| Submit your comments on this article |
| Science & Technology |
| U.S. Web site offers encryption tool for al-Qaeda backers |
| 2008-01-24 |
| An Arabic-language Web site hosted on a server located in Tampa, Fla., is apparently offering a new version of software that was designed to help al-Qaeda supporters encrypt their Internet communications. The new encryption tool is called Mujahideen Secrets 2 and appears to be an updated version of easier-to-crack software that was released early last year, said Paul Henry, vice president of technology evangelism at Secure Computing Corp. in San Jose. The tool is being distributed free of charge on a password-protected Web site that belongs to an Islamic forum known as al-Ekhlaas, according to Henry and a blog posting by the Middle East Media Research Institute. Henry said that he contacted the FBI about the al-Ekhlaas site and its contents last weekend. But as of this afternoon, the site was still up and running. Prior to being hosted on the server in Tampa, the site appears to have been run off of a system in Minnesota, Henry said. MEMRI identified the Web hosting firm that owns the server on which the al-Ekhlaas site is running as Tampa-based Noc4hosts Inc. Officials from the hosting firm didn't immediately return calls to a general toll-free number listed on its Web site. Because of the password protection, Henry hasn't been able to download the new tool and therefore can't say what level of encryption it supports. But he said that a banner ad on the site claims that the software offers the highest level of encryption now available. That means it likely uses at least 1024-bit encryption, whereas the first version of Mujahideen Secrets used 256-bit AES encryption, he said. A Reuters story posted Jan. 18 and datelined Dubai quoted the al-Ekhlaas Web site as saying that the new release was a "special edition" of the encryption tool created "in order to support the mujahideen in general and the Islamic State in Iraq in particular." That organization was described by Reuters as being linked to al-Qaeda. Efforts by groups that support al-Qaeda to develop their own encryption tools appear to be driven by concerns about possible back doors being built into publicly available encryption software, Henry said. He added that the upgraded Mujahideen Secrets tool could cause problems for law enforcement and antiterrorism agencies that are tracking the activities of such groups. "Up to this point in time, we have been able to discount al-Qaeda's use of the Internet as an attack vehicle because of their use of outdated and easily thwarted technologies," Henry said. But, he warned, that could begin to change if al-Qaeda backers start adopting more up-to-date tools. MEMRI posted a notice last January about the release of the original version of Mujahideen Secrets. The initial release was announced by the Global Islamic Media Front on Jan. 1, 2007, according to the MEMRI. It noted that the GIMF advertised the tool as "the first Islamic computer program for secure exchange [of information] on the Internet" and went on to say that the software provided users with "the five best encryption algorithms, and with symmetrical encryption keys (256 bit), asymmetrical encryption keys (2048 bit) and data compression." |
| Posted by:ryuge |
| #6 vice president of technology evangelism? |
| Posted by: Ebbomolet Trotsky1353 2008-01-24 17:33 |
| #5 They are in your eggs. The are in everybody's eggs. /Firesign Theater |
| Posted by: Alaska Paul 2008-01-24 16:40 |
| #4 Relax, I'm just bullshitting. I'm a liberal arts major, for the love of Ham. Why would I know anyone in the NSA? Honest. Seriously? The more uncertainty and distrust you can sow among the bastards, the better. Paranoia myopically checks every crevice of his boots for hidden scorpions while blind ignorant overconfidence strides happily across the world's stage. Most of the time the scorpion's in somebody else's shoe. Except this time, Achmed. Better check, because I'm short a scorpion. And every copy of Microsoft has a keystroke recorder & remailer activated when you set your language to Arabic or Farsi. (Who needs to break unbreakable crypto when you can just catch the keystrokes involved in the composition process?) |
| Posted by: Mitch H. 2008-01-24 14:33 |
| #3 Shhhhh! Y'all keep quiet about Thank goodness nobody from Al-Q ever reads Rantburg or we'd be in real trouble.... |
| Posted by: Barbara Skolaut 2008-01-24 12:50 |
| #2 It doesn't matter how many bits they use. That's not how we break 'em. Wonder if this software has a distinctive trace associated with files it encrypts? Wouldn't it be interesting if you could immediately identify terrorist communications based on their having used this software to encrypt them. After all, it's one thing to know what's being said, and quite another to know who said it and to whom. |
| Posted by: Iblis 2008-01-24 12:35 |
| #1 Quiet, you fools! The new version's got a backdoor! Half the hackers and cryptographers in Islamist circles work for the NSA. And we're not telling you which half. |
| Posted by: Mitch H. 2008-01-24 08:09 |