There's plenty of advice on how to secure your computer and smartphone, but most are targeted at law-abiding citizens looking to maintain personal privacy. One online publication, however, just released a guide for would-be Jihadists to keep clandestine plans from prying eyes.
The unpleasant realization you get while reading it: While it's sound advice for terrorists looking to keep off the grid, some of it also makes sense for the rest of us, too.
Al-Minbar Jihadi Media Network, a well-known Islamic extremist organization, just published a new magazine with step-by-step directions for keeping plans private from the NSA or other government bodies. The 12-page online publication, first reported (http://online.wsj.com/article/SB10001424127887324564704578627820340909636.html) by
The Wall Street Journal and translated by SITE Intel Group (https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0CC0QFjAA&url=http://news.siteintelgroup.com/component/content/article/6-jihadist-news/3252-al-minbar-jihadi-media-network-launches-new-magazine&ei=Ae7zUd6YFpKAygHwvoGYAw&usg=AFQjCNHMplgj6itu_oQS6MsU1Ysw_D4sRQ&sig2=DkB6uJIQ9owOqrfREIPPgQ) (subscription required), gives a series of suggestions for Internet security. And many apply to anyone interested in security.
Among the tips offered to the would-be extremist:
- Don't trust anyone you meet online; use a different identity with everyone with whom you deal
- A phone can reveal your exact location [so] remove your phone battery and SIM before going to a sensitive location
- A laptop used for accessing the Internet shouldn't be used for any other work
- Delete all messages after every exchange [pf course, nothing is ever truly deleted in the digital world... unless you really, truly go about it properly (http://www.macworld.com/article/1166104/how_to_securely_delete_files.html)]
- Memorize your passwords [terrorists don't affix passwords on sticky notes to their machines, and neither should you]
- Don't go online with your regular phone; go offline when you're done
- Put no true information in any website registration [for years we've known that our online identities are stitched together by legitimate businesses (http://www.nytimes.com/2006/08/09/technology/09aol.html?pagewanted=all&_r=0)—the more we give accurate information online, the easier it is to identify us for advertising and other activities]
- Tape over the front camera of your mobile phone [because "most mobile phones, including the iPhone and Galaxy, take a picture of your face"]
- Disguise your voice when making phone calls
Some of these are clearly excessive for law-abiding types, and really only make sense for someone trying to hide illegitimate activities. Few of us, for example, really need to remove the batteries and SIM cards from our phones, even if we're trying to hide our repeat visits to McDonalds after promising our partner we're adhering to a diet.
A terrorist obviously doesn't want to inadvertently reveal his identity by mixing personal communications on a machine he uses to carry out his mission. Though less serious in scope, people also shouldn't put themselves in a position to be fired for personal activities that might put one's job at risk. Having an affair with your boss? That's bad policy, anyway, but particularly if you send emails to her work address.
Think of disgraced former CIA director David Petraeus, who reportedly used a technique popular with terrorists (http://www.washingtonpost.com/blogs/worldviews/wp/2012/11/12/heres-the-e-mail-trick-petraeus-and-broadwell-used-to-communicate/) to keep emails to biographer Paula Broadwell, with whom he was having an affair, safe from detection.
Other suggestions in the how-to indicate issues that might apply to terrorists now, but are quickly becoming mainstream issues. For example, most of us don't think twice about our phone's camera until we're ready to snap a photo of that food we ordered. But malware already exists (http://www.forbes.com/sites/josephsteinberg/2013/06/04/your-smartphone-can-photograph-you-and-share-the-pictures-without-your-knowledge/) that allows someone to hijack your smartphone and surreptitiously snap photos of you and your surroundings constantly. Yes, it might be the NSA spying on you, but unless you're a would-be terrorist, it's more likely to be your perverted neighbors, as one British woman discovered to her surprise (http://www.dailymail.co.uk/news/article-2344701/They-watched-bath-laptop-How-webcam-hackers-spy-women-homes.html).
Either way, it's unpleasant. And it's a suggestion of where mobile security is going to need to go to handle the emerging needs of mainstream consumers, first revealed by would-be terrorists. The terrible tension here: The same techniques that make it harder for law enforcement to catch terrorists before they act may be necessary to keep our private lives private.
Image courtesy of Shutterstock (http://www.shutterstock.com).
ReadWrite