Yesterday, various Twitter accounts were tweeting about an ISIS OPSEC manual describing the terrorist group's cyber-security practices. The document, embedded below in a translated form, details various techniques recommended by the group to its new recruits.

While initially we thought the ISIS OPSEC manual was uncovered by the recent Anonymous hacking campaign against ISIS social media accounts, it seems that the US military has known and studied the document for quite some time now.

ISIS hijacked an OPSEC manual designed for Gaza journalists

The Combating Terrorism Center at West Point’s military academy came upon the document last year, and they say that a Kuwaity security firm wrote the document to help journalists and political dissidents living in Gaza.

The original OPSEC document is written in Arabic (original document here) and was supposed to help these individuals evade detection by Israel's cyber-intelligence forces.

Apparently, ISIS members hijacked the document, took it as their own, and started sharing it with their members and giving it to new recruits.

In the eyes of a security aficionado, the manual's content contains basic security tips, but which can help non-technical users maintain a low profile and avoid being compromised by cyber-espionage efforts.

ISIS members had a list of recommended and blacklisted applications

ISIS' OPSEC manual goes on to detail a series of services and devices which members can use but also includes a list of blacklisted applications.

ISIS members are advised to use services/products like: ● Twitter (via HTTPS or SMS) ● TOR Browser ● Aviator Browser ● Opera Mini Browser ● Photo GPS Editor (iOS app, remove geolocation data from photos) ● Cryptophone (encrypted phones) ● BlackPhone (encrypted phones) ● FireChat (IM client, connectivity issues) ● Tin-Can (connectivity issues) ● The Serval Mesh (connectivity issues) ● Freedome (VPN) ● Avast SecureLine! (VPN) ● TrueCrypt (on-the-fly data/disk encryption) ● VeraCrypt (on-the-fly data/disk encryption) ● BitLocker (Windows built-in, on-the-fly data/disk encryption) ● Hushmail (email provider) ● ProtonMail (email provider) ● Tutanota (email provider) ● Threema (encrypted IM client) ● Telegram (encrypted IM client) ● Surespot (encrypted IM client) ● Wickr (encrypted IM client) ● Cryptocat (encrypted IM client) ● PQChat (encrypted IM client) ● Sicher (encrypted IM client) ● iMessage (encrypted IM client) ● Linphone (encrypted VoIP) ● Swisscom (encrypted VoIP) ● Silent Circle (encrypted VoIP) ● RedPhone (encrypted VoIP) ● Signal (encrypted VoIP) ● Apple FaceTime (encrypted VoIP, audio & video) ● MEGA (cloud storage) ● SpiderOak (cloud storage) ● SugarSync (cloud storage) ● Copy.com (cloud storage)

On the blacklist, the manual lists applications and services like Facebook, Instagram, WhatsApp, and Dropbox.

This manual was complemented by a 24-hour support help desk hosted on Telegram. The help desk was shut down a few days ago.