An Arabic-language website, hosted on a server located in Florida, is apparently offering a new version of software that was designed to help al-Qaeda supporters encrypt their internet communications.
The new encryption tool is called Mujahideen Secrets 2 and appears to be an updated version of easier-to-crack software that was released early last year, says Paul Henry, vice president of technology evangelism at Secure Computing, based in San Jose.
The tool is being distributed free of charge on a password-protected website that belongs to an Islamic forum known as al-Ekhlaas, according to Henry and a blog posting by the Middle East Media Research Institute. The MEMRI is a Washington-based organisation that monitors what it describes as jihadist websites and publishes translations of online content originally posted in Arabic, Persian or Turkish.
Henry says he contacted the FBI about the al-Ekhlaas site and its contents. Before being hosted on the server in Tampa, the site appears to have been run off of a system in Minnesota, Henry says.
The MEMRI identified the web hosting firm that owns the server on which the al-Ekhlaas site is running as Tampa-based Noc4hosts. Officials from the hosting firm didn't immediately return calls to a general toll-free number listed on its website.
Because of the password protection, Henry wasn't able to download the new tool and therefore couldn't say what level of encryption it supports. But he says that a banner ad on the site claims the software offers the highest level of encryption now available. That means it likely uses at least 1024-bit encryption, whereas the first version of Mujahideen Secrets used 256-bit AES encryption, he says.
A Reuters story posted on 18 January and datelined Dubai quoted the al-Ekhlaas website as saying that the new release was a "special edition" of the encryption tool created "in order to support the mujahideen in general and the Islamic State in Iraq in particular." That organisation was described by Reuters as being linked to al-Qaeda.
Efforts by groups that support al-Qaeda to develop their own encryption tools appear to be driven by concerns about possible back doors being built into publicly available encryption software, Henry says. He adds that the upgraded Mujahideen Secrets tool could cause problems for law enforcement and antiterrorism agencies that are tracking the activities of such groups.
"Up to this point in time, we have been able to discount al-Qaeda's use of the internet as an attack vehicle because of their use of outdated and easily thwarted technologies," Henry says. But, he warns, that could begin to change if al-Qaeda backers start adopting more up-to-date tools.
The MEMRI posted a notice last January about the release of the original version of Mujahideen Secrets. The initial release was announced by the Global Islamic Media Front on 1 January, 2007, according to the MEMRI. It noted that the GIMF advertised the tool as "the first Islamic computer program for secure exchange [of information] on the internet" and went on to say that the software provided users with "the five best encryption algorithms, and with symmetrical encryption keys (256-bit), asymmetrical encryption keys (2048-bit) and data compression."
Last February, the MEMRI also posted an analysis of so-called electronic jihad activities. According to the institute, radical Islamic groups have been trying over the past few years to carry out coordinated attacks against websites belonging to organisations they consider to be their enemies. "As [is] evident from numerous postings on the Islamist websites, many of these coordinated attacks are organised by groups devoted to electronic jihad," the MEMRI wrote in its analysis.
Six prominent electronic jihad groups have emerged on the internet, according to the MEMRI, which says that four of them had their own websites "through which they recruit volunteers to take part in electronic attacks, maintain contacts with others who engage in electronic jihad, coordinate their attacks and enable their members to chat with one another anonymously."
Among the content available on one of the sites was a document explaining how to carry out electronic jihad attacks, along with technical information about the software needed to do so and descriptions of previous attacks and their results, the MEMRI says.