NSA revelations could push terrorists to other channels

With options including mobile apps, social media and virtual worlds, knowing the capabilities may push more bad guys to 'go dark'


Public disclosure of the National Security Agency's wide-ranging surveillance programs is likely to cause terrorists to increase their use of social media and other hard-to-track Internet channels, experts say.

Documents leaked to news media by an NSA contractor revealed last week that the intelligence agency was gathering massive amounts of customer data from telephone companies and the world's largest Internet companies. The information gathering, approved by Congress, the courts and the president, is used to catch members of foreign terrorist groups or Americans working with such overseas organizations.

The fact that the NSA is looking for communication patterns that would indicate terrorist activity would not surprise many terrorist organizations, experts say. However, the recent disclosures indicated data-gathering and analytical capabilities beyond what many observers expected.

[Also see: ACLU files lawsuit chellenging NSA surveillance

Knowing the NSA's level of sophistication is sure to make seasoned terrorist groups more cautious about their use of telephone carriers and email and chat services provided by Internet companies.

"Obviously, in light of what's been going on over the last several days, they [terrorists] are going to think twice about using those types of communications or they will use a very sophisticated coding system that might be difficult to break," said Vernon Herron, senior security policy analyst at the Center of Health and Homeland Security in the University of Maryland.

Internet channels that terrorists are likely to use more often is virtual worlds, an example of which is Second Life. There are hundreds of such places in many countries where anonymous avatars can be created and cryptic messages passed.

"I could be called Iron Monkey in a hippie community in Second Life and you could be Bumble Bee. Somehow, I'm going to connect, knowing your handle, in a very alternate virtual community," said Peter M. Tran, senior director for RSA's worldwide Advanced Cyber Defense Practice. "You and I can chat, we can exchange [messages], we can use virtual dead drops."

In espionage tradecraft, a dead drop is a location where someone leaves an item or message that can be picked up by someone else, without the two people ever meeting.

Online gaming communities accessible through a PC or video console, such as the Xbox or PlayStation, are other virtual worlds that terrorists may turn to more often to communicate, Tran, who held senior technical roles with Northrop Grumman and Booz Allen Hamilton supporting various Defense Department intelligence agencies, said. Some online gaming worlds allow for open source development, so a terrorist group could create their own children's game that could go unnoticed.

"It [gaming networks] is a very hard community to monitor, because there isn't a direct link [to the players,]" Tran said. "There's an ecosystem by which you'd have to really have multiple variables of intelligence in order to narrow down possible communities being used."

Other channels that could become more attractive to advanced terrorist groups could include mobile applications developed for secretive communications and offered through Android app stores. Social media, like Facebook and Twitter, are also logical places where terrorists would go to write coded messages to each other or to hide messages within image files.

"There's so many other alternate channels and it's all embedded in some form of social media," Tran said.

Knowing the NSA's capabilities will likely cause terrorists working in small groups, such as the two brothers accused in the Boston Marathon bombings in April, to "go dark," Steven Weber, director of the Institute of International Studies, at the University of California, Berkeley, said.

"The less sophisticated folks, who are a little bit dumber, quite frankly, they are probably going to go quiet for a period of time," Weber said.

When they restart, they are likely to resort more to communicating person-to-person or by mail, rather than through email or over voice or text on a mobile phone.

"One of the biggest concerns we have today is the lone wolf that operates in a very small circle, either one or two people, and the plans are between the two of them," Herron said. "The smaller the circle, the more difficult it is to intercept."

Copyright © 2013 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)