Terrorist encryption tools nothing more than 'security cape' and gov't red flag

Terrorist groups such as ISIS and Al Qaeda have something in common -- they are using encryption tools which are not worthy of the name.
Written by Charlie Osborne, Contributing Writer

CANCUN, MEXICO: Are encryption tools used by terrorist organizations truly secure, or are they nothing more than a publicity stunt?

"Terrorists love forums," Rodrigo Bijou from data solutions provider The Data Guild said with a slight shrug as he addressed attendees at Kaspersky Labs' Security Analyst Summit. On Tuesday, the terrorism and technology speaker said that throughout his research, online forums have become a modern-day breeding ground for the spread of terrorist-based propaganda -- as well as a place to share "secure" encrypted communications tools used by groups including ISIS and Al Qaeda.
The Data Guild

However, the actual security value of these tools is debatable -- and so could they have another purpose altogether?

The use of technology by terrorists is far from a new idea. For example, while some groups do rely on trusted couriers to send messages, now they have caught up with the times and have seen the potential the Internet holds to spread their message, recruit new members and communicate with each other.

Groups such as ISIS and Al Qaeda are known to use the Web for these purposes. However, they have also developed their own encryption-based toolkits to try and keep their activities from the eyes of intelligence agencies and governments across the globe.

Three main developers of secure, encrypted communications tools have been linked to terrorist organizations. The Global Islamic Media Front (GIMF) and Al-Fajr Media Center Technical Committee (FTC) -- both propaganda and media arms linked to Al Qaeda -- and ISIS -- as a developer itself of security tools -- have all created supposedly secure, encrypted messaging platforms -- but there is a problem.

ISIS does not trust the others, and due to this political conflict, the platforms are sub-par at best. Perhaps happily for us, this lack of trust ensures that none of the groups are pooling their resources to improve terrorism-based communication software.

Al Qaeda, for example, has a flagship communications tool called Asrar al-Mujahideen, launched in 2008. The GIMF software comes pre-loaded with a public encryption key and according to their website, the software provided follows the "latest technological advancements" with "4096 bit public key encryption" for use on the Windows and Android platforms.

Another GIMF tool released in 2013 is the Asrar al-Dardashah encrypted chat plugin, suitable for Symbian and Android and designed to encrypt data across chat apps already in use.

ISIS, in comparison -- but perhaps with just as poor security -- developed a Web-based tool, but relies far more heavily on social media to communicate with followers and enemies. However, the encrypted messaging platform is now defunct, according to Bijou.

These communication platforms are distributed through digital magazines released by the terrorist organizations, as well as dedicated download sites and forum links. The tools come with tutorials and best practice guides, in addition to manifestos and propaganda. The software also receives promotion via supporting online forums, such as Shumukh or Al-Fidaa -- a media arm of Al Qaeda -- where you can often find public encryption keys in order to talk to members of the terrorist groups.

However, paste websites are also used to distribute keys and software. As an example, before launch, the ISIS tool was released through PasteBin.

When downloaded, support information is also provided.

In a letter to Mullah Mohamed Omar, Osama Bin laden said in 2002:

"It is obvious that the media war in this century is one of the strongest methods; in fact, its ratio may reach 90 percent of the total preparation for the battles."

Keeping this in mind, it could be argued that the release of so-called secure communication tools by terrorist organizations might not be based not on privacy -- although the tools do reveal "awareness of best practices to a point," according to Bijou -- but instead, are actually a form of propaganda.

Through these tools, terrorist groups gain at least the facade of professionalism, and can use it to communicate with others interested in joining their crusades.

According to the terrorism expert, the users of encryption tools released by terrorists are mainly the "media elite," newly-formed terrorist organizations -- notably Jabhat al-Nusra and ISIS -- and followers.

The use of these platforms "make you stand out," Bijou says, but not necessarily in the way followers and fans of terrorism may expect. While some Internet users scour terrorism-related forums, download and use the software as "lone wolf types" who want to be part of the "in crowd," the inherent lack of security in software such as Asrar al-Dardashah and Asrar al-Mujahideen leaves the door wide open for law enforcement to flag them up.

Throughout his research, Bijou discovered that the terrorist groups promoted their encryption software as "easy to access" -- but, of course, this also means that intelligence agencies and security professionals can also tap into the systems and conduct traffic analysis -- and potentially find new suspects to track.

In addition, Bijou says that due to the poor security of these tools, followers of terrorist groups would be better off using standard encryption solutions already available online -- as the few prominent terrorism-linked solutions are more of a "red flag" to intelligence agencies than true encryption software.

"There is no reason to use them except signaling you're in one of these communities," Bijou says. "[The terrorists] are putting on the 'sophisticated security cape' rather than actually protecting themselves."

Read on: In the world of security

Read on: Fixes and Flaws

Editorial standards