The myth of the ISIS encrypted messaging app
Despite widespread media reports to the contrary, an app created for Islamic State militants to send private encrypted messages does not exist, a Daily Dot investigation found.
On Jan. 12, Defense One reported that the Islamic State allegedly built a new Android app called Alrawi for exchanging encrypted messages, based on claims from self-proclaimed online counterterrorism outfit Ghost Security Group (GSG). The claim was quickly reprinted by Newsweek, Fortune, TechCrunch, and the Times of India—the largest English-language newspaper in the world—among many others.
However, it seems as though hype and fear, rather than concrete evidence of a genuine tool for orchestrating terrorists attacks, played the primary role in propagating word of its existence.
Encryption uses algorithms to scramble information so that only the intended sender and recipient can read the data. Web users benefit from encryption anytime they log into a website with an “HTTPS” connection, and Apple and Google both encrypt devices running their mobile operating systems when a user enables the locking feature.
The spotlight has been on encryption technology for well over a year now, and it’s only intensified since the November 2015 terrorist attacks in Paris and the December attack in San Bernardino, California.
Followers of ISIS, excited by the news of a custom encrypted messaging app, asked on forums and social media where they could find the app, but we found no instances of anyone able to share it. Western security experts wondered why they couldn’t find a copy on any of the official or unofficial ISIS channels.
All of the media articles on the Alrawi app showed screenshots of a different app entirely, one that is a glorified RSS reader with a totally different name. The Defense One journalist who first reported on GSG's claims about the app told the Daily Dot that he hadn't seen any version of Alrawi at all, and the subsequent reports on the app largely relied on Defense One's reporting. The Daily Dot was the first media outlet to receive, on Jan. 18, what GSG claimed was the Alrawi encryption app.
The app, “Alrawi.apk,” contained no ability to send or encrypt messages.In fact, it contains very few abilities at all, according to analysis by Khalil Sehnaoui, a Middle East-based security specialist and founder of Krypton Security. The app was built in MIT’s App Inventor, a plug-and-play tool meant primarily for children. (A watermark-style line automatically inserted by App Inventor is in the code.) It appears to contain a simple Bluetooth file transfer button—with a range of about 30 feet, it’s a function virtually all smartphones have anyway—but there’s nothing to indicate encrypted messages were ever a part of the app's functionality.During a phone interview with a GSG representative, the group said it was different version of Alrawi—not the one GSG sent to the Daily Dot when we requested to see the encryption app—that included encrypted messaging, though both versions were indeed built in the children’s App Inventor, the representative said, and likely by the same person.
GSG was unable to provide a version of Alrawi with encrypted communications, but they did point to a jihadist website offering custom-built software where GSG said they originally found the Alrawi encrypted messaging app.The only messaging software available on this now-dormant jihadist website is known as “Amn Al-Mujahid,” which translates to “Security of the Jihadi [fighter].” Aside from having an entirely different name, it was built in 2013, not 2016. It was created by Al Qaeda, not the Islamic State. It’s very likely built by a different person than whoever built the Alrawi app, a fact we know because the Alrawi app creator did no personal coding on his product, according to Sehnaoui. And security experts say the custom-built Amn Al-Mujahid app likely helps U.S. intelligence efforts.
So, where is the Alrawi encryption app?
Multiple security researchers who closely follow the Islamic State’s online activity say that they haven’t seen the Alrawi app being discussed or shared in any of ISIS’s online channels. Nobody from ISIS seems to know anything about this app, based on extensive online conversations viewed by the Daily Dot and other ISIS observers.
“Basically, [it's] a lot of bullshit over nothing,” Sehnaoui said. “I think it is just a bad media mock-up to try and get some attention. There is nothing even remotely professional or functional about both these apps.”
Ghost Security Group, whose claims are regularly featured in the media, says that it has a working relationship with U.S. counterterrorism officials, and it appears the group passes along information in an informal capacity.
Beyond news of the Alrawi app, GSG has proven its power to generate headlines. In addition to the popular publications that covered the Alrawi app, the group and its associates have been spotlighted by outlets as high-profile and wide-reaching as CNN, BBC, and Fox News. In each report, connections to the U.S. government provide the foundation for the group’s authority.
In December, House Homeland Security Chairman Mike McCaul (R-Texas) was likely referring to a Ghost Security Group report when he went on CNN and claimed to Wolf Blitzer’s 550,000 viewers that the Islamic State built its own encrypted messaging mobile app. McCaul, whose Tom Clancy-esque new book Failure of Imagination explores potential threats to the U.S., provided no evidence supporting his claim.
A spokeswoman for McCaul could not confirm whether the congressman's statements on CNN were based on GSG's claims.The Islamic State’s use of encryption technology has become a focal point of the encryption debate, commonly known as the Crypto Wars. FBI Director James Comey said in May that encryption played a role in the killing of two people during a shooting in Garland, Texas, in 2015. One of the shooters, Comey claimed, sent and received 109 encrypted messages with an “overseas terrorist.” Comey and other U.S. government authorities have since repeatedly claimed that encryption has allowed criminals and terrorists to evade law enforcement and intelligence agents, a phenomenon Comey calls “going dark.”
Following the attacks in Paris, McCaul partially blamed the deadly massacres on ISIS militants' use of Telegram, a group messaging app. Telegram has been used by ISIS, though experts say it provides weak encryption, and the company has since begun monitoring and deleting channels used by Islamic State operatives and supporters.
Earlier this week, the Islamic State’s media arm promoted a video in which they claimed to use PGP encryption, which is often used to secure email messages. Edward Snowden, who has become a vocal supporter of encryption and critic of the U.S. government since he leaked classified National Security Agency documents in 2013, argued the video was fake and possibly a scare tactic.
There’s no doubt that Islamic State supporters can use encryption technology. Myriad options are freely available to anyone with an Internet connection. But the Alrawi app is not among them.
Update 1:28pm, Jan. 27: Added response from McCaul's office.
Additional reporting by William Turton | Illustration by Max Fleishman