ISIS Supporters Used Orbot and Telegram to Communicate with ISIS Handlers

In June, the National Investigation Agency in Hyderabad arrested eight individuals for conspiracy to commit terror attacks. The eight planned attacks on carrying parts of the city at religious establishments and government buildings. For six months, the eight remained in custody, and the National Investigation Agency (NIA) searched their electronic devices for any trace of evidence that pointed to a leader. All efforts failed, but the December 22 charge-sheet revealed that the group used Tor, Orbot, and other methods of deanonymization—yet still attracted the police’s attention.

The raids in June occurred simultaneously and resulted in the capture of the first five members. The remaining three members hid but were eventually caught by the NIA. Aside from the Islamic State operatives who created “Army of the Caliph from the South India,” police found caches of weaponry during the raids. They discovered semi-automatic rifles, knives, and explosive chemicals for Triacetone Triperoxide (TATP). Additionally, the NIA seized the group’s electronic devices.

Investigators, in the original press release, announced that the group watched online radical Islamic preachers. The video clips from the Islamic State of Iraq and Syria (ISIS), investigators said, radicalized the group. They also watched discourses and lectures from many ISIS teachers.

The NIA announcement said:

Analysis of electronic devices seized from the accused revealed their online radicalization by watching videos of the ISIS, ‘bayans’ (discourses and lectures) of radical Islamic preachers, such as Anwar Awlaki, Abdul Sami Qasmi, Meraj Rabbani, Tausif ur Rehman, Jerjees Ansari and Zakir Naik. The investigation has established that the members downloaded the ISIS propaganda videos, ISIS magazine – ‘Dabiq.’

A further probe, as announced via the charge sheet, confirmed that the group members both viewed and downloaded said content. The investigation into the group, according to the press release, revealed that the “Army of the Caliph from the South India” used various encrypted channels of communication to interact with overseas ISIS handlers. “This included the use of the dark net through Tor browser and use of encryption applications such as Orbot,” the document explained. Additionally, they used Chatsecure, Telegram, and encrypted email addresses.

Tutanota on Tails functioned as the group’s primary method of email communication. “They took instructions from the handler, formed a terrorist group, and recruited other members,” the press release concluded. “They contributed money and utilized the funds they collected to purchase mobile phones and SIM cards.”

Officials never announced how the group’s encrypted communications were accessible to investigators. Chatsecure and Telegram are notoriously unsafe to use for any darknet-related activity. A safer alternative to both applications is Signal—currently one of the only services to receive a perfect score from the EFF. The use of Tails to remain anonymous—at least in part—is a highly recommended practice. For those who find Tails too complicated, we have an easy-to-follow guide on how to install Tails. Please note that I am not endorsing any type of violent or terroristic activity; the mention of Signal and installing Tails were in the name of darknet privacy.