NSA revelations could push terrorists to other channels

Public disclosure of the National Security Agency's wide-ranging surveillance programs is likely to cause terrorists to increase their use of social media and other hard-to-track Internet channels, experts say.

Documents leaked to news media by an NSA contractor revealed last week that the intelligence agency was gathering massive amounts of customer data from telephone companies and the world's largest Internet companies. The information gathering, approved by Congress, the courts and the president, is used to catch members of foreign terrorist groups or Americans working with such overseas organizations.

The fact that the NSA is looking for communication patterns that would indicate terrorist activity would not surprise many terrorist organizations, experts say. However, the recent disclosures indicated data-gathering and analytical capabilities beyond what many observers expected.

[Also see: ACLU files lawsuit chellenging NSA surveillance]

Knowing the NSA's level of sophistication is sure to make seasoned terrorist groups more cautious about their use of telephone carriers and email and chat services provided by Internet companies.

"Obviously, in light of what's been going on over the last several days, they [terrorists] are going to think twice about using those types of communications or they will use a very sophisticated coding system that might be difficult to break," said Vernon Herron, senior security policy analyst at the Center of Health and Homeland Security in the University of Maryland.

Internet channels that terrorists are likely to use more often is virtual worlds, an example of which is Second Life. There are hundreds of such places in many countries where anonymous avatars can be created and cryptic messages passed.

"I could be called Iron Monkey in a hippie community in Second Life and you could be Bumble Bee. Somehow, I'm going to connect, knowing your handle, in a very alternate virtual community," said Peter M. Tran, senior director for RSA's worldwide Advanced Cyber Defense Practice. "You and I can chat, we can exchange [messages], we can use virtual dead drops."

In espionage tradecraft, a dead drop is a location where someone leaves an item or message that can be picked up by someone else, without the two people ever meeting.

Online gaming communities accessible through a PC or video console, such as the Xbox or PlayStation, are other virtual worlds that terrorists may turn to more often to communicate, Tran, who held senior technical roles with Northrop Grumman and Booz Allen Hamilton supporting various Defense Department intelligence agencies, said. Some online gaming worlds allow for open source development, so a terrorist group could create their own children's game that could go unnoticed.

"It [gaming networks] is a very hard community to monitor, because there isn't a direct link [to the players,]" Tran said. "There's an ecosystem by which you'd have to really have multiple variables of intelligence in order to narrow down possible communities being used."

Other channels that could become more attractive to advanced terrorist groups could include mobile applications developed for secretive communications and offered through Android app stores. Social media, like Facebook and Twitter, are also logical places where terrorists would go to write coded messages to each other or to hide messages within image files.

"There's so many other alternate channels and it's all embedded in some form of social media," Tran said.

Knowing the NSA's capabilities will likely cause terrorists working in small groups, such as the two brothers accused in the Boston Marathon bombings in April, to "go dark," Steven Weber, director of the Institute of International Studies, at the University of California, Berkeley, said.

"The less sophisticated folks, who are a little bit dumber, quite frankly, they are probably going to go quiet for a period of time," Weber said.

When they restart, they are likely to resort more to communicating person-to-person or by mail, rather than through email or over voice or text on a mobile phone.

"One of the biggest concerns we have today is the lone wolf that operates in a very small circle, either one or two people, and the plans are between the two of them," Herron said. "The smaller the circle, the more difficult it is to intercept."

Read more about data privacy in CSOonline's Data Privacy section.

Join the CSO newsletter!

Error: Please check your email address.

Tags NSA leaksNational Security AgencyPRISMapplicationssoftwaredata protectionData Protection | Data Privacy

More about FacebookNational Security AgencyNorthrop GrummanNSARSAStrategy&Xbox

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Antone Gonsalves

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place