By NEWLEY PURNELL and RESTY WORO YUNIAR
Wall Street Journal
Jan. 19, 2016

Terrorist group using encrypted messaging app to recruit members in Malaysia, Indonesia

Communications app Telegram Messenger is in the spotlight after the deadly terrorist attacks in Jakarta last week, with experts in Indonesia and Malaysia saying Islamic State radicals in Syria have used the platform to recruit members from Southeast Asia.

The revelations underscore both the apparent popularity of the Berlin-based app among members of the terror organization and the challenges it poses to authorities in tracking its private, encrypted chats.

Malaysian police on Saturday said its counterterrorism unit last week arrested four suspects, three of whom were recruited to join Islamic State in Syria by a Malaysian national via Telegram and Facebook Inc.’s social-networking platform.

Telegram, which in November said it blocked 78 of its public channels across 12 languages related to Islamic State, was one of the first apps to explicitly cater to privacy enthusiasts after reports in 2013 alleging widespread surveillance by U.S. intelligence.

Islamic State has used Telegram, a free platform that can be accessed via mobile devices and desktop computers, to disseminate public statements, such as its claim of responsibility for the November attacks in Paris.

Law-enforcement agencies have warned that encrypted platforms that may have originally been built for legitimate commercial and gaming purposes are being used by violent groups to stay hidden. Islamic State even has tutorials about the most secure and least expensive ways of communicating while avoiding surveillance.

“All reported public content by ISIS gets removed promptly,” Telegram spokesman Markus Ra told The Wall Street Journal, referring to another name for the terror group, adding that removal is usually done within 24 hours.

Pavel Durov, the app’s founder, said in a tweet Friday that more than 600 public Islamic State-related channels have been removed since November, and that between five and 10 are banned every day.

Mr. Ra declined to comment on Malaysian authorities’ statements about the alleged use of Telegram.

“There is no place for terrorists on Facebook,” said a Facebook spokeswoman. “We work aggressively to ensure that we do not have terrorists or terror groups using the site, and we also remove any content that praises or supports terrorism.”

Despite the November crackdown, Islamic State-related material on Telegram remains widespread, according to Steve Stalinsky, executive director of the Washington, D.C.-based Middle East Media Research Institute.

“We’ve been monitoring terrorists’ use of the Internet for 10 years,” he said, adding that terrorists first flocked to blogs and web forums, then Twitter, and are now taking to encrypted messaging apps—Telegram chief among them.

Mr. Stalinsky said he is aware of roughly 200 Telegram channels that are in operation, some attracting 500 or 1,000 individuals each.

In the wake of terror attacks in Paris and California, the Federal Bureau of Investigation has been pushing technology firms to allow investigators to decrypt private communications during terror probes.

Many in the tech industry, however, argue that strong encryption is needed to protect users’ privacy.

Indonesian police say a local man named Bahrun Naim, an Islamic State adherent now based in Syria, sent money to the terrorists who carried out bomb and gun attacks in Jakarta last week, leaving eight people dead, including the four attackers.

Police have said Mr. Naim communicated with the men via the Internet, but have declined to give specifics.

Mr. Naim used Telegram to communicate with pro-Islamic State supporters in Indonesia he was trying to rally as followers, said Sidney Jones, head of the Jakarta-based Institute for Policy Analysis of Conflict, based on her knowledge of interviews with militants whom police arrested in August and December on suspicions they were planning a series of attacks in Indonesia.

“One of the things it tells you is we have a real problem with the fact that this is an encrypted service that no one can intercept,” Ms. Jones said.

The difficulty of stopping the spread of Islamic State propaganda on the Internet was highlighted after a blog appearing to belong to the alleged mastermind of the attacks resurfaced five days after it was blocked by the government.

The domain name bahrunnaim.site was changed from .co to .site and had two fresh posts stamped Monday in Mr. Naim’s name.

“It’s easy to restore a website after it is blocked,” said Andika Triwidada, a cybersecurity expert with Indonesia’s Computer Emergency Response Team.

The author denounced Indonesia’s antiterror police and said the Jakarta attack was carried out in retaliation for aggression against Muslims in Indonesia and around the world.

The ministry couldn’t be reached for comment, but access to the blog appeared to have been blocked Tuesday afternoon.

Indonesia’s Ministry of Communication and Information Technology has in the past year blocked access to dozens of websites it said contained radical content, including 11 in the wake of Thursday’s attacks.

But Minister Rudiantara, who like many Indonesians goes by one name, said the country isn’t planning to ban access to messaging platforms and social networks.

“I don’t think we are in a situation that requires such a move,” Mr. Rudiantara said.

In Malaysia, the Ministry of Communications said in a written response to questions that the government “views seriously the abuse of such technologies…We shall take stern action in such instances and review the use of the application if it is proven to facilitate acts of terrorism in this country.”

—Celine Fernandez and Sara Schonhardt contributed to this article.