Investigators have now pulled together a 55-page document, obtained by the New York Times, detailing evidence gathered since then – including the group’s use of the Web, or lack of, to coordinate their movements.
In what is believed to be a change of tactic to previous terror attacks, the attackers are said to have used the phones of hostages to make calls and use the Web, although apparently thwarted by poor reception.
One anonymous woman who is quoted in the evidence said the attackers even had to struggle with an automated messaging menu while trying to get through to police using her smartphone.
The attackers also had a stash of burner mobiles, many of which had only been activated hours or days before the attack, the report said.
A Samsung phone containing a Belgian SIM had only been live since the day before the attack and is chillingly reported to have images of the Bataclan concert hall’s layout, along with Web searches for gig tickets and the phrase ‘Eagles of Death at the Bataclan.’
The GPS data of this phone led investigators to places the attackers had been, as well as a phone number called that helped the police link the attacks with people living in Belgium.
Phone calls also ultimately led investigators back to the Paris apartment that had just been rented by one of the attacker’s cousins – which went up in an explosion on November 17. The New York Times says:
Inside the ruins, the police found several dozen boxes of unused cellphones still in their wrappers. The phones were found throughout the rubble, including in the rooms and stairwell. Others had been ejected during the blast and fell onto the street below.
Police say they have not been able to find email or any other communications linked to the killers, “prompting the authorities to conclude that the group used encryption,” the NYT said, without any clear evidence to support this claim.
Another odd detail, also from the woman who says her smartphone was used by the group, said:
One of the terrorists pulled out a laptop, propping it open against the wall, said the 40-year-old woman. When the laptop powered on, she saw a line of gibberish across the screen: “It was bizarre — he was looking at a bunch of lines, like lines of code. There was no image, no Internet,” she said. Her description matches the look of certain encryption software, which ISIS claims to have used during the Paris attacks.
A tech activist and former VP of data at Kickstarter, has already called these assumptions into question.
NYTimes also lets slide a observation that leads to a pretty iffy assumption about attackers using encryption: pic.twitter.com/tBMeqOC5Ft
— fred (@fredbenenson) March 20, 2016
The attackers are believed to have used Western Union, as well as the Middle Eastern ‘hawala informal money exchanged network, to help finance their plans.
➤ A view of ISIS’s evolution in new details of Paris attacks [New York Times]