislamicstateTR IS – Turkish 287
nashirislamicstateUR IS – Urdu 15  
isyemen IS – Yemen 858  
ICA_ES IS – Hacking 847  
DabiQ IS 3,337
isdarat_News IS 786
isdarat1 IS 2,709
isdarat_is IS  521
isdaraty IS 615
isdarat_islamicstate IS 1,319
KhilafahNews IS 1,787
FURSANUpload IS 3,349
Nashr4k IS 1,112
azalkelafa11 IS 1,895
DarAlislam IS 1,015
AQAPTV AQAP 2,760
Rayareporter ASL 726
allewaa6 FSA 25
AlnasarArmy Al-Nasar Army 185
jaishalislam01 Jaysh al-Islam 2,047
GIMF_Channel AQ aligned 1,072
doaat Varied 6,369
JihadnewsCh Varied 6,579
mujahednews Varied 2,203
almonaseronn Detainees 3,009
sawtaljihad Varied 1,370  
KhilafahTree IS 1,093

 


[1] https://telegram.org/faq (Access Date: October 21, 2015).

[2] Ibid.

[3] Ibid.

[4] http://www.nytimes.com/2014/12/03/technology/once-celebrated-in-russia-programmer-pavel-durov-chooses-exile.html?_r=0)

[5] https://telegram.org/faq (Access Date: October 21, 2015).

[5] http://techcrunch.com/2014/02/24/telegram-saw-8m-downloads-after-whatsapp-got-acquired/ (Access Date: October 21, 2015).

[6] https://telegram.org/crypto_contest (Access Date: October 21, 2015).

[7] http://techcrunch.com/2014/02/24/telegram-saw-8m-downloads-after-whatsapp-got-acquired/ (Access Date: October 21, 2015); https://telegram.org/blog/crowdsourcing-a-more-secure-future (Access Date: October 21, 2015).

[8] [8] https://telegram.org/faq (Access Date: October 21, 2015).

[9] https://twitter.com/telegram/status/646268856684707840 (Access Date: October 21, 2015).

[10] http://techcrunch.com/2013/10/27/meet-telegram-a-secure-messaging-app-from-the-founders-of-vk-russias-largest-social-network/ (Access Date: October 21, 2015).

[11] https://news.bitcoin.com/getgems-joining-telebit-bringing/ (Access Date: October 28, 2015)