Terrorist Used Tor to Connect with ISIS, Source Said

The background and profiles of the terrorists connected to the London Bridge and Borough Market attack are still full of holes waiting to be filled. And as with any incident of this scale, the conspiracy between an organization’s affiliates can eventually spin off into something entirely unrelated. One such example is the recent demonization of encryption in the UK—a topic that is slowly morphing into a query about the dark web’s role in increasing terror.

WhatsApp was singled out immediately by various political figures in another recent attack in London. The reasoning was simple; Khalid Masood, the attacker who reportedly acted alone, sent a message on WhatsApp prior to killing four and wounding dozens. Authorities want closure in the investigation. And of course, the situation played out similarly to the one between the FBI and Apple in the United States.

One of the San Bernardino attackers owned an iPhone that was protected by Apple’s security mechanisms. The FBI wanted access but claimed to lack the technical prowess. The Bureau fought a legal battle with Apple and ultimately just went with an outside source similar to Cellebrite. Apple refused to create a fake firmware update for the phone that removed the device’s encryption.

When Masood sent the message on WhatsApp, he unknowingly caused a potential cybersecurity reform. USA Today published a piece titled “Terrorists use the Dark Web to hide.” In the article, the connection between the dark web and terrorism came from a phrase coined by a former FBI director:

“It is the burgeoning of these secret, inaccessible corners of the Internet that worries law enforcement agencies, which have been talking for several years about the dangers posed by criminals and terrorists who can now ‘go dark’ by using strong encryption.”

The author outlined Tor use and subsequently wrote that “the dark web also plays a key role in terrorists’ overall communication strategy.” She then explained that the concept of wanting to tunnel through encryption came from the 1990s. (Essentially hardwired wiretaps). That appears to be the first major news piece centered around the dark web and terror with a specific connection to WhatsApp and Masood.

One author from an Italian news site asked all the questions also asked by investigators in the UK. The underlying theme involved the radicalization of Youssef Zaghba — the London Bridge attacker with no apparent connections to terrorist propaganda. (No connections that could radicalize him, save for the radical lectures he watched on YouTube). The author answered the questions in a way that directly pointed to an online connection between the three men. And that led to the dark web connection.

Everything “dark web” hinged on the following statement which followed the mention of his computer science classes:

“But above all his excellent computer skills have allowed him to get in touch with Isis web pages, some of these – according to sources of the postal police contacted by [Il Mattino, the website] – through Tor, software that allows you to surf the [deep web] anonymously. The investigators believe that Zaghba [used the dark web] so that he could find contacts in Syria with people connected to the leaders of the Caliphate.”

Many countries and agencies have investigated links between terror and the dark web. And if both the author of the above article and his source from the Italian Postal Police were correct, Italy has also joined the investigation.