An Overview of Jihadist Encryption Programs
While programs like Truecrypt and PGP are standard for many of us looking for enhanced file or email security, online Islamist terrorist organizations have developed similar in-house programs for the better part of the last decade. Used by al-Qaeda leaders like Anwar al-Awlaki and recommended in many online jihadist forums, these programs represent an interesting phenomena within jihadist technology. I’ll first give a brief overview of the two popular programs, and then some ideas on why these programs came to be developed and adopted over more mainstream applications.
Asrar al-Mujahideen, also known as Mujahideen Secrets for short, has been the most prominent program with several released versions. The program was originally developed by forum members at the al-Ekhlaas Islamic Network and became popularized in the first issue of Inspire, al-Qaeda in the Arabian Peninsula’s (AQAP) quarterly magazine, in a July 2010 post entitled ‘How to Use Asrar al-Mujahideen: Sending and receiving Encrypted Messages’. The program has also been frequently recommended on major online jihadist forums like Ansar al-Mujahideen, al-Fidaa, and JHUF.
Since the original Inspire article, the al-Mahalem Media Foundation, the publishing wing responsible for the quarterly, has distributed two new versions of public keys for verifying the software.
The latest version of Asrar al-Mujahideen was released in late January 2008, with some interesting new features supporting digital signatures and online file transfers. I’ve included a quick feature comparison and screenshots below—
Features in the original:
• Choice of AES finalist encryption algorithms: 256 bit ciphers w/ Twofish, Rijndael, Mars, RC6 and Serpent
• 2048 bit RSA encryption key management
• Automatic cipher identification during decoding
• Ability to run from USB
• ‘File Shredder’ to overwrite and destroy files
New features in the second version:
• Text and forum message encryption
• Secure online transfer via produced digital signatures
Original Inspire post
Asrar al-Mujahideen Cover
Screenshot of the Asrar al-Mujahideen program in use
Just released this February, Asrar al-Dardashah is the latest jihadist encryption program. The program is a plugin for Pidgin, an instant messaging client that that supports accounts from popular services like MSN, Yahoo, and Google Talk. Paired with private keys from the Asrar al-Mujahideen program, the program ensures encrypted instant messaging. A user imports his or her private key into the Asrar al-Dardashah plugin which then generates a public key for general use.
Like Asrar al-Mujahideen, the program was spread across the various top tier jihadist forums and syndicated by the Global Islamic Media Front (GIMF).
• Compatible with Pidgin, and by extension any major chat client like Yahoo or MSN
• Asymmetric key management based on RSA
• Use in tandem with Asrar al-Mujahideen private keys
• Supports primary Jihadist languages of Arabic, Urgu, Pashto, Bengali, and English through Unicode encoding
Screenshot of the Asrar al-Mujahideen program in use
What’s immediately fascinating to me is why terrorist organizations would take the time to develop programs instead of using already mainstream options. It’s interesting that the developers were clearly aware of best practices, choosing the five AES challenge finalists, but still decided to ignore other options. I think two possible factors are at play in the motivation to create and distribute internal encryption programs: attention and mistrust.
The ‘brand’ value of groups like GIMF and the al-Mahalem Media Foundation benefit from disseminating these tools. While the tools are less secure than their more popular, mainstream counterparts, actions like blatantly tagging all public keys with ‘#—Begin Al-Ekhlaas Network ASRAR El Moujahedeen V2.0 Public Key 2048 bit—’ and the group branding on the program itself promote the associated al-Qaeda media brands. Despite the fact that using these tools clearly increases the attack surface for these groups through easily identifiable and unique methods, the propaganda value seems to be worth it. In the online jihadist world there are continually competing tiers of forums, release groups, and actors, but less than a handful of encryption programs.
Taking the jihadist point of view, another reason for the development and use of these tools could be heightened mistrust. Anything outside the relatively small ecosystem of online jihadist circles is seen as suspect. Many take the ‘Leviathan’ view of the US and Israel, and continue to apply it towards the cynical views that any Western developed software could contain government backdoors. Even with the popularity of open source security programs, those less technically capable would have a much easier time trusting what’s known to be used by Anwar al-Awlaki, what’s promoted in Inspire, and by prominent jihadist hackers online.
Therefore, factors like attention and mistrust explain the divergence between indicators of technical expertise, like choosing AES finalists, and avoidance, like forgoing PGP or similar programs. These programs are less secure, but allow groups like GIMF to maintain their high profile and feed a confirmation bias of an all-powerful U.S. government. As for now, the programs may arguably protect against ‘backdoors’, but provide easily recognizable data to identify terrorist communications, organizations, and users online.