Trend Micro on how terrorists are abusing online tools
By Digital News Asia May 9, 2016
- Yahoo! Mail and Gmail to communicate, coordinate and share propaganda
- WhatsApp and Telegram for communications and coordination
CYBERCRIMINALS have always abused legitimate online tools and services, but now they have been joined by an even more insidious group: Terrorists.
According to new research from Trend Micro Inc, terrorists are just as proficient as cybercriminals in using vulnerabilities in software, websites, and web applications as attack vectors; to hosting malicious components in cloud services.
They too make use of clickbait posts and links on social networking sites to lure hapless users into falling for their schemes, the company said in a statement.
Trend Micro’s report, Dark Motives Online: An Analysis of Overlapping Technologies Used by Cybercriminals and Terrorist Organizations, discusses the methodologies, services, and tools that cybercriminals and terrorists use to streamline their cause for followers to facilitate their activities easily.
These include how terrorists use online tools to remain untraceable and anonymous and disseminate, as well as customised tools they use to help in their guerrilla campaigns.
According to Trend Micro, both cybercriminals and terrorists resort to using anonymising programs such as TOR, and certain encryption tools found in the Deep Web to hide their identities.
One web service being abused by terrorists is the DDoS (distributed denial-of-service) mitigation service, Cloudflare.
A legitimate service designed to provide a working mirror for websites that are either experiencing heavy traffic or being subjected to denial of service attacks, Cloudflare is being abused to hide the real hosted IP (Internet Protocol) address of the website, Trend Micro said.
In comparison however, the way cybercriminals and terrorists disseminate information related to their agenda are different, with cybercriminals being more inclined to engage with their limited contacts and weigh on the online reputation of the individual.
In addition, terrorists and cybercriminals have been known to use the same services such as Yahoo! Mail and Gmail in order to communicate, coordinate and share propaganda.
On the other hand, popular messaging applications such as WhatsApp and Telegram are being used for communication and coordination rather than for information theft or to spread malicious links.
Telegram was found as the most favoured method of communication amongst terrorist groups, with 34% listing their contact information as a Telegram address.
Cybercriminals and terrorists also use file hosting and sharing services, said Trend Micro.
Terrorists use such services – top4top.net, Sendspace, and SecureDrop – mostly to send and spread propaganda and large digital media, the company said.
Terrorist groups prefer file-hosting services based in regions such as the Middle East, presumably another response to the perceived threat of government surveillance plaguing communications platforms in Western countries such as the United States, it added.
Encryption genie is out of the bottle: Ex-NSA director
The global encryption war begins
Tackling money-laundering and terrorism with technology
Average of 900 online resources active on Tor daily: Kaspersky
For more technology news and the latest updates, follow us on Twitter, LinkedIn or Like us on Facebook.