Cyber security, al-Qaida style

Posted on Friday, March 28, 2008 4:00 PM ET
Filed Under:

By Robert Windrem, NBC News Producer

Al-Qaida deputy Ayman al Zawahiri appeared in a new propaganda video late last month, lamenting the killing of a high-ranking member of the terror network. Not that long ago, analysts at the CIA would have combed the video for hidden messages - possible “go signals” for terrorist attacks.

Was there something sinister inserted in the Koranic verse at the beginning of the tape, they might wonder, or did the video itself mask an embedded message? Analysts still do textual and video analysis of al-Qaida statements, but the likelihood that messages were secreted in the video is not as high as once thought.

Why? Credit cyber-security advances. U.S. intelligence officials and other terrorism experts say that Al Qaida and related jihadist organizations have mastered cyber security in ways that many terrorism analysts find impressive, vexing and troubling.

“With these new tools, these folks are able to communicate on an almost invisible level,” said Evan Kohlmann, an NBC News terrorism analyst who tracks jihadists online. “That means not only better coordination between al-Qaida's hierarchy and its constituents, but it also means that would-be homegrown terrorist cells can network together much more efficiently, even when they are separated by thousands of miles from each other.”

The “Mujahedeen Secrets 2” Toolkit:
Today, nearly every jihadist website has a separate section for software downloads. Some of it is basic pirated software, like versions of Microsoft Office, Adobe Photoshop and e-mail encryption files. But law enforcement officials and cyber-security experts say there’s a new item on the menu. It’s a security toolkit called “The Mujahedeen Secrets 2 Program,” an insidious free download from the Islamic Faithful Network. It features every tool needed for jihadists to hide their tracks online, including automatic message encryption and authentication, file encryption, digital signature creation and file shredding tools.

In blogs dedicated to information security, the new software has attracted a lot of attention, and concern. Jeff Bardin is a former code-breaker for the U.S. Air Force and National Security Agency. He’s also an Arabic translator, and he reviewed the “The Mujahedeen Secrets 2 Program” toolkit for the Chief Security Officer Perspectives blog.

"This provides groups like al-Qaida methods to securely transmit and wipe their files,” Bardin writes. “Not that they haven't had such tools in the past, but a second-edition toolset demonstrates a software development lifecycle with some level of sophistication and planning. We should not underestimate our enemies."

And Bardin noted that Mujahedeen Secrets 2 is easy to find, download and use.

"I was able to create keys, encrypt and decrypt files as well as utilize all the features of the toolset. The help screens were detailed, including indexing and search capabilities. What was also of interest was the fact that the tool was in English, although the download information as well as the help files were in Arabic,” Bardin said.

How could it hinder intelligence gathering and law-enforcement efforts? “Even if these guys are ultimately arrested, there may not be a discernible forensic footprint for investigators to follow,” terror analyst Kohlmann said.

Kohlmann has watched jihadists use the web in increasingly broader ways, employing “Second Life”- which creates virtual worlds - to conduct training exercises and build social networks to proselytize and recruit. This new software, he said, is another breakthrough. 

“First, jihad supporters moved to private, password-protected message forums so that their communications never passed through any outside Internet servers,” Kohlmann noted. “The problem is, if law enforcement can identify these forums, then it can go to the hosting providers and simply demand a copy of the forum databases as they did with ‘irhaby 007,’ he said, alluding to a notorious al-Qaida cyber-jihadist arrested in Britain two years ago. The encryption features of “Mujahedeen Secrets 2” make penetration that much harder, Kohlmann added.

Roger Cressey, the former deputy director of the Counterterrorism Office at the National Security Council, agreed.

“We have known for years that the jihadis have used the Internet,” Cressey said.  “Beyond their growing sophistication in the use of commercially available tools and far more impressive tradecraft in protecting themselves on line is an ability to develop new tools specifically for their use,” added Cressey, who is also an NBC News terrorism analyst.

Comments

The 'secrets 2' appears to be a pun reference to the Microsoft XP SP 2 security update for their operating system.  Also, I have been forced to use similar tools just to keep my operating system running.  What's to keep 'terrorists' from running zombie computers?  It's been a re-accuring thought, as I've had so much trouble with mine (operating system), I don't see why they wouldn't.  I just wanted to play a few video games, put together a family album, get to know how the e mail works, put personal records in order, and it became an epic struggle for survival; I've had to rip printer programming out with a 'level 3 uninstall' using a command prompt, because hacker spyware wouldn't/couldn't be removed.  And that was after about 2 hours with a company representative who tried her hardest to get the thing to work.  I wound up purchasing a new printer.  They told me I had to.  I've been awakened at night because my storage harddrive was running so fast and hard it sounded like it was going to take off like an airplane.  That's just for starters.

G. Finch, Minneapolis, MN (Friday, March 28, 2008 6:34 PM)

Government agencies should post their own software that looks to the bad guys like something that would help them cover their tracks but actually it allows the agencies to see what they want to see.

Loren (Friday, March 28, 2008 10:12 PM)

It would seem that the Microsoft/Apple Guru's would create sophiscated counter to the S 2 Programs.

As far as Zombe Computers are concerned, there should be a way in which one could defend against those.  A simple Software Block or Diverter would enable itself and defend against it.

Rick, Newcaste Wash (Saturday, March 29, 2008 2:25 AM)

Actually, secrets 2 has nothing to do with MS XP SP 2.  It is truly version 2 of the program with significant enhancements.  It is not a service pack but a full version upgrade.  There is absolutely not relation or correlation to Microsoft.

Jeff Bardin (Saturday, March 29, 2008 7:00 AM)

How about shutting down the internet feed to the country that houses Al-Jazeera and other media outlets like it....pretty simple when you shut down the metro area exchange that controls that region of the world until the politicians overseas do more.....they'll be complaining that they can't get their porn and remember the internet belongs to teh USA we started it and expanded it.....

Peter Frampton, Syracuse, NY (Monday, March 31, 2008 7:42 AM)

Try turning on your computor first thing in the morning, and having the time on your lap top 3 hours behind and your msn messenger/hotmail totally changed. I have battery back-up in case of power loss, but we lost no power that early morning. I was not amused.  I change my passwrod regularly, I have no personal data or account numbers stored on computor. but what I found ironic, is that I had previously had the hotmail plus, billed regularly to my bank accountby msn. I cancelled that out when I moved in 2005. I was sent an email from them saying my credit card payment was denied in 2006. I pulled up the msn account information in the email with my previous account number (B of A), and the bloody page was in Dutch langauage. I could not even read this. No email response has been received by msn hotmail representatives since I reported it and sent forwarded page in Dutch. I printed out the page in Dutch, and the email. So, if anyone has hotmail plus, paying the extra fee---beware. The really good hackers, are in Morocco and Algiers.
From what I have heard, Al-Q bought and uses satelite systems, splicing into internet cables in one area, relaying to another. I would not under-estimate this group at all.

Krista R-C (Monday, March 31, 2008 9:14 PM)

I don't have any sophisticated software/hardware.  Just XP Pro, Live OneCare and a router. I turn off my computer at night, and at times the modem. I stay out of sites that will have a virus/worm etc.  Mainly do email, WoW, and read the news.

I'm sure Al-Q uses sattelite internet access, after all they've been using SATCOM for years.

When I saw "secrets 2" I thought of the flick Sneakers, and the phrase "too many secrets".  Don't know if Al-Q has seen it, but, one never knows.

Jesse Clarke, Gaithersburg, MD. (Wednesday, April 02, 2008 10:32 AM)

Two things I have to question: One, what do Jihadists have to talk about online? How best to blow yourself up? For the life of me, I can't think of how one would go about making Jihadist recruitment video. Everyone knows there's a war going on, so...there you go. Either that knowledge alone recruits you or it doesn't. Videos like the one released by al Zawahiri are really nothing more than little men who want to hear themselves talk.
And two, did that article mention "Second Life"?! Who uses Second Life?! Furthermore, how can you do anything in Second Life other than very poorly live out your most depraved sexual fantasies via lousy 3D models?! Halo 3 would make a better training simulator than Second Life! On the other hand, so few people are using Second Life that there will be no witnesses, and hey, it's not like terrorism simulation is the worst thing I've ever seen on Second Life.

-Tabris

Tabris Macbeth, Centralia, Pen. (Thursday, April 03, 2008 4:03 AM)

We know they are coming to kill us. As long as they know we are coming to kill them too. We will never stop hunting them down. That is all the message we need to send to them.

Maynard Shea, Eleele, HI (Thursday, April 03, 2008 4:18 AM)

Mr. Frampton-
The Internet does not belong to the US. It was not started solely by the US, and has not been expanded soley by the US. It is truly a global entity.

Amulet, UK (Thursday, April 03, 2008 5:44 AM)

Wanna know why Al-Qaeda always will be a step ahead of us?  They like to think outside the box.  While in the US, if any new idea isn't like "that the way we always do things around here", then it's tossed.  Govt workers have all and any free thinking ability sucked out of them, and because of this, we can only rely on luck to keep another 9-11 from happening.
 Not a very happy thought...

Barry, Bronx, NY (Friday, April 04, 2008 9:58 AM)

Peter Frampton:
I hope very much that you were kidding.  The internet may have begun in the US, but at this point, nobody "owns" it.  Its grown far beyond any national borders, and even if it were possible to cut off internet to entire regions of the world (i'm not sure its possible without dismantling large portions of the internet at this point), it would be like taking a sledgehammer to a fly.  The collateral damage would be totally unacceptable.  That kind of arrogance is a large part of why much of the world hates the US.

Peter C, CO (Friday, April 04, 2008 11:40 AM)

All it takes is for a US to confiscate or gain access to one of their laptops, and their entire security protocol is compromised. For example, laptop may have private keys. And they won't necessarily know if/when we have confiscated/accessed one. I'm not worried - they are operating under a false sense of security.

Austin Bob (Wednesday, April 09, 2008 5:32 PM)

Austin Bob, they operate in cells, so even if a laptop has one set of keys, so what? That doesn't undo file shredders that hide forensics or messages encrpytoed with other methods.

There is a lot if infosec misunderstanding being displayed in many of the responses to this article.

Tabris, the videos are used for brainwashing. Not everyone sympathetic to Al Qaida is ready to blow themselves up or drop their lifestyle to take up arms. However, after some convincing about the true words of Allah or the depth of evil of the infidels, Al Qaida can turn a sympathizer into a militant. Just because you can't understand it does not make it impossible.

Barry, the average government worker is indeed encouraged to be a drone, but this does not apply to top security analysts. We still have more smarts than Al Qaida, because we have more resources.

Finally, G. Finch, much of what you say makes no sense, but please buy an antivirus/antispyware program and keep it up to date.

Jim Grey (Monday, April 14, 2008 9:19 PM)

In response to Mr. Frampton and Amulet,

The "Internet" was first thought of and contstructed in the US when a computer at UCLA linked up with another computer at SRI International in Menlo Park, which was originally called ARPANET.  However, the "World Wide Web" was created outside the US, by English Scientist Tim Berners-Lee.

While many people think of the internet and the world wide web (WWW) as the same, they are not.  it is just the common usage to refer to the WWW as the internet.

Grant, Ar (Tuesday, April 15, 2008 12:06 AM)

Stick to bow hunting, Mr. Frampton, you are good at that and playing guitar too.  I hope you all encourage your children to mess about on their computers; they will be the ones who save our rears in the future.  Set about hackers to infiltrate these programs; they would enjoy the ego boost.  I challenge all of you fair hackers to have at it.  

l. jenkins, red oak, Ia (Wednesday, May 07, 2008 11:43 PM)

Kenneth (Monday, June 16, 2008 2:06 AM)

Jason (Monday, June 16, 2008 2:06 AM)



Send a comment

PLEASE READ: All comments must be approved before appearing in the thread; time and space constraints prevent all comments from appearing. We will only approve comments that are directly related to the blog, use appropriate language and are not attacking the comments of others.

Message (please, no HTML tags. Web addresses will be hyperlinked):

Your name, city and state (John Doe, Seattle, Wash.): 

 Your e-mail address (jdoe@msnbc.com):

Your website (it's okay if you don't have one):

Remember me? (We'll keep it private)

About the blog

Deep Background is NBC News’ investigative blog. It covers national security, terrorism, spies, Iraq, and politics, as well as government waste, fraud and abuse. It is edited by NBC News Senior Investigative Producer Jim Popkin.

Recent Posts

Archives


Browse by topic:

Browse by date:

Add this blog to your news reader

msnbc.com weblogs