Tor and Psiphon Users Are on the Rise in Iraq Since the ISIS Invasion

Of everything the Iraqi government has thrown at a rapidly-advancing Islamic State in Iraq and al-Sham (ISIS), nothing yet has made a major dent in the jihadist militant group's push toward Baghdad. According to a study from the University of Toronto’s Citizen Lab, even the internet filtering imposed by the Iraqi government to hinder ISIS communications is being subverted.

The Citizen Lab reports that since the social media outage was put in place on June 13, not only is the DNS tampering and circumvention platform Psiphon reporting an exponential increase in users from Iraq, the Tor Project is on fire in the country as well, with direct connections climbing from around 1,000 to upwards of 10,000 in less than five days.

“Following the seizure of Mosul and Tikrit,” the report says, “the government of Iraq implemented restrictions on Internet accessibility as means of limiting the ability of ISIS to mobilize and communicate their message.” There’s been a lot made of the social media strategy of ISIS—which uses Twitter, Instagram, YouTube, and Facebook to communicate and attempt to recruit foreign fighters—and there's no suggestion that those online efforts have slowed since the blackouts.

By June 16, Twitter images were proliferating of young men being executed by ISIS militants. After that, Twitter banned the users spreading those photos, and the Iraqi government has attempted to enforce targeted social media bans and internet blackouts in the provinces experiencing the heaviest fighting, according to internet intelligence firm Renesys.

Renesys posted a letter from an ISP addressed to a client that confirmed Iraqi Ministry of Communications officials ordered internet shutdowns in some regions. There were also other leaked letters from the Iraqi government urging ISPs to hamper internet access in the country. According to Renesys, the Iraqi government also engaged in targeted blackouts of specific sites in cities rather than wholesale internet blocks, in a tactic known as "moving up the stack."

According to the Citizen Lab, Psiphon's Iraqi userbase leapt from a negligible amount to over 700,000 daily users over the course of June 12 to June 18, which 97 percent of that final tally using Psiphon's Android application. It's unclear how many of those users are ISIS members targeted by the ban, but there's no doubt that ISIS members are included. Fighters I’ve spoken with in Syria have all used phones to communicate with me over chat services like Kik messenger while complaining about cell service.

We also know ISIS has public love for Android apps. For example, ISIS designed an Android app The Dawn of Glad Tidings introduced in April 2014, leveraging Twitter users’ accounts to share ISIS-related tweets. Eventually it was removed from the Google Play store for violating user conditions. Add to that reports from Vocativ suggesting that ISIS is instructing fighters to download and use the Tor browser when accessing Twitter or Facebook.

The Citizen Lab said that “anecdotal reports from users located in Iraq” who were using Google’s public DNS servers “did not circumvent censorship, suggesting that DNS requests are being hijacked.” The Turkish government did the same thing during protests in March when they shut down large swaths of the internet while trying to stop the surge in Tor users accessing Twitter.

It's not just Tor and Psiphon, either. In September, to give an edge to jihadists over Western intelligence agencies, the Global Islamic Media Front produced mobile encryption software for users to send encrypted text messages on smartphones running the Android and Symbian operating systems. An online release from the media entity said the encryption software was developed in-house.

“So we won’t be subject to their surveillance; thus, we will close the doors to spying on us and becoming aware of all the Mujahideen’s secrets and what the Mujahideen entrusted us with," the release states.