How ISIS could use video games, messaging apps to evade surveillance

ISIS uses Sony's PlayStation 4 gaming platform to communicate covertly, according to a new report.

How ISIS communicates PlayStation 4 video games WhatsApp Telegram encryption

A new report sheds some light on how terrorists, particularly those with the Islamic State (ISIS) involved in last week's deadly attacks in Paris, manage to communicate in an age when most communications tools are susceptible to government surveillance.

The most interesting is how the group can use video game platforms, specifically Sony's PlayStation 4, to relay messages between members. A Buzzfeed News report quoted Belgium's federal home affairs minister Jan Jambon, who had explained at an event prior to the Paris attacks that communications on a device like the PlayStation 4 could be more difficult to monitor than those on encrypted messaging apps, such as WhatsApp.

See also: Hacktivists claim ISIS terrorists linked to Paris attacks had bitcoin funding

The Buzzfeed News article attributes that to the ability to create messages within the games themselves that others playing online can see:

It remains unclear, however, how ISIS would have used PS4s, though options range from the relatively direct methods of sending messages to players or voice-chatting, to more elaborate methods cooked up by those who play games regularly. Players, for instance, can use their weapons during a game to send a spray of bullets onto a wall, spelling out whole sentences to each other.

This seems similar to the email draft workaround that terrorists were discovered using about 10 years ago. Rather than sending a message through an email service susceptible to government surveillance, terrorists would instead write out an email and save it as a draft. The recipients would later log in to the same email account and check the Drafts folder. The message is created and shared within the service without ever being sent over a network.

When terrorist groups do employ encrypted messaging services, they do so in a way that can thwart some governments' decryption and data collection efforts. Aware that some agencies are capable of intercepting and decrypting individual messages, terror groups use code terms or limit the information per message to decrease the chance that one intercepted message will tip off authorities to their plans, according to the Buzzfeed News report.

"Today, intelligence agencies have the ability to intercept specific encrypted messages and decrypt them, given time and reason to do so," an anonymous U.S. intelligence officer reportedly told Buzzfeed News. "But if they do this, if they intercept the message and the message reads only one word, ‘tomorrow' or even, ‘the weather is good,' how does that help us? We might be warned that something is happening but we don't know where or when."

One such app, Telegram, has become so popular with ISIS and al-Qaeda that Russian authorities recently moved to shut down access in the country. The company's founder, Pavel Durov, actually addressed the app's use among terror groups during an interview at the TechCrunch Disrupt event in September. Durov's comments echo the long-running debate between pro-encryption privacy advocates and government agencies, which will only intensify in the wake of the Paris attacks.

"That's a very good question but I think that privacy, ultimately, and our right for privacy is more important than our fear of bad things happening, like terrorism," Durov told TechCrunch in September. "Yes there is a war going on in the Middle East. It's a series of tragic events, but ultimately the ISIS will always find a way to communicate within themselves. And if any means of communication turns out to be not secure for them, then they switch to another one. So I don't think we're actually taking part in this activities. I don't think we should feel guilty about this. I still think we're doing the right thing — protecting our users' privacy."

Correction: This article was changed to remove an error in Buzzfeed's initial article, which claimed that Belgian authorities had discovered a PlayStation 4 device used to communicate with ISIS affiliates in the home of one of the Paris attackers. Jambon's comments about surveillance on PlayStation 4 were made prior to the Paris attacks.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2015 IDG Communications, Inc.