Message service blocks 78 ISIS-related encrypted channels

Encrypted messaging app maker Telegram blocked 78 ISIS-related propaganda channels in reaction to abuse reports sent by users, Telegram tweeted late Wednesday.

The Berlin-based company said in a statement that it took the action because “we were disturbed to learn that Telegram’s public channels were being used by ISIS to spread propaganda. We are carefully reviewing all reports sent to use at abuse@telegram.org and are taking appropriate action to block such channels.”

Telegram also said it will block terrorist bots and channels including those that are ISIS-related, but will not block anybody who peacefully expresses alternative opinions. Telegram announced on its second anniversary in August that it was delivering 10 billion messages daily.

The channels feature that Telegram referred to is only two months old. Participants can invite an unlimited number of members and use a public URL. Channels are separate from one-to-one chats and group chats, which Telegram said will remain private.

Separately, Telegram’s shutdown came after hacktivist group Anonymous announced in a video in French after the Paris attacks that it has “declared war” on ISIS, with a series of cyber attacks.

Later, Anonymous claimed in a tweet on Tuesday that its members had shut down 6,000 ISIS recruiter accounts on Twitter.

Reaction to Telegram shutdown

The Telegram shutdown led to a backlash from ISIS supporters.

Charlie Winter, a security researcher formerly of the Quilliam counter-extremism think tank, has tracked ISIS on Telegram and followed the Telegram shutdown in several tweets. He posted one tweet with a screenshot from a major ISIS user on Telegram who reacted to the shutdown by saying, “the war on Telegram has started.”

Avivah Litan, a security analyst at Gartner, reacted to the shutdown with a dose of reality. “It is reassuring and commendable that Telegram banned 78 ISIS-related channels, but certainly that type of action cannot be relied upon across the dozens of potential mobile apps that enable secure encrypted communications. Further, there is no way of being absolutely sure that all ISIS-related channels were in fact blocked.”

Telegram boasts that its cloud-based messages — at least the private ones — “are heavily encrypted and can self-destruct.” Telegram messaging is available for free on mobile, desktop and other form factors using multiple operating systems.

What government intelligence agencies can do about encryption

Because encryption apps and proprietary encryption software are so widespread, an active debate has been reignited since last week’s terror attacks on Paris about what intelligence agencies can do regarding cloaked communications.

Early Thursday, former U.S. Defense Secretary Robert Gates urged President Obama and Congress to ask the National Security Agency for insights on “adding capabilities in tracking potential terror plots in the U.S. or elsewhere.” He spoke today in an interview on CBS This Morning (at 2:40 into the video clip).

Gates added, “Frankly, it may be time for a heart-to-heart talk between the president and some of the leaders of the tech companies in terms of them providing some help to the government on some of these highly sophisticated encryption devices.”

Members of the U.S. Senate Intelligence Committee this week have said they want greater tech industry help, although Apple and Google have previously objected to changes in their operating systems that could somehow decrypt disk-level encryption.

One member of the committee, U.S. Sen. Mark Warner, D-Va., said on Wednesday that the increased use of encryption “poses a growing challenge to the ability of our intelligence and law enforcement professionals to keep the country safe, but the question is what should be done about it.” He said the committee has asked the FBI, the Obama administration and the intelligence community for their help “and we have not gotten good answers.”

A Department of Justice spokeswoman this week said DOJ is not currently seeking legislation to address encryption remedies. However, during the summer, FBI Director James Comey had suggested revisions to the 1994 Communications Assistance for Law Enforcement Act (CALEA) to allow surveillance of new technologies such as email, Internet messages and social networking sites.

Given the difficulty of breaking encrypted files and of locating bad actors on the Internet globally, Litan said good security requires a multi-layered approach. “Blocking channels or decrypting communications, when possible, should certainly be a key step, but security is only as strong as the exceptions and there will be plenty of exceptions…,” she said.

One approach intelligence agencies are probably already using is to monitor metadata around communications, even if the communications themselves are encrypted. The non-encrypted metadata can still be mined to figure out which communications to monitor, Litan said.

“What I’m talking about [with monitoring] is sitting on a handset and listening,” she said. “I can read the typing on the screen or pick up the keystrokes that are being used before they are encrypted. I’m not talking about decryption.”

Criminals will eventually get around that monitoring technique as well, she conceded. “It’s a cat and mouse game.”