Observing the Cyber Jihad

Postings have been random, and are likely to be erratic for the next few days as I catch up on some off line reading, however I thought I'd share a 'work' related item that has consumed a bit of our research time this week.

The Global Islamic Media Front (GIMF) has released a new version of their communication software called "The Mujahideen Secrets 2". Basically the software is an encrytion tool leveraged for securing communications between active members of the Mujahideen waging Global Jihad. Reuters has the story.

An Islamist Web site often used by al Qaeda supporters carried updated encryption software on Friday which it said would help Islamic militants communicate with greater security on the Internet.

The Mujahideen Secrets 2 was promoted as "the first Islamic program for secure communications through networks with the highest technical level of encoding".

The software, available free on the password-protected Ekhlaas.org site which often carries al Qaeda messages, is a newer version of Mujahideen Secrets issued in early 2007 by the Global Islamic Media Front, an al Qaeda-linked Web-based group.

We noticed OSINT researcher Dancho Danchev has already started digging into the tool, and he makes the same observation we did in our evaluation (although he has excellent links for more information).

With the tempting feature to embedd the encrypted message on a web page instead of sending it, a possibility that's always been there namely to use the Dark Web for secure communication tool is getting closer to reality. Knowing that trying to directly break the encryption is impractical, coming up with pragmatic ways to obtain the passphrase is what government funded malware coders are trying to figure out.

If you are looking for some background on the electronic jihad world, MEMRI had an easy to follow summery from last year designed to inform non technical folks of the emerging cyber jihad forces and techniques. While there is little difference in the techniques of the electronic jihad and most non jihad hacker organizations, however we note there is notable difference in intent.