While the jury be still be divided on this pending the closure of investigations into the Paris attacks, it seems that ISIS does have a OPSEC manual for its members. It turns out ISIS has a 34-page guide to operational security(.pdf), which instructs its cadre to follow a particular set of cyber life. The manual is in Arabic and offers nitty gritty of using the Internet for terrorist and propaganda operations. While some of it is pretty basic like using HTTPS websites instead of non secure HTTP websites to communicate, there is also a advanced section in the manual. For example, the first page of the manual tells the ISIS followers “When you enter the network Twitter through the browser always make .1 sure you enter the correct site Twitter.com (https://twitter.com/) and that an encrypted site at the beginning of the link Pal HTTPS, or green tag, and note any marks (error) called or the appearance of a page to the testimony of false requests “acceptance” or conversion for another site requires no .powers or entry on your account.” The guide is a handy compilation of advice on how to keep communications and location data private, as well as links to dozens of privacy and security applications and services, including the Tor browser, the Tails operating system; Cryptocat, Wickr, and Telegram encrypted chat tools; Hushmail and ProtonMail for email; and RedPhone and Signal for encrypted phone communications. ISIS does not like Google’s Gmail. The manual notes that Gmail is safe only if used with fake credentials and only on Tor anonymity network. Similarly, the ISIS have a dislike for Android smartphones and iPhone. The manual states that Android and iOS platforms are only secure when communications are routed through Tor. The manual instructs operatives to disable the GPS tagging feature on their mobile phones to avoid leaking location data when taking photos. The ISIS cadre is advised to use the Mappr app to falsify location data and throw intelligence agencies off their trail. ISIS’ OPSEC manual also advises against using Instagram because its parent company, Facebook, has a poor track record on privacy, and it warns that mobile communications can be intercepted, even though GSM networks are encrypted. It advises followers to use encrypted phones like Cryptophone or BlackPhone instead. The ISIS advises its followers against using Dropbox. For documents, it follows the same recommendations that human rights workers, political activists, whistleblowers and reporters follow. It advises its followers to secure their communications and obscure their identity or hide their location. Use of VPN for hiding origin IP is encouraged. The Manual notes, The documents indicate that the terrorist have not only studied these other guides closely, but also keep pace with the news to understand the latest privacy and security vulnerabilities uncovered in apps and software that could change their status on the jihadi greatest-hits list. Resource : Wired.