Thursday, February 01, 2007

U.S. Eyes Software Touted By Islamists

Courtesy Of: The Washington Times
By Shaun Waterman
UNITED PRESS INTERNATIONAL
January 31, 2007
Front Page

U.S. cyber-security specialists have been examining an encryption software package released earlier this month by the Global Islamic Media Front, a Web forum for supporters of Islamic terrorists.

The software package, dubbed "Mujahideen Secrets," can be used on computers in libraries and other public places to encrypt e-mail or other files being sent over the Internet, according to IDefense, a security consultant firm analyzing the program.

"The program's 'portability' as an application will become an increasingly desirable feature, especially considering the high use of Internet cafes worldwide by pro-terrorist Islamic extremists," said IDefense Middle East analyst Andretta Summerville.

Although the package does not offer any capabilities not available in commercial encryption programs, IDefense Director of Threat Intelligence Jim Melnick said it was being promoted on forums and other Web sites used by supporters of Islamic terrorist groups.

The program "will make it easier and more comfortable for those Arabic speakers who may have been wary of using English-based encryption programs to use a program developed by their own people," Mr. Melnick said. It is "likely to reach a broad audience of pro-terrorist supporters online and Arabic-speaking hackers."

"Mujahideen Secrets," which can be downloaded for free, offers "the five best encryption algorithms, with symmetrical encryption keys, asymmetrical encryption keys and data compression," according to a translation of a Global Islamic Media Front's Jan. 1 announcement about the software, provided by Middle East Media Research Institute.

Mr. Melnick added that "Mujahideen Secrets" included a PDF file of instructions in Arabic, which noted that the developers of the package had been working on the code "for years." Mr. Melnick said another unusual, though not unique feature of the software, was that it did not supply so-called "public keys."

Keys are the code that allows encryption users to talk to each other. Possessing a key does not allow anyone to decrypt messages sent using it but does mean the user can set up a secure session with anyone else using the same key.

"Most encryption packages are designed to be interoperable," he said, but this program is not. As a result, users "must get the key to decrypt e-mail [or other files] from the person who sent it or through other private means."

Encryption capabilities are not new in the world of cyber-jihadis, said Ben Venzke of IntelCenter, a consultant group that provides counterterrorism-intelligence support to the U.S. government.

"This is consistent with the ongoing efforts of jihadist sympathizers online," he told UPI.

"Encryption is used by some [Islamic terrorists]. ... Some al Qaeda manuals have addressed the question. ... It is a standard part of the operational security practiced [online] by those [Islamic terrorists] who take the time to use it."

Copyright 2007 The Washington Times

No comments: