Contradicting a report issued last month by the intelligence firm Recorded Future (and subsequently dismissed as state-sponsored agitprop by Greenwald), Murtaza Hussain highlights a new report from Flashpoint Global Partners that concludes that Snowden’s leaks about NSA surveillance were not to blame for improvements in jihadist groups’ cyber security:
The report itself goes on to make the point that, “Well prior to Edward Snowden, online jihadists were already aware that law enforcement and intelligence agencies were attempting to monitor them.” This point would seem obvious in light of the fact that terrorist groups have been employing tactics to evade digital surveillance for years. Indeed, such concerns about their use of sophisticated encryption technology predate even 9/11. Contrary to claims that such groups have fundamentally altered their practices due to information gleaned from these revelations, the report concludes. “The underlying public encryption methods employed by online jihadists do not appear to have significantly changed since the emergence of Edward Snowden.”
These findings are notable both for empirical rigor through which they ascertained, as well as their contradiction of apparently baseless statements made by high-ranking U.S. officials regarding the impact of the leaks on U.S. national security. This is particularly important as it pertains to the ongoing public debate over the alleged threat of ISIS.
In Joseph Cox’s reading, the report actually questions whether al Qaeda’s counter-surveillance methods have improved dramatically in the first place:
The history of Islamic terrorists using encryption far predates Snowden, and even Wikileaks. An early milestone was an article in Al-Qaida in the Arabian Peninsula’s (AQAP) English language magazine Inspire in October 2010, which exhorted readers to use encryption. The programme suggested then was Asrar al-Mujahideen, originally launched back in 2007. It runs in a similar vein to popular open source encryption Pretty Good Privacy (PGP), utilising public and private keys to securely send files and messages. A 2.0 version was available in 2008, and after this other programmes came out for popular chat programmes, then Android and Symbian mobile devices.
From Asrar al-Mijahideen in 2007 to developments today, Flashpoint’s findings suggest jihadists haven’t made any major changes to their use of encryption: they’re just taking established models and applying them to different areas, such as instant messaging services or mobile phones.