Connect with us

Intelligence

Testing Solutions for Intelligence and Security Professionals in Fighting ISIS in the Encrypted Social Media Space

Published

on

Authors: Lorand Bodo, M.A. & Anne Speckhard, Ph.D.

Telegram currently is, for a plethora of reasons, the favorite encrypted social media app employed by ISIS.[1] As such, Telegram has become the subject of deep controversies in the West. While government officials demand for Telegram to store and hand over user information of those promoting terrorism, Telegram’s executives have responded with an adamant refusal to comply.

This conundrum between governments wanting to balance security against encrypted social media executives arguing in behalf of the rights to free speech and surveillance-free communications—particularly in authoritarian regimes—has led researchers at ICSVE to question if it’s possible to assist law enforcement in identifying nefarious users on Telegram without demanding the assistance of the app itself. This article reports on our researchers’ successful attempts to test a few potential approaches that show promise.

Background

There is no doubt that ISIS has been the most successful tech-oriented terrorist organization in history that not only understands how to use the Internet for communication purposes but also has learned to do so while hiding their messaging and identities. ISIS cadres use the surface web, deep web, dark web, social media and encrypted messaging apps, such as Telegram, to disseminate their propaganda, recruit new members, inspire or even direct their followers to carry out terror attacks which all cause serious concerns for law enforcement, intelligence and security professionals tasked with staying one step ahead in fighting the group[2]. It bears noting that ISIS also surfaced at a time when social media’s feedback mechanisms were developed enough to allow ISIS to distribute their slick propaganda to global audiences and then hone in on those who show interest. By virtue of a retweet, like, or other endorsement of their products they are able to personally contact those who show interest.[3] In recent years Twitter, Facebook, YouTube and other web-based social media apps have cracked down on ISIS’s presence on their platforms making it harder to carry out intensive grooming and recruiting on these web-based apps. This however, resulted in ISIS using fleeting accounts on mainline web-based apps like Twitter, YouTube and Facebook to quickly attract the attention of those interested in their propaganda and then migrate potential recruits onto encrypted apps such as Telegram where they may then engage with them on a much more intensive level and for a longer time period without disruption—to motivate and direct some into carrying out actual attacks.

While we can monitor most of ISIS’ activity on the web-based Internet (i.e. YouTube, Facebook, Twitter, etc.) through web crawlers and search engines, law enforcement and intelligence agencies struggle when it comes to intercepting valuable intelligence that could support in preventing and disrupting terror attacks on messaging apps, such as Telegram that are encrypted and thus prevent such efforts.

In response to these very real security issues, Russia’s FSB (security service) announced on June 26 (2017) that terrorists had used Telegram to coordinate and plan a deadly suicide bombing on Russian soil by providing “terrorists with the opportunity to create secret chats rooms with a high degree of encryption”[4]. As a result, Russian officials increased their pressure upon Telegram to provide security-related information to Russian security services. In response, Telegram’s founder, Pavel Durov, agreed for his firm to be registered in Russia, but insisted on not sharing any private data with the Russian government, stating that he does not want to undermine the privacy of the six million Russian Telegram users currently registered on the app.[5] Indeed, this is not a simple dilemma, as it pits the rights of free speech and surveillance-free communication in an authoritarian regime against the need for security concerns about potential terrorist attacks. This underlying problem of cooperation between counter-terrorism (CT) officials and any tech-company is what we call the “business-security” dilemma.

The “business-security” dilemma describes a situation, in which tech companies, such as social-media or encrypted messaging apps, have to choose between two options, each that have negative consequences for both parties. Companies that cooperate with law enforcement and intelligence agencies by providing access to private data hopefully address security threats from terrorism, but by doing so, demonstrate their failure to value and protect the privacy and free speech of its users—which is particularly harmful to encrypted social media apps which exist precisely for that purpose. Law enforcement and intelligence agencies also lose if tech-companies cooperate, as many users—both benign and nefarious—will stop using the app and download another. On the other hand, if the social media app executives do not cooperate, bad press inevitably follows, framing the company as a ‘terrorist supporter’. Thus, with either choice—compliance or refusal, the company faces negative consequences, from its customers or the security sector, as does the CT-community.

Social media companies, such as Facebook, Twitter and YouTube face a similar dilemma, costing them time and resources which do not directly support their products in efforts at surveillance and takedowns which may also turn away users. Their dilemma is less severe however, as their apps do not depend solely on being able to provide encrypted communications. In the case of these web-based, open source social media there are also web-crawlers and business applications that could be used by these companies to detect and take down a lot more ISIS content than is currently being taken down at present.[6] And, it should not be forgotten that social media companies are masters in collecting data on users for targeted advertising purposes. Perhaps for them, it would be advisable to use existing technology and modify it to identify violent extremist online propaganda?

Encrypted apps are another story and cannot be crawled in this manner. In either case, extremist content is spreading, versus decreasing, on social media and law enforcement simply can’t keep up while social media companies, for reasons unknown, have not yet opted to use available technologies for more comprehensive and speedy takedowns. As a result, we are failing in countering extremist content online. However, as a recent Guardian article argued: “Counter-terrorism was never meant to be Silicon Valley’s job”.[7]

Moreover, due to growing concerns of consumers about hacking, as well as anxieties raised about government surveillance (particularly following Edward Snowden’s shocking revelations), a large number of mobile phone users have turned to encrypted messaging apps. In 2016, Telegram was downloaded 49,28 million times, followed by Wickr-Me with 3.8 million, Signal with 3.62 million, and other encrypted messaging combined with 0.35 million downloads[8]. When we look at these numbers, we have to ask ourselves, if our citizens value privacy more than they value security from terrorist threats? Do the costs of losing privacy, free speech and surveillance-free communications outweigh the benefits? Indeed, the number of terrorists compared to the vast majority of Telegram (and other encrypted app) users who are benign and have no intention to commit an act of terror is very low. If all Telegram users were in fact terrorists, we should see terror attacks every single day. But, fortunately, we don’t.

Nevertheless, we should not give up on chasing terrorists and shutting down their activities in the encrypted space; but instead of demanding the encrypted apps cooperate with government, it may be more useful to independently develop creative methodologies to gain valuable intelligence on those individuals engaging with and distributing ISIS propaganda as well as recruiting and directing terrorist attacks. In particular, with ISIS relying so heavily on Telegram, we need at present to find ways to fight ISIS without demanding any help of Telegram, whose executive leadership refuses in any case, to release encrypted information needed to fight jihadists using their messaging app. [9]

Identifying Nefarious Telegram Users without the Help of Telegram

So, how can we deal with this very tiny fraction of Telegram users who support and share ISIS content? To this end, we were interested in two questions: first, can we learn if pro-ISIS Telegram users employ information security (InfoSec) measures, such as virtual private networks (VPNs), to protect their identity and if not, are they identifiable? Second, is it possible to identify ISIS endorsing Telegram users communicating via private messaging without any help from Telegram, to make it possible for the law enforcement or intelligence community to do the same?

ISIS, as well as other militant jihadi groups have long been concerned with promoting information security to their members to enable them to evade law enforcement and intelligence. Among the many InfoSec groups ISIS promotes to their members, one known as “Horizon” has published manuals in multiple languages on topics like VPNs, secure browsers and the deep and dark web. In 2015, researchers discovered that ISIS had been using a 34-page operational manual that demonstrates just how tech-savvy ISIS really is. This manual was written in 2014 by a Kuwaiti cyber-security firm for journalists and activists in Gaza, but it was also found in ISIS chat rooms. Topics that are covered range from how to use Twitter, with a focus on protecting identity, to using encrypted Internet browsers and keeping telecommunications private.[10] At ICSVE, our researchers have been monitoring pro-ISIS Telegram channels for quite a while and we have also come across several Telegram channels that serve solely one purpose, namely educating pro-ISIS individuals in information security. Fig.1 shows a screenshot of a pro-ISIS channel that shares free tools, such as anti-virus software or VPN tools on a daily basis. According to Alkhouri, “such advice is what helped many jihadists bypass scrutiny and operate online with ease”.[11]

Given the dissemination of these manuals and ISIS’ intent of educating its followers about the importance of information security, we were keen to test if Telegram users operating in ISIS space actually are actually savvy enough to have implemented these InfoSec measures or if they fail to pay attention. To this end, we conducted a small experiment on Telegram, which was comprised of two approaches. Concerning our methodology, we have decided not to reveal it here as it was used to learn the identities of pro-ISIS Telegram users and we do not wish to further educate them in terms of information security. In this respect, it must be highlighted that this methodology should not be perceived as a ‘silver-bullet’, but more as a ‘cause for thought’ to develop better and more effective approaches. At ICSVE, we strongly believe that any effort to fight ISIS on the digital battleground is better than doing nothing—particularly as ISIS loses territory and increasingly promotes and directs homegrown attacks via the Internet.

The first approach was OSINT-informed and had the objective to identify the social media accounts of pro-ISIS Telegram users that in turn provides us with valuable intelligence about the actual identity of the person and his or her wider network. By employing our techniques, we were able to gain the actual identities of 3 users in a private chatroom, however, we will only highlight one case herein as the method is the same. In this regard, it is also necessary to emphasize that corroborating our results was one of the main challenges of this approach, however, after analyzing the whole case, we were quite confident in our judgements as the evidence was overwhelming.

In the first approach, we focused on private chat rooms as they allow us (not always) to see the actual group members in terms of numbers and profiles. In this case, we explored a private chat room, which primarily disseminates official ISIS propaganda.

In this case, a profile caught our eyes for several reasons (that we don’t explain here as it would reveal our methods). We were keen to find one of the target’s social media accounts which might revel his or her real identity. Generally, we assumed, that even though individuals employ encrypted-messaging apps for privacy for their terrorist-engaging purposes, they still have active social media social media accounts registered in their own real identities. And, in this particular case, we were right).

In fact, we were quite surprised how easy it was to identify this particular Telegram user. However, it should be mentioned that this approach does not work with any Telegram user, but it is definitely worth a try for the purpose of gaining valuable intelligence.

A quick scan of the pictures which were posted on this individual’s Facebook account, reveals more about the individual. Especially the knife picture caught immediately our attention, as in Telegram the same individual was endorsing and sharing violent ISIS propaganda material that causes us to view him as radicalized and potentially considering engaging in violence. To learn if his knife picture was unique to him we searched the same image on the surface web and found out that this picture was posted repeatedly on other websites. In other words, the individual simply copied and pasted the picture, which also implies that the target is most probably not in possession of that particular knife. Yet his Telegram activity makes clear he may be considering enacting violence. To be on the safe side we passed our information, including his identity, on to the relevant security authorities for them to determine whether or not he constitutes an actual terrorist threat.

Our second approach tested whether or not pro-ISIS Telegram users employ information security measures, such as VPNs or a Proxy, to disguise their IP-addresses. We need to emphasize that we were also aware of the fact that individuals could use a Tor browser, public Wi-Fi or similar tools. In these cases, we would not be able to know if the IP address ties to that individual or not. Likewise, we were aware of the fact that identifying someone’s IP address would not give us his or her real name, exact location, or anything like that. In general, we assumed that most individuals use Telegram on a daily basis, meaning that whenever they have time to check out the latest posts, they would use their mobile phones to have a quick look. Furthermore, we assumed that these individuals would probably not use a VPN or Proxy every single time they access Telegram, even if installed, because it often slows down the Internet speed and individuals may just forget about activating the VPN when anxious to view new posts.

With all these assumptions in mind, we again went back to one of the private chat rooms to carry out a small experiment. Our experiment was exploratory in nature as we haven’t come across a similar approach in the literature or on the Internet, however, we are aware that many intelligence agencies have been using the same or similar techniques. Overall, we needed four attempts to gather a sample of three out of all of the 138 group members that we then studied for their use of a VPN or Proxy. From these three individuals, two have not used a VPN or Proxy as in contrast to the third individual who used a Proxy Server (located in Cyprus). In this respect, it is paramount to highlight that these results should be interpreted carefully as the method used is not 100% accurate. Furthermore, those two individuals identified could have also used a Tor Browser or public Wi-Fi, for example. So, how reliable is the method then?

To be on the safe side, we have also used the same method to disguise the IP addresses of friends who use Telegram on a daily basis. We conducted this experiment in three rounds. Round one gave instructions on using a VPN or Proxy. Round two gave instructions on not using any of the InfoSec measures. Round three tested our method in the “Secret Chat” that uses end-to-end encryption, leaves no traces on Telegram servers, has a self-destruct timer and does not allow forwarding, by telling our friends not to use a VPN or Proxy. Overall, we were successful in disguising the IP-addresses (Round 2 and 3) and most importantly, to detect the Proxy or VPN (Round 1). With this in mind, we were confident that our results with the small pro-ISIS sample was similarly successful.

Conclusion

ICSVE’s brief exploratory incursions on Telegram tell us two things. One that it is possible to penetrate ISIS Telegram chat rooms and inside them find the social media accounts, and thus identities, of those who appear to be serious ISIS devotees. Likewise of these we were able to find, we learned that some do not take the precautions of using a VPN or Proxy network, despite ISIS’s instructions to do so. Most surprisingly, we found out that our method even works in the Secret Chat, a special service that makes Telegram so famous for being secure. Our small experiments should be seen as an attempt of exploring and discovering creative ways to identify pro-ISIS Telegram users. Most importantly, we want to demonstrate that there are ways to fight ISIS in encrypted messaging apps, even though Telegram itself is refusing to cooperate.

There is also still the matter of social media giants such as Facebook, YouTube and Twitter using available technologies to take ISIS content and accounts down faster so that there is not the opportunity to engage and be seduced off the open source web-based social media into the encrypted social media apps that are harder to track. However our short experiment demonstrates that tracking is possible even when not having Telegram’s cooperation. And this was just the beginning.

Note to readers: Our expertise and methodology is freely available to law enforcement and intelligence agencies upon request.

Reference for this article: Lorand Bodo, M.A. & Anne Speckhard, Ph.D. (July 15, 2017) Identifying Nefarious Telegram Users without the Help of Telegram Itself: Testing Solutions for Intelligence and Security Professionals in Fighting ISIS in the Encrypted Social Media Space. ICSVE Research Reports. http://www.icsve.org/research-reports/identifying-nefarious-telegram-users-without-the-help-of-telegram-itself-testing-solutions-for-intelligence-and-security-professionals-in-fighting-isis-in-the-encrypted-social-media-space/

 [1] Yayla, Ahmet S and Speckhard, Anne (2017). Telegram: The Mighty Application that ISIS Loves, available at: http://www.icsve.org/brief-reports/telegram-the-mighty-application-that-isis-loves/ (29.06.2017)

[2] Callimachi, R. (2017). Not ‘Lone Wolves’ After All: How ISIS Guides World’s Terror Plots From Afar, available at: https://www.nytimes.com/2017/02/04/world/asia/isis-messaging-app-terror-plot.html (29.06.2017).

[3] Speckhard, A., Shajkovci, A. & Yayla, A. S. (2016). “Defeating ISIS on the Battle Ground as well as in the Online Battle Space: Considerations of the “New Normal” and Available Weapons in the Struggle Ahead”. Journal of Strategic Security 9, no.4, p.1-10.

[4] Reuters (2017). Russia, Upping Pressure on Telegram App, Says It Was Used to Plot Bombing, available at: https://www.nytimes.com/reuters/2017/06/26/technology/26reuters-russia-telegram-security.html (29.06.2017).

[5] Reuters (2017). Telegram App Agrees to Register in Russia, but Not to Share Private Data, available at: https://www.nytimes.com/reuters/2017/06/28/technology/28reuters-russia-telegram-security.html (29.06.2017).

[6] See for example: GIPEC (2017). Who we are: GIPEC, available at: http://www.gipec.com/who-we-are/ (30.06.2017).

[7] Solon, O. (2017). Counter-terrorism was never meant to be Silicon Valley’s job. Is that why it’s failing? available at: https://www.theguardian.com/technology/2017/jun/29/silicon-valley-counter-terrorism-facebook-twitter-youtube-google (29.06.2017).

[8] Roberts, J. J. (2017) Here Are the Most Popular Apps for Secure Messages, available at: http://fortune.com/2017/01/17/most-popular-secure-apps/ (29.06.2017).

[9] The Times (2017). Message app used by Isis refuses to fight jihadists, available at: https://www.thetimes.co.uk/article/message-app-used-by-isis-refuses-to-fight-jihadists-jrddv7c93 (30.06.2017)

[10] Murgia, M. (2015). Islamic State uses detailed security manual, revealing its cyber strategy, available at: http://www.telegraph.co.uk/technology/internet-security/12007170/Islamic-States-detailed-security-manual-reveals-its-cyber-strategy.html (29.06.2017). (You can also find the manual here)

[11] Alkhouri, L. (2017). How Cyber-Jihadists Protect Their Identities and Their Posts, available at: https://www.thecipherbrief.com/column/private-sector/how-cyber-jihadists-protect-their-identities-and-their-posts-1092 (29.06.2017).

Continue Reading
Comments

Intelligence

After a New Massacre, Charges That ISIS Is Operating With Assad and the Russians

Anne Speckhard, Ph.D

Published

on

Authors: Anne Speckhard, Ardian Shajkovci

On July 25 in the Syrian province of Sweida a massacre began in the early morning. Ten jihadists from the so-called Islamic State entered Sweida town. They wore the traditional baggy trousers and loose-fitting overgarments of Druze men, but beneath the clothes they had hidden explosive vests. Three detonated in the main vegetable market, then one of them accompanied the many injured to the hospital and set off his explosive charge there. The other six suicide bombers were overcome before they could detonate, according to senior officials in the Druze community.

At the same time, hundreds of ISIS fighters entered three nearby villages, moving house-by-house slitting throats and shooting to death men, women and children. Some reported that the killers left a witness from each family alive to tell their hideous story. In all, 273 Druze were killed and 220 injured, Druze officials told us.

They strongly suspect that the attack by ISIS was carried out in cooperation with the Russian-backed Syrian regime of Bashar al-Assad, and this is corroborated to some extent by ISIS prisoners we have interviewed who are being held by U.S.-allied Kurdish forces here in northern Syria.  The Druse politicians and officials came here to try to forge an alliance with like-minded Kurds for mutual self-protection, which is when they told us the details of the massacre.

News of the atrocity has been reported internationally, but the story behind it still is not well understood.

The Druze are one of the smaller minorities in Syria, perhaps three percent of the population. But their reputation as fighters in the wars of the Levant goes back centuries.  Altogether, they number about a million adherents of a monotheistic, Abrahamic faith mingling elements of Judaism, Christianity and Islam, but also beliefs in reincarnation. Long persecuted for their beliefs, they keep their scriptures secret.

Their lands and their strongholds traditionally have been in the mountains of Syria and Lebanon, although some Druze are in Jordan and a large contingent are in Israel. Many live outside the region as well, and fit easily into the secular West. (Amal Clooney, for instance, is from an influential Druze family in Lebanon.) In Syria, the hills east and south of Damascus officially are known as Jabal al-Druze, the Druze mountain, and the communities that live there are very close-knit.

To this day, Druze fighters are well represented in the militaries of Lebanon and Israel, and until recently of Syria as well. But when the Syrian uprising of 2011 turned violent, Druze leaders decided to stay neutral in the conflict. They called those serving in the Syrian army to desert and return home. Druze officials we spoke to, who did not want to be quoted by name, claim to have their own militia of 53,000 – reservists, military deserters and young men whom they have trained – ready to defend their Syrian heartland.

As the ISIS massacres in the Sweida region began just after dawn, mysteriously, telephone land lines and electricity in the area had been cut off. But the news spread by cell phone, and well-armed Druze men came out in droves to defend their population. “The big battle started around noon and lasted until 8 p.m,” said one Druze official who joined the fight.

According to the Druze politicians we talked to, there were approximately 400 combatants from ISIS, or Daesh as they are called here, facing thousands of individually armed Druze who rose to fight — and who did not take prisoners.

“Currently 250 Daesh are dead,” one Druze official told us. “There are no injured [ISIS fighters]. We killed them all and more are killed every day in ongoing skirmishes in which the Daesh attackers continue to come from the desert to attack. Every day we discover the bodies of injured Daesh who died trying to withdraw. Due to the rugged terrain, Daesh could not retrieve them with their four-wheel-drives. We have no interest to bury them.”

Of 10 known ISIS captives taken during the fighting, three were hanged immediately.  Another was captured and hanged during skirmishes earlier this week. The Druze officials said that the Syrian authorities are demanding any surviving ISIS captives be turned over to them, but the Druze are refusing to do so.

The horror of the Sweida massacre in an area most considered safe—and in these last moments when ISIS rule in Syria appears to be all but over—was magnified when the Druze learned that some of their women and children had been taken captive by ISIS cadres. “Most of the Daesh attackers were killed,” a Druze official told us. “The only escapees were those who were kidnapped in the first village: 29 women, teenagers and babies.”

One 19-year-old student already has been beheaded by ISIS, which also quickly posted pictures of their Druze female captives and demanded that the Syrian regime stop attacking them and exchange ISIS prisoners held by the regime for these women and children.

In addition to the sensational pictures of the helpless women holding their hands above their heads in the desert, ISIS sent a video of one of their Druze captives, 35-year-old A Shalguinz, who delivered her baby in the desert.

“Daesh said they will make them sabaya [slaves] if the regime doesn’t’ give 100 prisoners to them and the regime refused,” one of our interlocutors told us.

People in the Middle East constantly speculate about the machinations of their governments and political parties, and rumors are taken seriously since verifiable facts often are hard or impossible to come by. But the Assad regime and ISIS at this moment have a coincidence of interests that is hard to mistake.

Assad currently is readying his troops and Russian- and Iranian-backed allies to attack the jihadist militants in Idlib, and the Druze leaders we talked to feel that their people were directly punished for not agreeing to join the Syrians in that operation.

Replaying the events that occurred prior to the slaughter and kidnapping, one Druze leader points out that about a week before the massacre, “Three Russian military officers came to the region to meet the political representatives of our area. They were meeting to create the 5th army in the region, exclusively for that region, so that all the young Druze who fled the Syrian Army and the Druze reservists are invited back.”

If the Druze have anything like as many as the 53,000 combatants they claim, obviously they could be hugely valuable to the regime’s army. But that was not going to happen.

“We don’t attack outside of our area. We only defend ourselves if necessary,” said the same official. “They came and said, ‘We’ll make the 5th battalion to protect the area. They can join the combat against al Nusra [al Qaeda linked jihadists] in Idlib,” he explained. “But the local representative answered them clearly, that they cannot join any Syrian Army to combat outside the mountain of the Druze, only defensive not offensive actions.”

Assad’s alleged complicity with ISIS is long, gruesome, and well documented. Recently he has had a policy of allowing armed militants to escape from cities in busses, ostensibly to reduce the risk of civilian casualties.

““It is known that Daesh militants in the suburbs of Damascus have been displaced to the east of Sweida in green buses by an agreement with the government: 1,400 Daesh were moved this way to the area east of Sweida and near the Tanf base of the Americans,” one of our Druze sources told us.

The U.S. garrison at al-Tanf sits on the strategic Baghdad-Damascus highway, located in Syria on the Iraqi border and within miles of the Jordanian border. This outpost has served as a launching point since 2016 for counter-ISIS operations including training for Syrian opposition factions fighting ISIS, al-Nusra and other jihadists.

“Adding to that, 1,000 combatants of Daesh came in a discreet way from the Yarmouk area [a Palestinian refugee camp in Damascus] to join the local Daesh, estimated at 2,000 to 3,000 combatants,” said one of the Druze officials who talked to us. “We know this by internal sources of the Syrian army. There are still some Druze of the army who leak this information to us.” In these transfers, ISIS fighters “have the right to take their individual Kalashnikov and three magazines. According to the government all of them came armed this way as the Syrian government gave them this safe passage to move to our area.”

“On the 24th of July most of the official checkpoints of the Syrian army around Sweida were withdrawn—all around the villages where the massacres occurred,” this Druze official told us. “They hit at 7 a.m., but at night something else was happening. Where the villages are—facing the Daesh area—the Syrian army withdrew the local weapons from the local protection militias. No one knew why. They also withdrew their checkpoint in the area and cut the electricity and local phone service. The regime was a spectator to the massacre.”

“We think there is complicity between Daesh and the regime,” another of the Druze leaders said. “It’s so obvious to us. The regime refused to send ambulances to assist the population. They cut the electricity as well and the local telephone service to make it difficult to communicate. They couldn’t cut the mobiles.”

One of the 10 captured ISIS attackers admits on an interrogation video shared by the Druze leaders that in the village massacres a man from the Syrian government guided them from house to house, knocking on the doors and calling the inhabitants by name so they would unwittingly open their doors to the ISIS attackers.

This is not the first time we have heard of such cynical and deadly complicity between the Assad regime and the ISIS terrorists it supposedly is fighting. We have interviewed, now, 91 men and women who defected from ISIS or were taken prisoner by the forces fighting it. They have told us that ISIS sold grain and oil to the Syrian government while in return they were supplied with electricity, and that the Syrians even sent in experts to help repair the oil facility in Deir ez Zour, a major city in southeast Syria, under ISIS protection. Early in the the revolution, Bashar al-Assad released al Qaeda operatives and other jihadists from his prison to make the case that he was fighting terrorists, not rebellious people hoping for democracy. One of those jihadists he released, known as Alabssi, was one of the ISIS leaders in the battle in Sweida.

In neighboring Iraq, ISIS has been declared militarily defeated since November 2017. President Donald Trump, in his state of the union speech in January this year, said, “I’m proud to report that the coalition to defeat ISIS has liberated very close to 100 percent of the territory just recently held by these killers in Iraq and in Syria.” But on the ground, U.S.-led coalition forces say that in the area patrolled by Americans and their close allies, around 1,000 ISIS militants are still at large. And an estimated 9,000 ISIS militants are still roaming free in Syria and Iraq. And in both places heinous attacks continue to occur.

Where did the fighters come from who carried out the massacre in Sweida? Ten ISIS fighters were captured and hundreds killed. According to our sources 83 ID cards were recovered. Most were Chechens, Palestinians from the Syrian camps, and some Saudis. There was a Moroccan and a Turkman among them, a Russian and a Libyan, as well as some Iraqis. Supposedly the brother of Abu Bakr al-Baghdadi, the leader of ISIS, commanded the assault.

The Chechens who were slain were all wearing suicide vests—as usual, our source said. Those who attacked in the center of Sweida wore suicide vests, but so did the snipers using powerful rifles to shoot from distant rooftops. “That’s where most our casualties came from,” said one of the Druze officials. “It seems ISIS is alive and well despite international reports that they are defeated, or nearly defeated.”

One of the officials will only speak to us anonymously out of concern the attack can be repeated. “If they kidnap one, they will kidnap more,” he worries. Some 114 villages and small towns are around Sweida with half a million Druze living there.

The leaders of Druze mountain tell us that they are now also appealing to the international community to be protected by an international force, as the Kurdish area is protected by the Americans, and to assist them to bring back the kidnapped women to their families.

“To safeguard our community and to protect the diversity in the future of Syria, we need to create a crescent against aggressors,” said one of the politicians. Running from north to south, including parts of Iraq, it would protect the Kurds, the Yazidis, Christians, and Druze. “The minorities are looking to the Coalition as the only credible force in the area,” he said, adding, “The crescent strategically speaking would also cut the Iranians from access to the regime.”

The world must decide whether or not to respond, but the record thus far does not hold out much hope.

Author’s note: This piece first published at the Daily Beast

Continue Reading

Intelligence

The armed conflict between ISIS and al Qaeda has reached its climax

Uran Botobekov

Published

on

Al Qaeda-backed Central Asian jihadists

How Central Asian jihadists kill each other in Syria?

Exactly one year ago, on July 10, 2017, the Islamic state citadel of Mosul city was liberated and, as a result, Iraqi Prime Minister Haider al-Abadi solemnly announced that the Caliphate in Iraq had finally and irrevocably fallen.More than three months later, on October 17, 2017, the Kurdish combat units of the Syrian Democratic Forces, with the support of the aviation of the international anti-terrorist coalition led by the United States, drove out the Islamic State from the Syrian city of Raqqa.

But, as the terrorist attacks carried out by the supporters of Abu Bakr al-Baghdadi in July 2018 in Syria, Iraq, Afghanistan, Pakistan and Canada showed, the Islamic state managed to regain its strength over the past year and further expanded the geography of its military operations. While victorious fanfares sounded, ISIS fighters successfully mastered the tactics of guerrilla warfare and deeply integrated into the Sunni population of the Middle East and Central Asia. Pinpoint terrorist strikes clearly indicate that the victory over the Islamic state is still far away and the jihadists are determined to take revenge. Today ISIS is conducting an intense offensive guerrilla war not only against Western countries and government regimes in the region but also against the Taliban and armed groups of alQaeda, who are its ideological rivals for leadership in the jihadist world.

In this brutal and intra-factional war between ISIS Islamist groups on the one hand, and al Qaeda and Taliban on the other hand, the jihadists of the Central Asia’s five countries, called the “Stans”, are actively participating.Islamists from the Fergana Valley, because of ideological confrontation, were divided into supporters of al-Baghdadi and Ayman al-Zawahiri and often commit terrorist acts against each other in Syria.

According to the Hayat Tahrir al Sham–affiliated information agency Ebaa, on July 9, 2018, an attack was carried out in Syria’s city Idlib against the amir’s house of the Central Asian terrorist group Katibat al Tawhid wal Jihad Abu Saloh. As a result of the attack, his wife and four-year-old son were killed. The Uzbek jihadists’ leader himself was not injured. Security officer Hayat Tahrir al-Sham Anas al-Sheikh said that the house of Abu Saloh was attacked by an armed Khawarij (al Qaeda uses the term “Khawarij” as a synonym for ‘extremist’ to describe members of the ISIS), who was detained by the security forces of the city after hot pursuit.During the interrogation, a member of the Islamic state confessed to the crime. He was recruited by ISIS in Turkey. Later “Khawarij” was executed, Ebaa agency reported.

This is not the first victim among the Central Asian jihadists as a result of an armed confrontation between ISIS and al Qaeda. On April 27, 2017, during the evening prayer in the mosque of a Syrian city of Idlib, leader of the al Qaeda-backed Katibat Imam al Bukhari Sheikh Salahuddin was killed by an ISIS militant who was from Uzbekistan. The Islamic State distributed the following statement via Telegram messenger in this regard, “The emir of detachment of Katibat al-Imam Bukhari, Sheikh Salahuddin, was punished according to Sharia law for all the betrayals he committed.”Two ISIS terrorists from Uzbekistan and Tajikistan who murdered the Sheikh Salahuddin were detained and executed.

Lately in the northwestern province of Idlib, which is the last stronghold of the Syrian armed opposition, terrorist attacks of ISIS militants on military and religious sites al Qaeda-backed Hayat Tahrir al-Sham sharply intensified.Lately in the northwestern province of Idlib, which is the last stronghold of the Syrian armed opposition, terrorist attacks of ISIS militants on military and religious sites of al Qaeda-backed Hayat Tahrir al-Sham sharply intensified.

Terrorist organizations from Central Asia such as Katibat al Tawhid wal Jihad, Katibat al-Imam Bukhari, as well as Uyghur groups from Chinese Xinjiang, the Turkestan Islamic Party and Katibat al-Ghuraba are located in Idlib.All of them were affiliated with al Qaeda and were fighting within the largest jihadist group Hayat Tahrir al-Sham. The Salafi-jihadi ideologues of the Hayat Tahrir al-Sham are making efforts to transform the Idlib province into an emirate ruled under Shariah.

According the Syrian Observatory for Human Rights, 229 jihadists of al Qaeda were assassinated by ISIS terrorist attacks. Of these, 153 fighters belong to Hayat Tahrir al-Sham, al Qaeda-linked jihadist group Ahrar al-Sham, Jaysh al-Izza, and other factions operating in Idlib. 25 jihadists of Uzbek, Uyghur and Caucasian nationalities have been assassinated in the same ways.

Caliphate rising from the ashes

On July 12, 2018, ISIS’ media center Amaq issued the message with three images from an improvised explosive device attack in Idlib city. The target was Sheikh Anas Ayrout, the President of the Court of Appeal in Idlib, a longtime opposition figure and senior Sharia official who played a key role in the formation of the Syrian Salvation Government. Based on Shariah rule the Syrian Salvation Government is a civil authority formed in Idlib province in early November 2017 and backed by the rebel coalition Hayat Tahrir al-Sham.

A pinpoint attempt on such a high ranking religious and political figure indicates that the explosion was not accidental or chaotic.The al-Baghdadi militants have studied the possible routes of Sheikh Anas Ayrout and easily identified his car. They received from the Syrian Salvation Government information about when he would travel on this route.From this, it can be concluded that the Islamic state succeeded in introducing its agents into the military and religious structures of Hayat Tahrir al-Sham and created a complex network of underground cells throughout Syria, including the Idlib province.

On July 13, 2018, the Islamic State’s propaganda machine released the information with several photos about the assassination of the Turkey-backed Sultan Murad Division rebel group’s leader Abu Ahmed al-Sansawi in Idlib city.ISIS’ photos clearly showed that the killing was a targeted assassination, during which the terrorists confidently pursued the car of al-Sansawi. This once again testifies that the underground ISIS network is organized at a high level, and they have mastered the tactics of guerrilla warfare.

The Media Center Amaq almost daily reports about Islamic state’s successful armed attacks on the positions of the “enemies of Islam” Hayat Tahrir al-Sham in the province of Idlib.Indeed, the guerrilla attacks and terrorist acts of the supporters of al-Baghdadi not only complicated the life of al-Qaeda-backed jihadists in Idlib, but they also caused a more serious threat to the security and defense of the entire armed Syrian opposition, than a possible attack by the Assad army and Iranian proxy Shiite militias with the support of Russian aviation.

On July 25, 2018, ISIS gunmen committed the bloodiest attack in Syria’s history in the southwestern Sweida province, killing 215 people and injuring 180 people.The sad reality is that the fighters of al Baghdadi survived the air strikes of the Western coalition and today continue to pour out streams of blood in Sham.They are trying to prove to the outside world and the entire Sunni jamaat that, despite the fall of Mosul and Raqqa, the military, human and organizational potential of the ISIS remains high.

Today, Hayat Tahrir al-Sham and the Central Asian Salafi-jihadi groups have to fight on three fronts: with the armed forces of the Assad regime, the Iranian controlled Shiite proxy units and ideological opponents of the Islamic state.If the war with the first two is outlined by a clear front line, then the fight against ISIS is conducted as an invisible guerrilla war.

Since 2017, Hayat Tahrir al-Sham regularly conducts a security campaign to identify ISIS clandestine cells and eliminate its agents in the province of Idlib.But it is very difficult to solve the problem of ensuring the security.To intimidate those who support the emir of the overthrown Caliphate al Baghdadi and those who sympathize with him, Hayat Tahrir al-Sham began to publicly execute the ISIS prisoners of war.

On July 14, Anas Sheikh, a security officer inIdlib, told Eba news agency that in the village of Sarmin,Hayat Tahrir al-Sham executed 8 ISIS members led by their commander Abu Barra Sahili. As evidence, the group’s propagandists published a photo of executed terrorists.

On July 24, Eba agency reported that HTS militants destroyed a large cell of the Islamic state in the village of Jisr Shugur in the west of Idlib.As a result, the deputy amir of ISIS in Idlib Abu Said al-Shishani was captured and immediately executed. His photo was published on the Eba website.

Abu Said al-Shishani was the brother of ISIS military minister, Abu Omar al-Shishani (real name Tarkhan Batirashvili), a well-known Chechen terrorist and the closest military adviser to Abu Bakr al-Baghdadi.The US Treasury Department added Batirashvili to its list of “Specially Designated Global Terrorists”, and the US government announced a reward up to $5 million for information leading to his capture in 2015.

A sacrifice of the pure Islam

It should be noted that according to the direction of al Qaeda leader Ayman al-Zawahiri,Hayat Tahrir al Sham and Central Asian jihadist groups avoided publicizing public executions of their enemies.But the difficult situation caused by the terrorist attacks of ISIS, apparently, forced the ideologists of al Qaeda to change the tactics of their propaganda.

In response, the jihadists of the Islamic state staged a wave of terror in the province of Idlib, as revenge for the murder of their members.They named their operation in honor of the murdered commander Abu Barra Sahili.Such a tradition was initiated by al Baghdadi himself.Earlier, ISIS carried out a military operation in honor of the lost military minister, Abu Omar al-Shishani, and in honor of the official spokesperson and senior leader of the Caliphate, Abu Mohammad al-Adnani.

The ideological rivalry and armed conflict between al Qaeda and ISIS for the leadership in the jihadist world has reached its peak.As is known, both terrorist groups are fighting for the purity of Islam.Both seek to establish Sharia laws, create an Islamic caliphate and to spread it around the world.ISIS ideologists consider the supporters of Hayat Tahrir al-Sham apostates and kaafirs (infidels).Al Qaeda described the supporters of the Islamic state as Khawarij (the early Islamic sect that was involved in the disruption of the unity of the Muslims and rebelled against the Khalifah).

From the analysis of ISIS activities over the last six months, it can be concluded that, firstly, the group leaders are trying to compensate for the loss of the Caliphate with abundant terrorist acts behind enemy lines and by expanding the geography of “the holy war.” Secondly, the supporters of the Islamic state managed to create at an advanced level an expanded underground network among Sunni Muslims in Syria, Iraq, Afghanistan, Pakistan, Turkey, Yemen and Egypt. Thirdly, the publication of statements and press releases in the Amaq News Agency show that terrorist acts in different countries and regions are managed from a single ISIS center.

From a practical point of view, fighting between jihadists of the Islamic state and al Qaeda is beneficial to all countries that are fighting Islamist extremism and terrorism. A long and bloody confrontation will undoubtedly weaken the human, technical and financial potential of both Salafi-jihadi groups.

Continue Reading

Intelligence

Total Catastrophe Demands Total Solution: Boko Haram and the Dilemma of Northeast Nigeria

Chukwuemeka Egberase Okuchukwu

Published

on

The Boko Haram insurgency, far from being over and ravaging Northeastern Nigeria, has affected both the physical and social environment and led to displacing many residents of the Northeast from their homes. The Boko Haram insurgency, which can be traced back to the year 2009, has resulted in a grave humanitarian crisis with so many internally displaced persons in dire need of global intervention and assistance from donor agencies and states. The insurgency since 2013 has led to the displacement of 2.4 million people, including women and children making up the highest percentage most affected by the conflict. Food insecurity remains a major concern to the international community, with 5.2 million people in need of life-saving food assistance, especially those who are in IDP camps. Also, there is a growing health challenge being experienced by internally displaced persons.  For instance, on 16 August 2017 a cholera outbreak was reported on the outskirts of Borno’s capital, Maiduguri, and later on in Dikwa and Monguno as well. Within just two weeks there were 125 suspected/confirmed cases as well as eight suspected cholera-related deaths. These health challenges facing IDPs won’t change in the foreseeable future due to the limited humanitarian aid from donor agencies. Thus, these entirely preventable diseases are becoming endemic throughout the northeast.

Also in August 2017 there were major attacks against civilians, including despicable suicide bombings inside of IDP camps. Over 10 suicide bombing attacks took place during the reported period in Borno alone. These attacks have understandably discouraged humanitarian agencies from deploying their aid workers to the theatre of the conflict. Considering the high risks posed by the Boko Haram insurgency, most aid workers are unwilling to work in the Northeast part of Nigeria entirely, which consequently means the fate of all the IDPs there, within camps and without, are at the mercy of Boko Haram.

In order to ensure that humanitarian actors can continue to address the most pressing needs, physical access must be improved in northeast Nigeria which will help reduce the dilemma confronting IDPs in the region. It was discovered that by August 2017 the lack of access in certain areas of northeast Nigeria prevented food security organizations from reaching over 337,000 affected persons. Furthermore, the unpredictable internal migration movements of IDPs continue to pose a grave challenge to humanitarian agencies’ ability to respond in a timely and targeted manner. There is a collective agreement by all the non-Boko Haram northeast stakeholders that a return to normalcy and comprehensive resettlement of all IDPs across the region is the penultimate goal, second only to ensuring stable economic growth for the region’s sustainable redevelopment as the ultimate fight against extremism. This collective agreement has led the federal government of President Muhammadu Buhari to intensify its efforts to bring normalcy to the region and resettlement of all IDPs by directly engaging selected Boko Haram-controlled areas. In the meantime, however, this engagement increases the instability (if also dynamism) of the IDP situation.

According to the UNHCR December 2016 Report, out of the estimated 176,000 Nigerians (a sub-set of the total 2.3 Million IDPs) who fled to neighboring countries (Cameroon, Chad, and Niger), only 17,000 have returned and under circumstances falling far short of international standards. In many of these cases, the returnees are being processed to join other IDPs in formal and informal camps. This above report shows a certain level of dynamism, as they indicate that the returns are beginning to happen spontaneously. For instance, 2016 governmental reports on return assessments indicated that an estimated total of 332,333 IDPs (47,476 IDP households) returned to northern Adamawa (Mubi North, Mubi South, Michika, Maiha, Hong and Gombi). IDPs in Yobe are also beginning to relocate to communities and camps close to their original communities and only Borno State currently has the slowest rates of IDP returns. This is on account of the intermittent progress being made by the Nigerian military to defeat Boko Haram and the fact that many IDPs indicated a strong willingness to return of their own accord to their home communities if safety and security was at least semi-guaranteed. However, the comprehensive and full resettlement and return of IDPs to their homes depends largely on the total defeat of Boko Haram insurgents. Despite progress by the Nigerian military, that total victory is far from achieved or guaranteed.

There is a dire need for infrastructural development in the region as the Boko Haram insurgency has resulted in the destruction of facilities and installations, especially healthcare and educational institutions throughout the northeast. This dearth of infrastructural development has generated immense concerns which led to the National Assembly putting forward a bill to begin engineering this essential development of the region. Most recently, there was the signing of the Northeast Development Commission Bill by President Buhari. This law provides for the establishment of the Northeast Development Commission (NEDC). How effective this will be in bringing meaningful development to the conflict-ravaged region depends largely on how much funding is diverted to it and how sincerely and honestly will the commission manage those funds?

Thus, the way forward to ensure lasting peace while overcoming the grave humanitarian crisis confronting the northeast part of Nigeria is for the federal government (through its military and executive branch) to intensify efforts and show a high level of commitment toward not only defeating Boko Haram insurgents but making the economic, social, and food security of all citizens there politically paramount. Humanitarian global actors should also increase their efforts by committing more personnel physically to the region, thus reinforcing the commitment of the Nigerian government.  Finally, the management of the Northeast Development Commission (NEDC) should be free of corruption and manipulation when rebuilding the northeast, in order to avoid the pitfalls that bedeviled an earlier commission with similar mandate, the Niger Delta Development Commission (NDDC). Until all parties involved, local and global, understand the holistic effort needed to not just overcome extremist elements but make Nigeria truly safe for all Nigerians, then the scourge of Boko Haram will continue.

Continue Reading

Latest

Trending

Copyright © 2018 Modern Diplomacy