[Cryptography] ISIS OPSEC Manual Debunked?

Henry Baker hbaker1 at pipeline.com
Mon Nov 23 18:06:57 EST 2015 

At 12:51 PM 11/23/2015, John Young wrote:
>Cyberkov's statement on accusations by Wired, West Point 
>and others on alleged use of its manual by ISIS:
>
>https://cyberkov.com/statements

Poor Kim Zetter of Wired; she really embarrassed herself (& me!) by falling for this lie/disinformation.

[BTW, will Dr. Aaron Brantly be fired or commended for this plagiarism?]

"A lie can travel half way [a million times?] around the world while the truth is putting on its shoes." -- Mark Twain

In fact, the manual was written by a Kuwaiti security firm to aid journalists, and has nothing to do with ISIS or its jihadis.

"Instead of propagating negative articles about the use of encryption, *Journalists* should be on the forefront of *defending encryption,* seeing as how it provides critical protection for them and their sources."
--
https://cyberkov.com/statements

Official Statement Regarding Media Confusion on Cyberkov Journalist Cybersecurity Manual

For the past few days, many articles around the world started referencing an alleged ISIS OPSEC manual that is claimed to be unearthed by the U.S Military Academy Combating Terrorism Center at West Point by Dr. Aaron Brantly and other researchers.  The first mention of this manual (and the most widespread so far) was Kim Zetter’s WIRED article (ISIS’ OPSEC Manual Reveals How It Handles Cybersecurity).  The original claim was that this manual was written by ISIS as its cyber security policy for its fighters.

https://www.ctc.usma.edu/

http://www.usma.edu/sosh/_layouts/wpFacultyBios/DisplayBio.aspx?ID=cce91a86-bf31-4ebe-84a0-c6e114d7db37&List=a26ecd8e-d8ee-49e0-b26d-417868009c02

http://www.wired.com/2015/11/isis-opsec-encryption-manuals-reveal-terrorist-group-security-protocols/

The false story about the manual spread all over the globe, being referenced by US, UK, Chinese, Italian, Russian, Hungarian, Greek, South Korean and even Vietnamese media.  We were stunned by the scale and speed with which the story propagated throughout the web, and even though we have made contact with many reporters to correct the mistake, we believe an official statement is obligatory.

Reality

The alleged ISIS manual is in reality Cyberkov’s own security manual for journalists and activists written in July 2014.  The original manual can be found here, and its main goal is to assist journalists and activists (especially those working in warzones like Gaza) protect their digital identity, their sources and their core ability to provide free flow of information to the rest of the world.

https://blog.cyberkov.com/1814.html

The file linked by the WIRED’s article links to a modified copy of the manual hosted in JustPasteIt.  It was apparently uploaded by a Gaza resident.  The article was modified from its original form, however it still contained some links to Cyberkov’s blog.  Not only is the article completely devoid of any ISIS references, but it came as a shock to us to discover the Combating Terrorism Center did not have any proper Arabic translators on board; instead running the article through Google Translate!

We believe it is a significant hit to the Center’s reputation, accuracy and professionalism that they couldn’t differentiate between ISIS and journalism manuals; and that they simply accepted Google Translate as a proper method to translate and set judgement in such sensitive topic.  We simply hope the rest of the world’s think tanks are utilizing better non-amateur methods of information extraction.

http://justpaste.it/l72d

We also think it’s very unfortunate that globally-acclaimed news agencies and world-class reporters are unable to perform proper analysis and verification on their stories.  Unfortunately, such a false report comes right as world governments are trying their best to ban encryption by falsely associating it with criminal and terrorist organizations.  Instead of propagating negative articles about the use of encryption, Journalists should be on the forefront of defending encryption, seeing as how it provides critical protection for them and their sources.

What is Cyberkov?

Cyberkov is a Kuwaiti cyber security firm, providing cyber security services to banks, telecom providers, government entities and non-profit privacy-driven organizations.  Cyberkov runs an awareness and privacy blog at blog.cyberkov.com.

https://www.cyberkov.com/

Abdullah AlAli
Chief Executive Officer
Cyberkov Co. Ltd.

23/Nov/2015
Our address:

Cyberkov Co. Ltd
Kuwait City, Kuwait

More information about the cryptography mailing list