Inside the Site Teaching Islamic State Supporters How to Use Encryption

A 34-year-old man from Cardiff was arrested for creating videos offering cybersecurity tips that were then posted on an Islamic State supporter site.
March 31, 2017, 6:25pm

"If the police ever raid your house, and if they take your PC or your laptop, there's nothing for them to actually find evidence against you," a booming, digitally manipulated voice says while a white computer screen displays instructions.

At one point in the detailed 30 minute plus tutorial video, which explains how to use the anonymizing operating system Tails, the speaker's heavy woolen gloves, perhaps to protect his identity, move in front of the camera. The person's foggy reflection sometimes shows itself in a second computer screen.


The voice in this video and several other relatively advanced security tutorials belongs to Samata Ullah, 34, from Cardiff. Ullah was arrested in September last year, and recently admitted to being involved in terrorist training and the preparation of terrorist acts.

"If the police ever raid your house, and if they take your PC or your laptop, there's nothing for them to actually find evidence against you."

But these videos, and an Islamic State-focused website linking to them are still up and running online, giving an insight into the sort of knowledge Ullah was trying to pass on to others.

Called "Ansar Al-Khilafah," the basic WordPress site claims to offer "Everything about the Islamic State; News Updates; Media Releases, Fatawa and Articles about the Khilafah," and includes apparent copies of official articles and announcements from the so-called Islamic State. That sort of material can be found easily across other supporters' and members' forums or Telegram channels. What separates Ansar Al-Khilafah is the decent attention to detail in video demonstrations of various communication tools and security technologies. (Ullah admitted making the videos, but denied the link to Ansar Al-Khilafah. He also denied being a supporter of ISIS, according to the prosecution).

During the tutorial on Tails, Ullah explains that in some laptops users may need to change a setting in the device's BIOS (Basic Input/Output System) in order to boot the operating system. In another, he lays out how to create a hidden volume—a part of a hard-drive that remains hidden unless the user enters a secret password—using VeraCrypt, and also protect it with two factor authentication.

"NOTE: This is EXTREMELY important to learn and everyone who thinks they have material on their PC which can get them jailed (such as Dabiq/Inspire Magazine), needs to implement this as standard practice," a message under the video reads.


The site's other tutorials include how to sign up to Twitter without having to register a mobile phone number, and instructions on encrypting messages and files with GPG.

A ZeroNet version of the site is also still available. ZeroNet is a peer-to-peer method for hosting websites without a central server.

Ullah's videos weren't all that popular though, at least judging by viewing numbers on Dailymotion, the site ultimately hosting the videos. The Tails clip has just over 950 views at the time of writing, and the VeraCrypt one has 1,125. One of the guides on Ansar Al-Khilafah has a handful of comments, such as "Thanks brother may Allah pak give u A house in paradise…" One security researcher who monitors jihadi forums told Motherboard the blog gets some exposure on other sites, but not much.

Ullah may have been sloppy with his own security

Of course, it's one thing to have this information on hand, and totally another for supporters of the Islamic State to actually follow it, or use the technology effectively. And Ullah may have been sloppy with his own security too: investigators seized over 6.1 terabytes of data from his house, and found an SD card with files corresponding to Ansar Al-Khilafah, including the sort of material he recommended keeping secure, according to the prosecution.

Authorities found encrypted messages between Ullah and an apparent Islamic State supporter on an SD card, but were able to recover the content. Further, Ullah's tower computer contained evidence of internet searches for ZeroNet, and Ullah also had a USB key—hidden in a cuff-link—running the common Mint distribution of Linux.

So, although the so-called Islamic State may be able to attract people with some half-decent technological knowledge, we shouldn't be overly alarmed at some of their supporters' execution of these tools.

At one point in the Tails video, a prompt saying a software update is available pops up on the screen.

"Let's get rid of that," Ullah says, disregarding the warning, and closing the box.

Subscribe to pluspluspodcast, Motherboard's new show about the people and machines that are building our future.