Recorded Future published a report to show that members of Al-Qaeda are developing a series of new encryption software in response to NSA surveillance.

The revelation based on the document leaked by Edward Snowden on the NSA surveillance programs have had also a serious impact on the methods of terrorist organizations like Al-Qaeda. The information provided to the terrorists precious information on the endless technological possibilities implemented by the NSA to spy on citizens all over the world. The same information is influencing the cyber crime ecosystem, in particular the communication in the underground.

In response to the Snowden’s revelations, members of a terrorist group of Al-Qaeda have started using alternative encryption mechanisms to avoid the adoption of alleged flawed cryptographic algorithms debated in the last months. The Threat Intelligence company, Recorded Future, has published a detailed report to demonstrate that members of Al-Qaeda have adopted new encryption applications for the first time, the firm also linked the event to the Snowden revelations.

“Since 2007, Al-Qaeda’s use of encryption technology has been based on the Mujahideen Secrets platform which has developed to include support for mobile, instant messaging, and Macs.

Following the June 2013 Edward Snowden leaks we observe an increased pace of innovation, specifically new competing jihadist platforms and three (3) major new encryption tools from three (3) different organizations – GIMF, Al-Fajr Technical Committee, and ISIS – within a three to five-month time frame of the leaks.” states the official blog post.

It’s known that since 2007, Al-Qaeda groups have developed the encryption software Mujahideen Secrets used to protect online and cellular communications, but according the reports of the intelligence the militants are using different new encryption tools and communication channels ( New services like mobile, instant messaging).

“The nature of these new crypto products indicates strategy to overlay stronger and broader encryption on Western (mainly US) consumer communication services. We do not find evidence of abandonment of US-based consumer communication services. Likely risks are still greater to hide outside the consumer crowd, and non-US-based services may be exposed to even stronger lawful intercept.” report the post.

The use of encryption is very diffused within the terrorist groups to protect their communication and information, in 2011 Deutch Intelligence revealed that militants in the country were using a self developed  encryption tools to secure communication with cells operative in Pakistan.

“A group of German militants recruited into an al Qaeda plot to attack Europe in 2010 were provided hands-on instruction in encrypting their communications using a program called Mujahideen Secrets in the tribal areas of Pakistan by Younes al Mauretani, a senior al Qaeda operative, according to German intelligence officials. An internal al Qaeda strategy document called “Future Works” authored in 2009, which was subsequently recovered by German authorities from an al Qaeda operative in Berlin, spoke of the need to instruct Western recruits in ways to secretly communicate with their handlers. German intelligence officials told CNN that militants in Germany had by 2011 developed ways to communicate in secret over the Internet with terrorist operatives in Pakistan.” reports a CNN blog post.

In 2009, An American-Yemeni cleric instructed European militants in Yemen on the use of the encryption software to protect communication, but the history is full of similar stories because encryption is essential for terrorist organizations like Al-Qaeda. Intelligence reports confirm that the principal terrorist organizations associated with Al-Qaeda, GIMF, Al-Fajr Technical Committee and ISIS, have released three new encryption tools after the disclosure of Snowden documents.

All the below tools were developed starting from the Mujahideen Secrets tool used by terrorists of Al-Qaeda:

  1. Tashfeer al-Jawwal, a mobile encryption platform developed by the Global Islamic Media Front (GIMF) and released in September 2013.
  2. Asrar al-Ghurabaa, another alternative encryption program developed by the Islamic State of Iraq and Al-Sham and released in November 2013, around the same time the group broke away from the main Al-Qaeda following a power struggle.
  3. Amn al-Mujahid, an encryption software program developed by Al-Fajr Technical Committee which is a mainstream Al-Qaeda organization and released in December 2013.

Following the exact timeline of AQ Crypt Development published by Recorded Future:

  • The original Mujahideen Secrets (Asrar al-Mujahideen) encryption software launched in 2007, primarily for use with email. Asrar has had multiple releases over time and is distributed by the Global Islamic Media Front.
  • Asrar al-Dardashah, released by GIMF in February 2013, which is an encryption plugin for instant messaging based on the Pidgin platform – which connects to major US-based platforms.
  • Tashfeer al-Jawwal is a mobile encryption program, again from GIMF, released in September 2013, based on Symbian and Android.
  • Asrar al-Ghurabaa is yet another alternative encryption program, however importantly, released in November 2013 by Islamic State Of Iraq And Al-Sham (ISIS), which coincides with ISIS breaking off from main AQ after a power struggle.
  • Amn al-Mujahid is an alternative encryption program released in December 2013. In this case from Al-Fajr Technical Committee (FTC) which is also a mainstream AQ outfit.

a1a2

 

I found the research very interesting, the use of OSINT methods is an essential part of modern intelligence.

Let me close with

The popular cryptographer and author Bruce Schneier in his blog recalled a conversation with fellow crypto expert Matt Blaze of the University of Pennsylvania, who said the publication of the Snowden documents would begin a “new dark age of cryptography, as people abandon good algorithms and software for snake oil of their own devising.”

Very alarming!

Pierluigi Paganini

(Editor-In-Chief, CDM)

rsa-logo