NBC News has learned that ISIS is using a web-savvy new tactic to expand its global operational footprint -- a 24-hour Jihadi Help Desk to help its foot soldiers spread its message worldwide, recruit followers and launch more attacks on foreign soil.
Counterterrorism analysts affiliated with the U.S. Army tell NBC News that the ISIS help desk, manned by a half-dozen senior operatives around the clock, was established with the express purpose of helping would-be jihadists use encryption and other secure communications in order to evade detection by law enforcement and intelligence authorities.
The relatively new development -- which law enforcement and intel officials say has ramped up over the past year -- is alarming because it allows potentially thousands of ISIS followers to move about and plan operations without any hint of activity showing up in their massive collection of signals intelligence.
Authorities are now homing in on the terror group's growing cyber capabilities after attacks in Paris, Egypt and elsewhere for which ISIS has claimed credit.
"They've developed a series of different platforms in which they can train one another on digital security to avoid intelligence and law enforcement agencies for the explicit purpose of recruitment, propaganda and operational planning," said Aaron F. Brantly, a counterterrorism analyst at the Combating Terrorism Center, an independent research organization at the U.S. Military Academy at West Point. Brantly was the lead author of a CTC report on the Islamic State's use of secure communications, based on hundreds of hours of observation of how the Jihadi Help Desk operates.
"They answer questions from the technically mundane to the technically savvy to elevate the entire jihadi community to engage in global terror," Brantly said in an interview Monday. "Clearly this enables them to communicate and engage in operations beyond what used to happen, and in a much more expeditious manner. They are now operating at the speed of cyberspace rather than the speed of person-to-person communications."
The existence of the Jihadi Help Desk has raised alarm bells in Washington and within the global counterterrorism community because it appears to be allowing a far wider web of militants to network with each other and plot attacks. A senior European counterterrorism official said that concerns about the recent development are especially serious in Europe, where ISIS operatives are believed to be plotting major attacks, some of them with direct assistance from ISIS headquarters in Syria.
At a congressional hearing in October, FBI Director James Comey said the FBI is extremely concerned about ISIS’ increasing ability to “go dark.” Comey told the House Judiciary Committee that the U.S. is “ confronting the explosion of terrorist propaganda and training on the Internet.”
“While some of the contacts between groups like ISIL and potential recruits occur in publicly accessible social networking sites,” said Comey, “others take place via encrypted private messaging platforms. As a result, the FBI and all law enforcement organizations must understand the latest communication tools and position ourselves to identify and prevent terror attacks in the homeland.”
Nick Rasmussen, director of the U.S. government’s multiagency National Counterterrorism Center, said in an interview with the Combating Terrorism Center's in-house publication that the "agile use of new means of communicating, including ways which they understand are beyond our ability to collect," is one of his greatest concerns when it comes to ISIS and other terrorist groups.
Brantly described the Jihadi Help Desk as "a fairly large, robust community" that is anchored by at least five or six core members who are technical experts with at least collegiate or masters level training in information technology. There are layers of other associates, living all around the world, who allow the service to operate -- and respond to questions -- at any time of the day or night. CTC researchers have spent a year or so monitoring the help desk -- and its senior operatives -- via online forums, social media and other means.
"You can kind of get a sense of where they are by when they say they are signing off to participate in the [Muslim] call to prayer,'' which traditionally occurs at five specific times a day, Brantly said. "They are very decentralized. They are operating in virtually every region of the world."
The help desk workers closely track all of the many new kinds of security software and encryption as they come online, and produce materials to train others in how to use them. The CTC has obtained more than 300 pages of documents showing the help desk is training everyone from novice militants to the most experienced jihadists in digital operational security.
ISIS also distributes the tutorials through Twitter and other social media, taking pains to link to versions of it that can be downloaded even after their social media sites are shut down.
And once the help desk operatives develop personal connections with people, ISIS then contacts them to engage them in actual operational planning -- including recruiting, fundraising and potentially attacks.
"They will engage in encrypted person-to-person communications, and these are extremely hard to break into from a cryptographic perspective," Brantly said.
"They also post YouTube Videos, going step by step over how to use these technologies," Brantly said. "Imagine you have a problem and need to solve it and go to YouTube; they have essentially established the same mechanism [for terrorism]."