Jihadists Get Encryption Upgrade

Until recently, al-Qaida didn't pose much of a threat online because it used outdated technology. Having modern encryption tools changes the equation.
Last week, an Islamist Web site called Al-Ekhlas released updated encryption software to help keep secret communications from prying eyes. The site is allegedly frequented by al-Qaida supporters.

According to the Middle East Media Research Institute, the first version of the software, "Mujahideen Secrets," was released a year ago as "the first Islamic computer program for secure exchange [of information] on the Internet." MEMRI says that the program includes "the five best encryption algorithms, and with symmetrical encryption keys (256 bit), asymmetrical encryption keys (2048 bit) and data compression [tools]."

Reuters reports that the new version of the software, "Mujahideen Secrets 2," was developed by Al-Ekhlas "in order to support the mujahideen (holy war fighters) in general and the (al Qaeda-linked group) Islamic State in Iraq in particular."

The Al-Ekhlas Web site is hosted by Florida-based Noc4hosts. Calls and e-mail to the company were not returned.

In an e-mail message, Paul Henry, VP of technology evangelism at Secure Computing, said that until recently al-Qaida didn't pose a credible threat online because of its use of outdated technology. Having modern encryption tools, he said, changes the equation.

The reason al-Qaida supporters would bother making their own encryption software, said Henry in a phone interview, is that they don't trust the software that's out there. "They're concerned with the backdoors in publicly available code ... so they decided to write something themselves," he said.

Henry also acknowledged that the encryption software served a political purpose as much as a technological one. "They're trying to drive membership," he said.

Still, given the sophisticated methods of information gathering available to intelligence agencies, serious terrorists likely know enough to avoid computers entirely. For those likely to be watched by such agencies, sending encrypted files is merely an invitation for the sort of all-encompassing scrutiny that encryption can't block.

Moreover, worries about cyberjihadists have long been overstated. For example, a well-regarded Israeli Web site warned last year that al-Qaida hackers planned a major online offensive against Western, Jewish, Israeli, Muslim apostate, and Shiite Web sites on Sunday, Nov. 11. Needless to say, the Internet was still standing on Nov. 12 and thereafter. Chances are that if the Internet goes down, it will be because of a careless communications worker and a backhoe.

Henry said that he had spoken with federal agents about the site and that the law enforcement community is aware of it.

Offering encryption software is not a crime, though some would support making it so. And while naming software "Mujahideen Secrets 2" may be inflammatory, being provocative is not illegal. It's not clear yet whether Noc4hosts will remove the Al-Ekhlas site for violating its Acceptable Use Policy. As of Thursday afternoon, the Al-Ekhlas site appeared to be inaccessible.

Editor's Choice
Brandon Taylor, Digital Editorial Program Manager
Jessica Davis, Senior Editor
Cynthia Harvey, Freelance Journalist, InformationWeek
Terry White, Associate Chief Analyst, Omdia
John Abel, Technical Director, Google Cloud
Richard Pallardy, Freelance Writer
Cynthia Harvey, Freelance Journalist, InformationWeek
Pam Baker, Contributing Writer