Comment: Can smartphone applications help terrorists communicate without detection?

Pauly asks: Is there an app for terrorism?
Pauly asks: Is there an app for terrorism?
Duncan Pauly, CopperEye
Duncan Pauly, CopperEye

As recently as 2008, it was feared that terrorists could be capitalising on new technologies such as voice-over internet protocol (VoIP) to communicate without being detected by law enforcement authorities (LEAs). Now, just two years later, IP communications have advanced by such an extent that LEAs risk not being able to keep up with terrorists who are increasingly taking advantage of third-party communication applications to contrive criminal activity around the world.

The backdrop of this concern stems from the surge in the availability and use of mobile internet on smartphones, which was confirmed by a recent report by Ericsson. The study revealed that, for the first time, mobile data traffic has surpassed the level of voice calls across the world’s wireless networks.

One of the drivers of the surge in mobile internet is the use of smartphone applications. Whether they are being used for VoIP calls, browsing the web, or instant messaging, an application now exists for almost any type of communication. In addition, the availability of operating systems and applications that can be manipulated to develop platforms for specially tailored communication tools continues to increase. These capabilities could be used by criminal organisations looking to develop their own illicit communications service.

To track criminals LEAs and ISPs currently use IP-based communication tools with probes, or so-called ‘packet sniffers’. With these tools, for instance, an ISP could use a specific ‘Skype probe’ to capture an illegal conversation conducted over the Skype service. This method can be effective for well-known and public applications, but detection becomes more complicated when monitoring and tracking less universally available applications or – worse still – when attempting to track third-party applications operating on open platforms. Consequently, it is not difficult for a terrorist with a small amount of application development knowledge to create an application that is capable of side-stepping these IP probes.

As is stands, law enforcement personnel have limited tools available to uncover the improper use of IP-based communications. Although it is common knowledge that IP data is expected to dominate the way we communicate in the future, it seems that the industry has not yet established an effective approach for solving the challenge of detecting and tracking the misuse of smartphone applications. Existing regulations such as the EU Data Retention Directive (DRD) – which mandates that communication providers track all communications data for up to two years – are still trying to catch-up, and far more needs to be done to track these new, fast-emerging IP technologies.

It is vital that legislators across the world unite and put measures in place to manage and combat the threat posed by emerging IP-based third-party applications and risks presented by the proliferation of applications that we know nothing about. The industry needs to invest the time and resources and focus on solving this problem before it is too late.


Duncan Pauly has been in the information technology industry for more than 25 years, including eight years in database systems in the telecommunications industry and three years at Oracle. Pauly is the inventor of CopperEye’s patented indexing technology and, as CTO, provides the vision and direction for product enhancements and innovations. Prior to founding CopperEye, he worked as a leading strategy and product consultant for Convergys. In 1992 Pauly founded Xi Systems, delivering customer care and billing systems to worldwide telecommunications providers. The company grew to 50 employees and was sold to Convergys in 1995.

What’s hot on Infosecurity Magazine?