Islamic terrorists release Mobile Encryption Program for Android phones

The Global Islamic Media Front, a Jihadist propaganda arm for Alqeda, Somalia’s al-Shabaab and the Pakistani Taliban, has released an encryption program for Android and Symbian smartphones.

Originally named “Mobile Encryption Program” it is being advertised as being able to send encrypted SMS messages and files as a way for “fighters in the frontline” to securely communicate in between them. The program is using the Twofish algorithm in CBC (Cipher Block Chaining) mode, the program is based in public key encryption and digital fingerprints can be displayed to make sure that encryption keys have not been tampered with. Encrypted messages can be exchanged in Arabic and English using up to 400 characters, one of the settings allows you to enter SMTP and POP3 hostnames detailing port numbers to send encrypted files via SSL email, it will work with any SMTP email provider.

Ballkan Islamik Media Front video

Ballkan Islamik Media Front video

Various terrorist groups, like Alqeda in Yemen, encourages its supporters to communicate with them using encryption programs produced by their propaganda arm.

Global Islamic Media Front programmers have avoided the AES algorithm, a US government standard, but it is highly unlikely that a couple of guys in the bedroom can defeat the best mathematicians the NSA can hire and billions of dollars of budget available to crack it. With all of the available open source encryption program this is totally uncalled for, they could have easily saved themselves the effort, unless of course the CIA wanted them to release this tool.

As soon as you spot that The Islamic Emirate of Afghanistan financial department is using a Gmail address and most terrorist related files are hosted in American servers, you can tell that everything is under control. However, the GIMF is highly skilled at creating amazing videos with beautiful background music and footage to recruit new members.

The Global Islamic Media Front official download site is down at the moment but you can read the announcement at the usual jihadist terrorist NSA monitored forums, like Ansar1, Ballkan-Islamic or Shumukh al-Islam forum.

Ansar1 announcement of Mobile Encryption Program (Arabic only)

Al-Qaeda IM encryption plugin “Asrar Al-Dardashah “

The Global Islamic Media Front, an underground propaganda division for Alqeda and other violent jihadist groups, has released what they call “The First Islamic Program for Encrypted Instant Messaging“, an instant messenger plugin  working alongside another jihadist encryption tool called Asrar al-Mujahideen, already reviewed in my Mojaheeden Secrets post, consisting of nothing else than a PGP like public/private key encryption tool. This new plugin works with Pidgin an open source instant messenger compatible with all major IM networks like Yahoo Messenger, Google Talk, Jabber, ICQ and others.

The announcement includes a ten minutes video tutorial subtitled in English and hosted in Youtube, not containing any Alqeda branding to stop Youtube taking it down I presume. After watching the tutorial I can attest that the instructions were very accurate, whoever produced it was highly experienced in computer privacy tools and demonstrated how to use tor proxy to download Pidgin with Startpage set as their main search engine, which, unlike Google, does not keep IP records, other sophisticated anonymity technologies included configuring a Socks5 proxy so that not only the chat will be encrypted but the computer IP will be hidden from the other part.

Asrar-Al-Dardashah encryption plugin Alqeda

Asrar-Al-Dardashah encryption plugin Alqeda

The tutorial advised jihadists to only download the plugin from a trusted source and  compare the public encryption key ID from the the person they are chatting with the key they have stored in Mojaheeden Secrets 2 to make sure nobody is stealing that person’s identity and replacing the encryption key with their own.

At first glance it might seem impressive that Alqeda supporters have their own high quality branded encryption software, it must work great for propaganda purposes and reaffirmation, however, they are not reinventing the wheel, OpenPGP is open source, it can be checked for backdoors and it has around for a long time, the plugin they are releasing closely resembles the OTR (Off-The-Record) anonymity Pidgin plugin that has been around for years, this is not a new security tool and the only concerning part is that Alqeda supporters are learning how the technology works, but they are also drawing attention to themselves by using a tool that only jihad extremists have access to, the CiA just has to love how Asrar al-Mujahideen is introducing its own “#—Begin Al-Ekhlaas Network ASRAR El Moujahedeen V2.0 Public Key 2048 bit—” tag in every single encrypted message it sends. American secret services packet sniffers must be busy tracking down where in cyberspace is people sending messages with those tags.

Global Islamic Media Front encryption tools only work in Windows, until jihadist discover the power of Linux or BSD they won’t do much damage in cyberwar since most companies and government servers normally run Linux, encryption will be also of little help to them if informers can be found inside the group.

Visit Global Islamic Media Front homepage

U.N. report reveals secret law enforcement techniques

Buried inside a recent United Nations Office on Drugs and Crime report titled “Use of Internet for Terrorist Purposes” one can carve out details and examples of  law enforcement electronic surveillance techniques that are normally kept secret.

The report includes real accounts of investigative techniques countering terrorist groups secure communication systems.

Terrorist groups using computer security

  • Point 187: Members of the outlawed Turkish Revolutionary People’s Liberation Party-Front (DHKP-C) used steganography software called Camouflage to hide messages inside JPEG files and encrypted attachments with WinZip before emailing them. A joint Turkish and Italian police operation managed to decrypt the messages and arrest over a hundred people involved with the organization.
  • Point 194: An Alqeda affiliated webmaster managing a jihadist website from Brazil was specifically targeted by the police to grab him by surprise while he was still online to make sure that they would get his encryption keys thanks to which the investigators were able to open all relevant encrypted files.
  • Point 280: International members of the guerilla group Revolutionary Armed Forces of Colombia (FARC) communicated with their counterparts hiding messages inside images with steganography and sending the emails disguised as spam, deleting Internet browsing cache afterwards to make sure that the authorities would not get hold of the data. Spanish and Colombian authorities cooperated to break the encryption keys and successfully deciphered the messages.
  • Point 374: German citizens members of a group called Islamic Jihad Union used the dead email inbox trick to communicate in between them, the suspects did not send the email  to prevent wire tipping in transit, saving the messages to the draft folder instead for the other part to read and reply, coupled with accessing the Internet using insecure wireless access points of unsuspecting citizens with one of the suspects using encryption which forensics expert tried to access and failed.


Use of Internet for Terrorist Purposes

Law enforcement vs terrorists digital arsenal

  • Point 198: It explains how an investigator can circumvent Truecrypt plausible deniability feature (hidden container), advising computer forensics investigators to take into consideration during the computer analysis to check if there is any missing volume of data.
  • Point 201: Mentions a new covert communications technique using software defined high frequency radio receivers routed through the computer creating no logs, using no central server and extremely difficult for law enforcement to intercept.
  • Point 210: Explains how Remote Administration Trojans (RATs) can be introduced into a suspects computer to collect data or control his computer and it makes reference to hardware and software keyloggers as well as packet sniffers.
  • Point 228: Talks about a honeypot jihadist website created by the CIA and the Saudi Government to attract and monitor terrorists, leading to the arrest of jihadists before they could carry out their operations but finally having to dismantle their own website when law enforcement realised that it was also being used to plan attacks against US troops in Iraq.
  • Point 378: Explains how during an Alqeda case in Belgium and after an informal request without any kind of warrant within two weeks the FBI managed to provide Belgian authorities with a CD containing relevant emails data held in US servers voluntarily provided by Yahoo and Microsoft.

Full report:
http://www.unodc.org/documents/frontpage/Use_of_Internet_for_Terrorist_Purposes.pdf