WASHINGTON, Jan. 30 (UPI) -- U.S. Cyber-security specialists have been examining an encryption software package released earlier this month by the Global Islamic Media Front, a Web forum for supporters of Islamic terrorists.
The software package, dubbed "Mujahedin Secrets" by its authors, is an executable file that can be installed on removable media, like a thumb drive, and used on computers in libraries other public places to encrypt e-mail or other files being sent over the Internet, according to iDefense, an Internet security consultancy which is analyzing the program.
"The program's 'portability' as an application (not requiring installation on a personal computer) will become an increasingly desirable feature, especially considering the high use of Internet cafés worldwide by pro-terrorist Islamic extremists," said iDefense Middle East analyst Andretta Summerville.
"Mujahedin Secrets," which can be downloaded for free, offers "the five best encryption algorithms, with symmetrical encryption keys (256 bit), asymmetrical encryption keys (2048 bit) and data compression," according to a translation of a Global Islamic Media Front's announcement about the software on Jan. 1, provided by Middle East Media Research Institute.
The package does not offer any capabilities not available in commercial encryption programs, according to ZDNet blogger Mitch Ratcliffe. "The difference is an Islamist skin," he wrote, "which seems more a gimmick to inspire confidence in the software than a guarantee it will be effective."
Ratcliffe said that the release of the program would likely revive a debate about the ethics of publicly releasing encryption software, which makes Internet communications essentially not interceptable.
"Publicly available encryption has helped far more than an Islamist-branded product will ever hurt," wrote Ratcliffe. "The ability to hide messages, among many good works, has helped democracy movements thrive around the world, supports the work of human rights activists and, most recently, was probably used to help members of Islam in anti-Ahmadinejad campaigns organize to rebuke Iran's belligerent president."
iDefense Director of Threat Intelligence Jim Melnick told UPI that "Mujahedin Secrets" was being "heavily promoted" on forums and other Web sites used by supporters of Islamic terror groups. The program "will make it easier and more comfortable for those Arabic speakers who may have been wary of using English-based encryption programs to use a program developed by 'their own' people," Melnick said.
The package is "likely to reach a broad audience of pro-terrorist supporters online and Arabic-speaking hackers," he said.
Melnick added that "Mujahedin Secrets" included a PDF file of instructions in Arabic, which noted that the developers of the package had been working on the code "for years."
Melnick said another unusual, though not unique feature of the software, in addition to its portability, was that it did not supply so-called "public keys." Keys are the code that allows encryption users to talk to each other. Possessing a key does not allow anyone to decrypt messages sent using it, but does mean the user can set up a secure session with anyone else using the same key.
"Most encryption packages are designed to be interoperable," he said, but this program is not. As a result, users "must get the key to decrypt email (or other files) from the person who sent it or through other private means."
"Mujahedin Secrets" is the latest example of the growing technical competence of online supporters of al-Qaida and other Islamic terror networks, but encryption capabilities are not new in the world of cyber-jihadis, says Ben Venzke of IntelCenter, a consultancy which provides counter-terrorism intelligence support to the U.S. government.
"This is consistent with the ongoing efforts of jihadist sympathizers online," he told UPI. "Encryption is used by some (Islamic terrorists)" and some al-Qaida manuals have addressed the question.
He said encryption is "a standard part of the operational security practiced (online) by those (Islamic terrorists) who take the time to use it."
