Mujahideen Secrets 2 Encryption Tool Released

Originally introduced by the Global Islamic Media Front (GIMF), the second version of the Mujahideen Secrets encryption tool was released online approximately two days ago, on behalf of the Al-Ekhlaas Islamic Network. Original and translated press release :

"Is the first program of the Islamic multicast security across networks. It represents the highest level of technical multicast encrypted but far superior. All communications software, which are manufactured by major companies in the world so that integrates all services communications encrypted in the small-sized portable. Release I of the "secrets of the mujahideen" the bulletin brothers in the International Islamic Front and the media have registered so scoop qualitatively in the field of information and jihadist exploit the opportunity to thank them for their wonderful and distinctive. And the continuing support of a media jihadist group loyalty in the technical development of a network of Islamic loyalty program and the issuance of this version, in support of the mujahideen general and the Islamic State of Iraq in particular."

Key features in the first version :

-- Encryption algorithms using the best five in cryptography. (AES finalist algorithms)

-- Symmetrical encryption keys along the 256-bit (Ultra Strong Symmetric Encryption)

-- Encryption keys for symmetric length of 2048-bit RSA (husband of a public key and private)

-- Pressure data ROM (the highest levels of pressure)

-- Keys and encryption algorithms changing technology ghost (Stealthy Cipher)

-- Automatic identification algorithm encryption during decoding (Cipher Auto-detection)

-- Program consisting of one file Facility file does not need assistance to install and can run from the memory portable

-- Scanning technology security for the files to be cleared with the impossibility of retrieving files (Files Shredder)

New features introduced in the second version :

-- Multicast encrypted via text messages supporting the immediate use forums (Secure Messaging)

-- Transfer files of all kinds to be shared across texts forums (Files to Text Encoding)

-- Production of digital signature files and make sure it is correct

-- Digital signature of messages and files and to ensure the authenticity of messages and files

So far, Reuters picked up the topic - Jihadi software promises secure Web contacts :

"The efficacy of the new Arabic-language software to ensure secure e-mail and other communications could not be immediately gauged. But some security experts had warned that the wide distribution of its earlier version among Islamists and Arabic-speaking hackers could prove significant. Al Qaeda supporters widely use the Internet to spread the group's statements through hundreds of Islamist sites where anyone can post messages. Al Qaeda-linked groups also set up their own sites, which frequently have to move after being shut by Internet service providers."

Needless to say that the new features, even the fact that they've updated the program has to be discussed from a strategic perspective. The improved GUI and the introduction of digital signing makes the program a handy tool for the desktop of the average cyber jihadist, average in respect to more advanced data hiding techniques, ones already discussed in previous issues of the Technical Mujahid E-zine. With the tempting feature to embedd the encrypted message on a web page instead of sending it, a possibility that's always been there namely to use the Dark Web for secure communication tool is getting closer to reality. Knowing that trying to directly break the encryption is impractical, coming up with pragmatic ways to obtain the passphrase is what government funded malware coders are trying to figure out. Screenshots courtesy of the tool's tutorial.

E-crime and Socioeconomic Factors

Interesting points by F-Secure with two main issues covered, namely the lack of employment opportunities for skilled IT people who turn to cyber crime to make a living, and the emerging economies across the globe, whose citizens in their early stages of embracing new economic models will suffer from the inevitable unequal distribution of income due to their government's lack of experience or motivation. To me, however, it's more sociocultural than socioeconomic factors that contribute to these future developments. Several more key points worth discussing :

- Malware is no longer created, it's being generated

The myth of someone reinventing the wheel, namely coding a malware bot from scratch is no longer realistic. Modern malware is open source, modular, localized to different languages, comes with extensive documentation/comments and HOWTO guides/videos. Moreover, these publicly obtainable open source malware bots were released in the wild for free, namely, the coders that originally started the "generators" or the "compilers" generation took, and enjoyed only the fame that came with coming up with the most widely used and successful bot family. Take Pinch for instance and the recent arrest of the "coders". New and improved versions of Pinch are making their rounds online, but how is this possible since the people behind it are no longer able to update it? To achieve immortality for Pinch, they've released it as open source tool, namely anyone can use its successful foundation for any other upcoming innovation. The original coders are gone, the "malware generators" and the "compilers" are cheering since they still have access to the tool. Another popular entry obstacle such as advanced coding skills is gone, anyone can compile, generate and spread the samples, or used them for targeted attacks.

- "Will code malware for food" type of individuals don't really exist anymore

A cat doesn't eat mice when it's hungry, it eats mice when it's already been fed, and therefore does it for prestige and entertainment. Storm Worm is not released by the "desperation department", it's an investment on behalf of someone who will monetize the infected hosts, or who has outsourced the infection process to botnet aggregators. Moreover, there's no lack of IT employment opportunities in times of growing economy, exactly the opposite, the economy is booming, investments are made in networks and infrastructure and therefore people will start receiving incentives for training and therefore the demand for IT experts will increase given the government is visionary enough to invest in the long-term, in terms of education and training. If it's not, structural unemployment will undermine the local industry, you'll end up with software engineers working at the local McDonald's during the day, and coding malware during the night - a stereotype. For instance, go through this article and notice the quote regarding the attitude towards the U.S. Malware coders/generators aren't on the verge of starvation, they're on a mission with or without actually realizing it :

"I don't see in this a big tragedy," said a respondent who used the name Lightwatch. "Western countries played not the smallest role in the fall of the Soviet Union. But the Russians have a very amusing feature — they are able to get up from their knees, under any conditions or under any circumstances. As for the West? "You are getting what you deserve."

It's a type of "Why are you doing me a favour that I still cannnot appreciate?" issue, collectivism vs individualistic societies. E-crime is not just easy to outsource, but the entry barriers in space are so low, we can easily argue it's no longer about the lack of capabilities, but the lack of motivation to participate, and actually survive, that drive E-crime particularly in respect to malware. From an economic perspective, the Underground Economy's high liquidity is perhaps the most logical incentive to participate, which is a clear indication on the transparency and communication that parties involved have managed to achieve.