Just the Facts: ISIS Encryption

This is an attempt to collate all the information about ISIS comms within Europe, back to ISIS Syria. This is only operational terrorist comms, not propaganda or fanboy comms. There are links to source material and a summary of what is known.

The clear takeaway from this list is that: 1) ISIS doesn’t use very much encryption, 2) ISIS is inconsistent in their tradecraft. There is no sign of evolutionary progress, rather it seems more slapdash and haphazard. People use what they feel like using and whatever is convenient.

May 2014, Brussels. Jewish Museum

  • Unknown?

Jan 2015, Paris. Charlie Hebdo, Jewish Grocery

Jan 2015, Verviers

August 2015 — January 2016, Paris (no attack; independant cell?)

August 2015, Thalys Train

  • No public info.

August 2015, No Attack, Reda Hame

October 2015, (no attack) Italy

Nov 2015, Paris. Football stadium, Restaurants, Bataclan

  • Burner phones
  • No encryption at rest
  • Phone calls, SMS

March 2016, Brussels Airport

June 2016, Dhaka Cafe

July 2016, Hyderbad (foiled attack)

Salah Abdeslam

Abdelhamid Abaaoud

Greek Operations Center

  • Computer and thumb drive, no encryption at rest. Link
  • Phone calls to Verviers, no encryption

Paris Command Operations

  • Phone calls to Brussels during attack

Bataclan Assault

  • White Samsung, had Telegram installed but not used; sent plain text SMS; searched for, and saved, layout of Bataclan hall night before attack
  • Witness claimed to see “text” on a laptop; French authorities have not reported a laptop recovered from Bataclan; suggestions of encryption similar to PGP (probably Mujahideen Secrets)? No public evidence of laptop. No public evidence of encryption