Until recently, al-Qaida didn't pose much of a threat online because it used outdated technology. Having modern encryption tools changes the equation.
Last week, an Islamist Web site called Al-Ekhlas released updated encryption software to help keep secret communications from prying eyes. The site is allegedly frequented by al-Qaida supporters.
According to the Middle East Media Research Institute, the first version of the software, "Mujahideen Secrets," was released a year ago as "the first Islamic computer program for secure exchange [of information] on the Internet." MEMRI says that the program includes "the five best encryption algorithms, and with symmetrical encryption keys (256 bit), asymmetrical encryption keys (2048 bit) and data compression [tools]."
Reuters reports that the new version of the software, "Mujahideen Secrets 2," was developed by Al-Ekhlas "in order to support the mujahideen (holy war fighters) in general and the (al Qaeda-linked group) Islamic State in Iraq in particular."
The Al-Ekhlas Web site is hosted by Florida-based Noc4hosts. Calls and e-mail to the company were not returned.
In an e-mail message, Paul Henry, VP of technology evangelism at Secure Computing, said that until recently al-Qaida didn't pose a credible threat online because of its use of outdated technology. Having modern encryption tools, he said, changes the equation.
The reason al-Qaida supporters would bother making their own encryption software, said Henry in a phone interview, is that they don't trust the software that's out there. "They're concerned with the backdoors in publicly available code ... so they decided to write something themselves," he said.
Henry also acknowledged that the encryption software served a political purpose as much as a technological one. "They're trying to drive membership," he said.
Still, given the sophisticated methods of information gathering available to intelligence agencies, serious terrorists likely know enough to avoid computers entirely. For those likely to be watched by such agencies, sending encrypted files is merely an invitation for the sort of all-encompassing scrutiny that encryption can't block.
Moreover, worries about cyberjihadists have long been overstated. For example, a well-regarded Israeli Web site warned last year that al-Qaida hackers planned a major online offensive against Western, Jewish, Israeli, Muslim apostate, and Shiite Web sites on Sunday, Nov. 11. Needless to say, the Internet was still standing on Nov. 12 and thereafter. Chances are that if the Internet goes down, it will be because of a careless communications worker and a backhoe.
Henry said that he had spoken with federal agents about the site and that the law enforcement community is aware of it.
Offering encryption software is not a crime, though some would support making it so. And while naming software "Mujahideen Secrets 2" may be inflammatory, being provocative is not illegal. It's not clear yet whether Noc4hosts will remove the Al-Ekhlas site for violating its Acceptable Use Policy. As of Thursday afternoon, the Al-Ekhlas site appeared to be inaccessible.
[Interop ITX 2017] State Of DevOps ReportThe DevOps movement brings application development and infrastructure operations together to increase efficiency and deploy applications more quickly. But embracing DevOps means making significant cultural, organizational, and technological changes. This research report will examine how and why IT organizations are adopting DevOps methodologies, the effects on their staff and processes, and the tools they are utilizing for the best results.
2017 State of IT ReportIn today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.