If you’re reading this, you’ve heard of the recent suicide bomber attacks on both Brussels and Lahore, Pakistan and you want to understand how these events keep happening.

There are no words I, or anyone, can possibly convey that could assuage the pain, anger and confusion those directly affected by this are feeling. In times like this, I take comfort in the words of Mr. Rogers, yes that Mr. Rogers, who said “When I was a boy and I would see scary things in the news, my mother would say to me, ‘Look for the helpers. You will always find people who are helping.’”

While I am not able to directly help the victims of these tragedies, I am able to try and help in my own way. All throughout the week following, as I keep up with the news and social media, I’ve been hearing questions from friends and business associates that are in the vein of, “Why can’t our intelligence community, with all of its power, simply find these guys before things like this happen?” I can help answer this question and this article is intended to do just that.

I am a cybersecurity expert and can speak to just how difficult it is to find, gather intelligence and then act on that information, especially when the targets intentionally do not want to be found. I cannot and will not speak to anything beyond this as I have no credentials to do so. This is not an article on geopolitics, religious belief or fanaticism. This is simply an article that seeks to help you understand.


The first major hurdle that law enforcement and intelligence communities face is that it’s so very easy to hide in plain sight, especially on the Internet. An online presence can be totally anonymous in that there is no requirement to sign up for websites with your real name, birthdate, address or any other piece of identifying information. I can create myself any way I wish to serve my purposes. If I want to be a 43-year-old coal miner from Pennsylvania, there is essentially nothing to stop me from doing so. A terrorist has the ability to create a false identity primarily for the purpose of communication.

Intelligence communities are continuously monitoring the globe for specific traffic patterns in essentially all internet traffic. Edward Snowden confirmed this technology is in place and running well. Terrorists know intelligence communities can capture and look at this data, so they are going to try and circumvent this by making themselves a new online identity and also speak in codes.

What can look like two soccer moms posting on each other’s Pinterest boards can actually be a pair of terrorists speaking in code in both pictures and also within the descriptions of the pictures. Intelligence organizations have armies of code breakers looking for patterns in this kind of data. Maybe those soccer moms are a tad too frequent in posting to each other AND their descriptions follow a lingual pattern that seems to be suspicious. They will then be flagged and monitored. This is a never-ending cat and mouse game and there are literally millions of places to hide in plain sight.


If the previous terrorist attack on San Bernardino taught us anything, it’s that encryption is both a wonderful tool for privacy but can also protect those we would prefer to not have this kind of technology. While I wrote an article on the legal and privacy battle Apple is currently fighting against the US government, this section will focus on how encryption is being used to the advantage of all, including the terrorists.

Encryption, for the uninitiated, is a way to wrap your data in security and send it from one place to another in an effort to prevent anyone else but the intended recipient from gaining access to it. If you’ve ever bought anything online with a credit card, you’ve been using encryption to ensure that your transaction isn’t illegally captured and your credit card number isn’t in the hands of a hacker. It is critical to our privacy, security and everyday operations online.

Terrorists can use encryption to wrap their own data in security and send it from one person to another. Intelligence communities who are continuously trying to capture this data in transit can have a tough time breaking this encryption to read what the terrorists are sending. Oftentimes if a message is unencrypted it is also written in code as a secondary safeguard. This is, in part, why we read articles about the NSA trying to weaken or “pre-crack” encryption by understanding and breaking the encryption methods available to users worldwide. It helps them decrypt data faster and more effectively.

Also, like any corporation, terrorists can set up servers worldwide and then connect to them using a Virtual Private Network (VPN) which would then allow them to directly share data and files with one another and also allow them to browse the internet through an encrypted internet connection. VPNs also serve as a way to appear like you’re browsing the internet from a different location on the planet as they can also act as a proxy.

Let’s assume for a moment I want to do something illegal online, like download a movie (tame I know but it’s the same principle). Because I know the MPAA will actually sue grandparents for doing this, I can connect myself to any one of a number of VPN services worldwide and make it look like I’m downloading this movie from Egypt, or Australia or anywhere else you can think of.

This kind of connection is so well known that I actually have relatives (not IT industry professionals) in Canada that pay for a VPN/proxy server so they can get American Netflix which is apparently vastly superior in terms of content. Netflix recently decided to stop these connections (sorry cousins to the north). But the point is clear…anyone can do this.

Phones, tablets and computers can also be encrypted to protect the data that resides within them. My laptop and Android phone are heavily encrypted due to all of the government compliances I fall under and my fear of a breach of client data I carry with me. This makes law enforcement’s job all the harder.

Availability of Apps

Look through the Google Play Store or Apple App Store and you will see thousands of different kinds of communication apps including those designed to send instant messages from user to another while encrypting and leaving virtually no trace of the data on the devices. Apps like Wickr, Cryptocat and Threema are low-cost ways to send information over an encrypted system.

The problem that intelligence communities have is that terrorists using apps like this can connect through any cellular carrier worldwide and send encrypted messages to one another on any other carrier, also worldwide. Further, to make it more difficult, law enforcement has to determine which of the numerous apps out there are in use. Finally, each app’s maker has their own server and communication infrastructure to support these apps in any one of the thousands of data centers worldwide on possibly on any Internet service provider out there.

Groups like the NSA have people whose job it is to identify all of these apps and where their infrastructure is located. If a terrorist in Syria sends an encrypted text to a terrorist in Belgium, groups like the NSA can see the encrypted message in transit and will both try to copy and decrypt it as well as track the origin and destination.

Add to this that the destination may be a heavily defended VPN server, where the recipient could actually be sitting on another continent. This adds yet another layer to the complexity of having to look for all traffic going in and out of destination to see where that message could be sent from. If the terrorists are smart, they can send that message to multiple places, all of which can dead-end except for the single recipient.

Data capture goes beyond looking for a needle in a haystack. It’s a needle in potentially millions of haystacks and while the intelligence community has been excellent at trying to narrow this down to a few logical haystacks the search is never ending. Terrorists will switch up their method of communication because they constantly know that they do not have the resources to fortify a single online location against the intelligence community and therefore must remain flexible when communicating with one another.


Terrorist operations require planning and logistics. This means money and sometimes lots of it. Governments have gotten rather savvy at looking for physical currency in transit. Try taking $20,000 in US currency through customs and you’ll get detained and questioned for not declaring it ahead of time.

Enter cryptocurrency. Currently, there is no regulation on how this currency is moved across the globe. It can also easily be converted to local currency to purchase things. Plus, as the name suggests, it’s encrypted, so trying to discover and break into someone’s cryptocurrency “bank account” is virtually impossible. This is also the same method of payment that ransomware hackers use when extorting you out of money once your computer is infected and you’re forced to pay them.

Because cryptocurrency is so anonymous, it is the denomination of choice for the deep/dark web. Right now, I can go online and buy drugs, weapons, passports and even gain access to human trafficking. There is no better way for terrorists to move money.

Switching From Technical Communication to Human Communication

Finally, probably the most difficult of all the battles our intelligence communities face is the human factor. Sometimes, to be safe from surveillance, a face-to-face meeting is required. For situations like this, our intelligence communities have to be able to supply their own manpower to track, possibly install surveillance equipment and watch these human interactions in place.

Intelligence communities are able to easily monitor, say, all mobile phone communication from an entire carrier by installing a huge amount of monitoring equipment and then have a massive analytics program in place to shift through the data to look for patterns that may flag terrorist activity.

With the human factor present, these two or more terrorists have to be located and watched and they may pick a location that is hard to infiltrate or monitor.

This last point isn’t really a cybersecurity issue in that off-the-grid threats usually don’t fall into our realm, however it is important to note how it dovetails with our world. Those in-person meetings are often planned online and there is still plenty of technology at law enforcement’s disposal to try and eavesdrop.

The Fine Line Our Intelligence Communities Must Walk 

Even though we may be odds, from time to time, with our intelligence services and what we believe are violations of our own personal privacy, they do indeed serve a purpose and there are plenty of their staff who really believe in what they’re doing.

Intelligence communities are at constant virtual war with terrorism and while they’re looking for these virtual needles in virtual haystacks they are trying to help, sometimes in their own heavy-handed way. Horrific situations like the latest attacks underscore the need for our law enforcement and intelligence communities to continue the “good fight” but it also cannot allow us to overlook any privacy issues honest citizens may have with their governments. It’s a fine line to walk.

Hopefully this helps foster understanding as to why it’s not that simple to catch all terrorists and what our intelligence apparatus is doing on a daily basis.

Related Posts

About Nick Espinosa

Nick serves at BSSi2 as the CIO & Chief Security Fanatic and is an expert in security and network infrastructure. Nick has consulted with clients ranging from a few computers to the Fortune 100 level regarding encryption systems, infrastructure and multinational environments. When he isn’t working magic with computers or playing with his daughter, Nick relaxes by playing chess, riding motorcycles and increasing his knowledge of history. You can follow Nick on Twitter at @NickAEsp

Leave a Reply

Your email address will not be published. Required fields are marked *