Connect with us

Hi, what are you looking for?



Analysts Reveal Arsenal of Cyber Tools Used by Islamic Terrorists

Jihadist groups use a variety of digital tools and online services that allow them to maintain a strong online presence, while also helping them remain undetected by adversaries, a recent report from Flashpoint reveals.

Jihadist groups use a variety of digital tools and online services that allow them to maintain a strong online presence, while also helping them remain undetected by adversaries, a recent report from Flashpoint reveals.

In a new report (PDF) called Tech for Jihad: Dissecting Jihadists’ Digital Toolbox, the intelligence firm reveals the findings of an analysis of the tools employed by various jihadist groups, including the Islamic State (also known as IS, ISIS, ISIL, and Daesh).

According to the report, the online activity of these groups remains relatively unknown to the general public, although their use of social media has attracted significant attention over the past months.

Overall, Flashpoint provided analysis of 36 specific tools and services used by radical Islamic terrorist groups.

According to Flashpoint, which recently raised $10 million to expand its business, Jihadists use complex ways to maintain robust yet secretive online presences, given that confidentiality and privacy are paramount to their survival. However, the report also points out that mainstream communication applications do not offer the sophistication these groups require for their security needs, meaning that jihadists are constantly forced to seek alternative ways to communicate.

Some of the tools and tactics used by these groups in their operations include secure browsers, Virtual Private Networks (VPNs) and proxy services, protected email services, mobile security applications, and encrypted messaging services. On top of that, they employ mobile propaganda applications designed to help supporters disseminate and view propaganda with greater ease, speed, and accessibility.

Highly secure browsers such as Tor Browser and Opera allow jihadists to operate online clandestinely without divulging their IP addresses and risking third-party surveillance, while the use of VPNs such as CyberGhostVPN and F-Secure Freedome, along with proxy services, help them further obfuscate their identities during online activities.

Advertisement. Scroll to continue reading.

The use of protected email services prevent intelligence agencies to monitor actors, and jihadists are leveraging these services too, because they offer security features such as end-to-end encryption and temporary, anonymous account capabilities. The protected email services preferred by jihadists include Hush-Mail, ProtonMail, Tutanota, GhostMail, and YOPmail.

These groups also use specialized mobile applications to enhance security on smartphones, including Locker, FAKE GPS, D-Vasive Pro, AMC Security, ESET Mobile Security, and many more, Flashpoint reports. Some of these apps are also meant to ensure increased device performance and longer battery life.

Over the years, terrorist groups have expanded their online presence through the use of social mediaand jihadists have increasingly turned to encrypted messenging tools to communicate. The Telegram app appears to be their top choice currently, despite a broad range of similar apps and services also available. Threema, WhatsApp, and Asrar al-Dardashah are also among the jihadists preferred apps.

 “In order to both gain popularity among potential supporters and instill fear in their adversaries, jihadists need consistent channels through which they can release propaganda, and technology is crucial for this,” said Laith Alkhouri, a co-author of the report and the Director of Middle East/North Africa Research and a co-founder at Flashpoint. “Jihadists’ reliance on technology for survival is a proven, powerfully motivating force, pushing the community to constantly learn, adapt, and advance through various technological tools.”

In April, Flashpoint released a report which concluded that the cyber capabilities of the Islamic State and its supporters are still relatively weak and appear to be underfunded and poorly organized.

Last summer, the FBI warned U.S. lawmakers of the challenges in monitoring encrypted online communications among Islamic State terrorists, while calling for new laws requiring technology firms to provide backdoors to decrypt messages among jihadists.

In April, U.S. Defense Secretary Ashton Carter said the U.S. Cyber Command (CYBERCOM) was working to destroy the Islamic State group’s Internet connections and leave the jihadists in a state of “virtual isolation.” 

Related: ISIS Cyber Capabilities Weak, Poorly Organized: Report

Related: US Military Conducts Cyber Attacks on IS

*Ionut Arghire contributed to this report

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet


The war in Ukraine is the first major conflagration between two technologically advanced powers in the age of cyber. It prompts us to question...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...


Iranian APT Moses Staff is leaking data stolen from Saudi Arabia government ministries under the recently created Abraham's Ax persona

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...


Russia-linked cyberespionage group APT29 has been observed using embassy-themed lures and the GraphicalNeutrino malware in recent attacks.


ENISA and CERT-EU warn of Chinese threat actors targeting businesses and government organizations in the European Union.