Remember Mujahideen Secrets, the jihadist themed encryption tool released by the Global Islamic Media Front (GIMF) to aid cyber jihadists about to convert to cyber terrorists in encrypting their communications? See the attached screenshot -- if only could jihadists see through the eyes of the multilingual crawler or knew I violate their OPSEC on a daily basis. The interesting part from a PSYOPS perspective is how they've realized that using PGP no longer means improved and sustained self-esteem for the average jihadists, so coming up with their very own encryption tool and file shredder is a logical step. Encryption, even steganography has been used by terrorists for years, and despite that no one is feeling comfortable with the idea, it's an unspoken fact. There's also something else to keep in mind, terrorists are putting more efforts into recruiting knowledgeable individuals than trying to educate them from day one. And while coding the mujahideen secrets software requires nothing more than a simple GUI and publicly obtained encryption libraries, I wonder did the people behind it on purposely knew who they're compiling the tool for, or was it a part time project on a "need to know basis"?
Encryption algorithms' sophistication in respect to the key's size shouldn't really be of any concern in this case, but how come? Simple, the lack of quality passphrases, even implementation of the algorithms into the software, combined with client side attacks seeking to obtain the passphrase compared to perhaps futile bruteforcing, speak for themselves. One thing remains for sure - they're encrypting and generating more noise than originally thought. Go through an analysis of the Technical Mujahid Issue One as well.
No comments:
Post a Comment