ISIS’s revolutionary ability to use technology for organizational, recruitment, and propaganda purposes is well known, but the terrorist group has now built its own encrypted Android app to use for covert conversations. It’s called “Alwari,” and it was recently uncovered by a counter-terrorism technology watchdog and Anonymous affiliate called Ghost Security Group.

Alwari is presumably in response to a few different recent developments. For one, Anonymous and other groups have threatened ISIS’s use of messaging apps like WhatsApp and Telegram. Additionally, those apps have the potential to be monitored by national security officials, such as the FBI, and some applications, including Telegram and Twitter, have taken steps to remove or block ISIS-related accounts.

Alwari isn’t the first time that ISIS has made an attempt at its own app. Ghost Security Group discovered last month that ISIS members were using Telegram to download a propaganda app called Amaq Agency. While it has now been taken down, according to Fortune it “provided users with a stream of news and videos filled with ISIS propaganda messages including executions, battlefield footage, and speeches.”

Exactly how technologically advanced Alwari is is unclear. While it doesn’t have the sophistication of WhatsApp or Telegram, whoever made it had the wherewithal to make sure that messages are protected. Unlike most Android apps, Alwari can’t be downloaded by visiting Google Play. Instead, it’s accessed through a shared code.

The U.S. is currently discussing the idea of “backdoors” into some encryption software–essentially ways that would allow the U.S. or other governments to access information sent via encryption. FBI Director James Comey has pushed for, at the very least, a debate over including these features. But, that debate may become somewhat irrelevant if there’s no ability to create those backdoors in the first place because the group we are trying to monitor has its own way to securely communicate. ISIS’s ability to use technology is, at the very least, unprecedented, but it shouldn’t be surprising, and at this point certainly needs to figure into the debate about privacy and backdoors waging in the U.S.

Anneliese Mahoney

Anneliese Mahoney is Managing Editor at Law Street and a Connecticut transplant to Washington D.C. She has a Bachelor’s degree in International Affairs from the George Washington University, and a passion for law, politics, and social issues. Contact Anneliese at amahoney@LawStreetMedia.com.

The post Alwari: ISIS Creates its Own Android Messaging App appeared first on Law Street.

The infamous hacker group “Anonymous” reportedly conducted an attack against the Canadian government on Wednesday. This attack made multiple government websites go dark, including Canada.ca and the websites for the Department of Foreign Affairs, Transport Canada, Citizenship and Immigration Canada, and Justice Canada. This hack was supposedly in protest against the government’s controversial new security legislation. Bill C-51, or the Anti-terrorism Act, that would broaden the mandate of the Canadian Security Intelligence Service (CSIS). Exact ramifications of the attack are unknown, but it’s almost certainly the latest in a string of efforts by Anonymous to protest increased surveillance in various nations.

The act would give the agency new powers to disrupt perceived security threats and make it easier for federal agencies to increase surveillance and share information about individuals. Anonymous believes that this bill is not in its favor, stating as much in a video posted on YouTube. The video said the anti-terrorism law violated human rights and targeted people who disagree with the government, saying:

A bill which is a clear violation of the Universal Declaration of Human Rights, as well as removing our legal protections enshrined in the Magna Carta for 800 years. Perhaps it was fate that the day the Magna Carta arrived in our country to go on display to the populace that our corrupt government was symbolically pissing upon it and us all.

Soon after the hack,  Twitter user @Blakeando10 took credit for the cyberattack. He is pictured on his account as wearing a Guy Fawkes mask, which is usually associated with an act of this sort committed by Anonymous.

It was your move senators, now it’s ours. http://t.co/Fs67YrqOTH#cdnpoli#Opcyberprivacy#opC51 Huffpostcanada

— SplendidMass29 (@blakeando10) June 17, 2015

evasiv3 Your sites were not secure. A gov that can’t protect its own cyberspace can’t protect yours. Get it?

— SplendidMass29 (@blakeando10) June 17, 2015

Treasury Board President Tony Clement confirmed that the government’s servers were hit with a denial of service attack. “I can tell you, I’ve just been through a briefing on it. There has been an attack on Government of Canada servers, GC servers. It is as a result of a, of a — what we would call a cyberattack,” he said. By 3 PM, most of the websites were back online, although exact damage was still unknown. Liberal Defense critic, Joyce Murray, believes that this cyber attack should be a wake-up call for the Canadian government. Nadeem Douba, who has previously advised governments on security issues, told iPolitics the hack was not a very sophisticated one.

It definitely is more about optics than anything else. If we were looking at a denial of service attack similar in nature to StuxNet, where critical infrastructure was impacted, then I would consider it more of a security threat. The same could be said if the attack were able to create any kind of political unrest or economic instability. However, as far as we know now, this attack is more of a nuisance than anything else.

Government websites should be some of the most secure in the world. There is no reason why a group of people should be capable of hacking into them, especially if these sites hold valuable information. Steven Blaney, the public safety minister, criticized the cyber-attackers, telling reporters that there were many other more democratic ways for Canadians to express their views. Blaney also said the government is implementing efforts to improve its cyber security. Hopefully that’s not too little, too late.

Taelor Bentley

Taelor is a member of the Hampton University Class of 2017 and was a Law Street Media Fellow for the Summer of 2015. Contact Taelor at staff@LawStreetMedia.com.

The post Anonymous Strikes Again: Canadian Government Experiences Security Breach appeared first on Law Street.

Hello again! It feels like it has been a year since I’ve written. (Get it? Because it is 2015 now? Lol?) But I am back now, and it’s time to get into the thick of it.

We are now nearly two weeks into the new year and have already had a heavy dose of tragedy. Unless you have been cut off from internet and television over the past few days, you’ve heard about the Charlie Hebdo shootings. Regardless of what your opinion is of that publication, the murder of those people was an act of terror and an infringement on their rights as humans and French citizens.

Whenever there is an act of extremism related to one system of belief, there are those who call out the entire group. I don’t know why this does not go without saying, but ONE BAD APPLE DOES NOT SPOIL THE WHOLE BUNCH.

While Al-Qaeda and other jihadist groups call themselves Muslim, not all Muslims belong to Al-Qaeda. Yet, people like news magnate Rupert Murdoch go off and blame the entire religion.

Maybe most Moslems peaceful, but until they recognize and destroy their growing jihadist cancer they must be held responsible.

— Rupert Murdoch (@rupertmurdoch) January 10, 2015

Uhh….

Luckily, we have witty and intelligent people in the world like J.K. Rowling, who some of you may know as the author of a little series called Harry Potter, to put people like Murdoch in their place.

I was born Christian. If that makes Rupert Murdoch my responsibility, I’ll auto-excommunicate. http://t.co/Atw1wNk8UX

— J.K. Rowling (@jk_rowling) January 11, 2015

.@dom209 The Spanish Inquisition was my fault, as is all Christian fundamentalist violence. Oh, and Jim Bakker.

— J.K. Rowling (@jk_rowling) January 11, 2015

 

It is always promising when voices of reason speak out, especially when those voices have four million Twitter followers. Rowling’s cutting sarcasm continued with responses to fans who joined in her satire, resulting in a truly entertaining and enlightening Twitter feed.

When horrible things happen, like the events in Paris on January 7, instead of playing the blame game, those with sizable influence–like Murdoch–should join in the fight for justice. Yet, too often, we see hate answered with hate.

We can be thankful that most of the world’s population, including many political leaders, have joined together and targeted the real source of the attacks: religious extremists. Infamous hacking organization Anonymous has even declared war on jihadists, laying out a plan of attack centered in cyber world. It is not the responsibility of practitioners of Islam to rid the world of Islamic extremists. We are all affected by their acts, and we can all help in the effort to “destroy their growing cancer.”

Morgan McMurray

Morgan McMurray is an editor and gender equality blogger based in Seattle, Washington. A 2013 graduate of Iowa State University, she has a Bachelor of Arts in English, Journalism, and International Studies. She spends her free time writing, reading, teaching dance classes, and binge-watching Netflix. Contact Morgan at staff@LawStreetMedia.com.

The post J.K. Rowling Has Perfect Response to Anti-Muslim Tweets appeared first on Law Street.

Following the recent fiasco at Sony, hacking has been catapulted squarely into the spotlight. But hackers are doing more than just delaying movie premieres–they are causing serious damage and have the capability to cause much more. Before we get too scared of these anonymous boogeymen, however, it is important to understand what hacking is and who the hackers are.

What are hackers and what do they do?

So, first of all, what is a hacker? While the answer to that question is very complicated, for clarity’s sake a succinct and clear explanation of a computer hacker and computer hacking is this:

Computer hackers are unauthorized users who break into computer systems in order to steal, change or destroy information, often by installing dangerous malware without your knowledge or consent.

This definition is of course limited, as hacking is not relegated solely to computers and is not always a negative thing. Below is a video that offers a fuller picture.

While not all hacking is negative, much of it is, and it is important to understand specifically what the intentions of many hackers are and how they operate. Hackers often lure their unsuspecting victims with bogus scams sent through emails or websites. Some hackers also prefer the approach of directly attacking a computer if it does not have the requisite protection in place, such as a firewall; however, while hacking may appear as simple as pressing a button in a movie, it is more complicated than that. More specifically, what a hacker does is infect another person’s computer with malicious software or malware. Once the unsuspecting user has activated the malware, either by clicking on a link or opening an email, his computer can then become infected with a virus. If a computer does become infected the hacker essentially has unlimited access to the operating system. This then enables him to have virtual control over the user’s computer and internet activity. Normally the hacker will try to maintain a low enough profile so the user is not alerted; in the meantime he will attempt to obtain sensitive information. Whatever way hackers choose to attack, they often try to steal things like passwords, account numbers, and means of identification such as a social security number.

The purpose behind all of this is nefarious; stealing an individual’s money, abusing their credit, or even turning a profit by selling the acquired information to a third party is often the end goal. Two prime examples of this are the major hack of Target’s credit card system in 2013 and the similar hack of EBay this year. Nonetheless, while hackers seem to have similar motives, the group is in fact quite heterogeneous and can vary from countries to individuals.

State Actors

The first type includes hackers utilized by a country’s government or military. In this way, hackers are used like other weapons such as tanks or missiles. In this regard, perhaps no country employs hackers and hacking more than China. According to a 2013 article from Bloomberg, China accounted for 41 percent of hacking assaults in 2012–four times that of the second place country on the list. While there’s no way to say definitively whether those hacks came from the Chinese government, the idea comes as no surprise to those familiar with the United States’ claims that China has long hacked American corporations in order to steal trade secrets and then passed them along to Chinese companies. For example, there were hacking accusations against China earlier this year by American corporate icons such as U.S. Steel and Alcoa.

However, the United States is far from an unwitting victim of these attacks. In fact the number two country from the same list of top hacking nations was the United States. In 2012, for example, ten percent of hacking attacks originated from within the United States. In addition, the United States military has increased the portion of its budget focused on cyber warfare. In 2015, the U.S. Cyber Command plans to spend $5.1 billion on cyber combat. The video below explains the threat of cyber warfare.

There is already evidence of suspected U.S. cyber warfare at work. Aside from unpublicized U.S. attacks against the Taliban in Afghanistan, there’s the more notable example of the Stuxnet virus that infected the Iranian nuclear infrastructure and severely damaged its nuclear program. There is also the recent shutdown of North Korean internet access that many suspect was American retaliation for the suspected North Korean hack of Sony.

Along with the United States and China, other countries where hacking is a major weapon include Taiwan, Turkey, and Russia.

Non-State Actors

Indeed non-state actor hackers may pose an even bigger threat to global systems than government operations. One reason why is while government operations are generally strictly military or defensive in nature, non-state operations run the gamut.

Patriotic Hacking

One example is something known as patriotic hacking. In essence, these groups are self-appointed to represent a particular country and will respond in kind to any perceived slight against the nation they represent. One such group formed in China in response to the accidental bombing of a Chinese embassy in Belgrade by the United States during the war in Kosovo. Similar groups have also formed in many countries such as Israel, India, Pakistan, and the United States.

An example of a patriotic hacker–or “red hacker” as they are known in China–is Wan Tao. Wan Tao hacked everything from the U.S. government to Japanese political email accounts. While it is believed they he was never explicitly ordered to do so, the hacker’s targeted attacks fell in line with Chinese Governmental actions. As if to emphasize the underlying nationalism in his attacks, Wan Tao even had a name for his group, the China Eagles.

Hacktivists

Another type of non-state hacking group is known as hacktivists, which are people who use both legal and illegal means to achieve some political goal. Perhaps the best example is the group known collectively as Anonymous. Known for dawning the Guy Fawkes mask, Anonymous has been involved in hacking cases related to social issues ranging from the Occupy Wall Street movement to the shooting death of Michael Brown that set off the protests in Ferguson, Missouri. A more expansive definition of hacktivism is provided in the video below.

Other Non-State Actors

There are countless other non-state hacking groups at play today. One example is the massive hack of JP Morgan Chase in October 2014. In this case, the personal information of 83 million bank customers was stolen.  While Chase was quick to deny any information such as account numbers was taken, experts in the field remain more skeptical.  Regardless of what exactly was stolen, the culprits were again believed to be Russian hackers who stole personal information with the intent to sell it or profit off of it through other means such as fraud. There is also the persistent fear of terrorist hackers, although little has yet to come of this.

Putting Up a Firewall

While governments and individuals swarm to the attack there are also efforts to fight back against hackers, and like hackers and hacking these efforts take many forms. At the highest level are government efforts like those of the United States government. Specifically, as touched upon earlier, the United States has created a cyber command capable of launching retaliatory strikes against its enemies through cyber space if the U.S. were attacked. In essence then the United States is creating a deterrent through cyber space much like it already has through both conventional and nuclear means.

There are also altruistic attempts such as the ones being undertaken by organizations like I Am the Cavalry, which allows researchers to share their findings and help improve the security of four major sectors: medical devices, automobiles, home services, and public infrastructure.

In addition, there are more classical capitalist efforts employed by corporations. Several major corporations such as Apple, Facebook, Google, and Microsoft are actively courting hackers, often holding competitions with prizes like lucrative job offers. The goal of this approach is to pick up where traditional IT efforts leave off. Traditional efforts are geared at creating defensive measures so hackers cannot break into a system; however, this new approach utilizes hackers themselves specifically because they have the opposite mindset and are looking for the vulnerabilities to attack. By harnessing hackers’ aggressive skill sets and playing off their competitive mentalities these companies and many more are, in essence, using hackers to prevent hacking.

Conclusion

As the world becomes more digital and connected the threat of hacking will increase. In the future everything from cars to even toasters can and will be vulnerable to hacking and misuse. Furthermore, this threat will not necessarily come from other countries, but also non-state actors and even individuals. The motivations and allegiances of these people and groups vary widely and make the problem infinitely more complex.

Nonetheless, while efforts to prevent hacking can seem hopeless, like trying to keep a ship with a million leaks afloat, all is not lost. Indeed there are already efforts underway to fight back, which vary as much as those of the hackers themselves. As history has shown, no ship is unsinkable. Thus hacking is always likely to be a problem and an increasingly dangerous one; however, it can also offer an avenue for improvement and a channel to voice social concerns. While hacking may be the next great threat, like previous scourges it may also present unique opportunities for change and improvement for society as a whole.

Resources

Primary

Center for A New American Security: Non-State Actors and Cyber Conflict

Additional

Bloomberg: Top Ten Hacking Countries

CNN World: North Korea Denies Sony hack

Forbes: The Top 5 Most Brutal Cyber Attacks of 2014

Time: Here’s What Chinese Hackers Actually Stole From U.S. Companies

Time: China’s Red Hackers

WebRoot: Computer Hackers and Predators

Bloomberg Business Week: Target Missed Alarms

Washington Times: Cyber Command Investment Ensures Hackers Targeting US Face Retribution

The New York Times: North Korea Loses its LInk to the Internet

New York Post : Hackers Steal 83 Million Chase Customers’ Info

Mashable: Hacktivism

International Business Times: What is Anonymous?

CDR Global Inc: Hacking for Good

Guardian: There are real and present dangers around the internet of things

I Am the Cavalry: Homepage

Michael Sliwinski

Michael Sliwinski (@MoneyMike4289) is a 2011 graduate of Ohio University in Athens with a Bachelor’s in History, as well as a 2014 graduate of the University of Georgia with a Master’s in International Policy. In his free time he enjoys writing, reading, and outdoor activites, particularly basketball. Contact Michael at staff@LawStreetMedia.com.

The post Hacking: The New Kind of Warfare appeared first on Law Street.

The group of unnamed “hacktivists” Anonymous and the Ku Klux Klan have engaged in an apparent all-out cyber war over the events in Ferguson, Missouri over the last week. Anonymous apparently took control of the Klan Twitter account @KuKluxKlanUSA on Monday and seemingly still had control of it as of Friday. Anonymous also appears to have released a video on Tuesday launching a campaign called #OpKKK, or Operation KKK, threatening to take any content the KKK puts on the Web and to “dox” their members, meaning they would publish members’ personal information, including where they live.

Anonymous’s attacks are supposedly in response to threats from the KKK, well-known for being a hate group, in the St. Louis area against people protesting the death of Michael Brown and calling for the punishment of Ferguson police officer Darren Wilson. VICE News reports that the group distributed flyers on the streets and online the previous week addressing “terrorists masquerading as ‘peaceful protesters.’”

‘We will not sit by and allow you to harm our families, communities, property nor disrupt our daily lives. Your right to freedom of speech  does not give you the right to terrorize citizens,’ the flyer reads. ‘We will use lethal force as provided under Missouri Law to defend ourselves,’ it adds, citing Missouri’s version of a stand-your-ground law.

In Anonymous’s video response to the threats, a digitally altered voice explains why the hacker group chose to attack the Klan online. “We are not attacking you because of what you believe in as we fight for freedom of speech. We are attacking you because of what you did to our brothers and sisters at the Ferguson protest on the twelfth of November,” it says.

What followed were more suggestions of the cyber war spilling over into real violence. On Wednesday, another supposedly Anonymous-affiliated account posted an alleged message from Klan leader Frank Ancona encouraging members to ‘accidentally’ shoot any protesters wearing a Guy Fawkes mask, associated with the Anonymous movement.

‘It’s deer hunting season here in southern Missouri, it’s really easy to see how a hunter could mistake someone wearing one of those gay anonymous masks for the hind-end of a whitetail deer. Boom!!!! Oops, sorry it was an accident,’ the tweet reads.

While he didn’t explain why anyone would be deer hunting in the streets of the St. Louis metro area, Ancona seems to have confirmed the message in another statement attributed to him, RT reported. “You pathetic n***** lovers are going down, we’re NOT HIDING. WE’RE NOT ASHAMED OF WHO WE ARE AND WHAT WE REPRESENT. THE INVISIBLE EMPIRE CANNOT AND WILL NOT BE OVERTHROWN,” the message posted to Pastebin reads.

This isn’t Anonymous’s debut in Ferguson. Toward the beginning of the protests, when the identity of the officer who shot Brown was not known, Anonymous was on a campaign to release the names and information of various Ferguson police officers. In the process, a self-proclaimed member released what he or she claimed was the name of the shooting officer, Bryan Willman. Willman, a police dispatcher, was forced to shutter many of his online accounts, change his passwords, and stay in his house for six days, the New Yorker reported. It was only after this erroneous leak that the police department released the name of Officer Darren Wilson as the real shooter.

Despite the major mistake that may have endangered the life of an innocent police dispatcher, Anonymous has proven to be the real deal when it comes to hacking anything from police departments to hate groups.

Still, the authenticity of anything published in this apparent cyber war is difficult to verify for any news organization–a lot of the details of whose controlling these social media accounts is unknown. That’s because Anonymous actually is anonymous and is a loosely-associated network; almost anyone can claim to be a member. At the same time, the KKK seems to lack the technical know-how to give any sort of  coordinated response.

Zaid Shoorbajee

Zaid Shoorbajee is a an undergraduate student at The George Washington University majoring in journalism and economics. He is from the Washington, D.C. area and likes reading and writing about international affairs, politics, business and technology (especially when they intersect). Contact Zaid at staff@LawStreetMedia.com.

The post KKK vs. Anonymous: Cyberwar Declared Over Ferguson Protests appeared first on Law Street.