Report: Terrorists are big fans of VPNs

Jihadists are increasingly relying on virtual private networks, or VPNs, and proxy services to avoid law enforcement, according to a new report from New York City-based security firm Flashpoint.

Jihadists are increasingly relying on virtual private networks, or VPNs, and proxy services to avoid law enforcement, according to a new report from New York City-based security firm Flashpoint.

The firm’s report, which is based on the analysis of pro-ISIS forums discovered on the dark web, was published on Friday and is titled “Tech for Jihad: Dissecting Jihadists’ Digital Toolbox.”

U.S. defense officials understand that terrorist groups are working to produce savvy digital operations. But the extent to which these individuals are leveraging technology to accomplish their goals is slightly more difficult to decipher, Flashpoint’s research team describes.

Earlier this year, a pro-ISIS hacking collective named the United Cyber Caliphate issued an advisory warning, via a hidden discussion forum based on the dark web — an area of the internet that can only be reached using the anonymous Tor browser — to members about the use of certain VPN services. The clandestine discussion circled around best practices and recommended VPN products, according to Flashpoint.


‘There is a clear increase in the release of OpSec and InfoSec proprietary jihadi manuals, suggesting the increasingly comprehensive outlook jihadists have on their cybersecurity and online operations,” Laith Alkhouri, Flashpoint’s co-founder and director of Middle East and North Africa Research, told FedScoop.

Broadly speaking, VPNs are attractive to criminals because they allow for secure access to a private network even while connected to unsecured Wi-Fi networks.

According to the report, terrorist groups’ understanding and use of VPNs has notably improved and matured over time, especially since Flashpoint first found evidence in 2012 of pro-Al-Qaida users encouraging one another to adopt the CyberGhost VPN service — which uses SSL/TLS Internet protocol flowing through a local server to encrypt communications.

“As time progressed, jihadist forum dialogue continued to evolve from basic recommendations to the circulation of meticulous manuals and critical reviews,” researchers explain.

Later in 2014, users on the dark web forum found weaknesses in CyberGhost — specifically, that the aforementioned software would not change a computer’s hard disk serial number. When viewed online, a hard disk serial number can be used by authorities as a digital identifier.


“Over the past two years, jihadist chatter within Deep and Dark Web forums indicates that pro-ISIS and Al-Qaida actors employ numerous encrypted and temporary e-mail services to communicate confidentially,” the report reads.

One of the most popular anonymous web browsers approved by jihadists, according to Flashpoint, is Opera. It contains a free VPN and ad-blocking service, and is compatible with the Android mobile operating system — which is especially popular in the developing world.

“Although technology is not typically associated with jihadists, it is their lifeblood. Jihadists’ reliance on technology for survival pushes the jihadist community to constantly learn, adapt, and advance through various technological tools,” the report concludes.

Chris Bing

Written by Chris Bing

Christopher J. Bing is a cybersecurity reporter for CyberScoop. He has written about security, technology and policy for the American City Business Journals, DC Inno, International Policy Digest and The Daily Caller. Chris became interested in journalism as a result of growing up in Venezuela and watching the country shift from a democracy to a dictatorship between 1991 and 2009. Chris is an alumnus of St. Marys College of Maryland, a small liberal arts school based in Southern Maryland. He's a fan of Premier League football, authentic Laotian food and his dog, Sam.

Latest Podcasts