Defense One: Islamic State has written its own encrypted communications app

It’s the scenario predicted by those opposed to government encryption backdoors

The Islamic State is deploying its own encrypted communications app for Android, an eventuality predicted by experts who oppose efforts of governments to require encryption backdoors so they can find out what criminals are saying to teach other.

The app, called lrawi.apk, employs what is described as rudimentary encryption and was available for download last month on a Web site where Islamic State supporters could download it and another app for distributing propaganda, according to a story posted by Defense One.

The creation of such an encryption app has been considered a likely outcome of laws being proposed internationally requiring backdoors that would allow service providers to fulfill court orders to decrypt private communications of their customers.

Knowing that such commercial services are no longer secure would drive terrorists and other criminals to rely instead on existing end-to-end encryption that doesn’t have backdoors or to develop backdoor-free encryption of their own that doesn’t comply with the laws.

One argument against such laws is that if they were enacted criminals would still be able to communicate securely - so it wouldn’t achieve its goal - and it would undermine the security of encryption widely used for legitimate purposes that are critical to economies around the world. It would also undermine mechanisms used by journalists trying to protect sources and activists trying to avoid political reprisals, the argument goes.

Irawi.apk was discovered by the anti-Islamic State group Ghost Security, which monitors extremist Web sites, takes down extremist social media accounts and calls in law enforcement when it finds terrorism-related activities.

The site that hosted the app has since been taken down. The propaganda-distribution app it also hosted was posted by the Amaq Agency, which is believed to be tied to ISIS.

The encrypted communications features are rudimentary when compared to commercially available encryption, Ghost Security told Defense One. Islamic State uses the encrypted private messaging service Telegram, which has stronger encryption that that in the Irawi.apk app, according to Ghost Security.

Join the CSO newsletter!

Error: Please check your email address.

More about

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tim Greene

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place