Al Qaeda Homegrown Encryption Likely Aids NSA Intelligence

2014-05-15T15:31:09
ID THREATPOST:922135652BE843EA0373182FB5BDFCC2
Type threatpost
Reporter Michael Mimoso
Modified 2014-05-19T18:37:15

Description

Terrorist organization Al Qaeda has reportedly stepped up its development of homegrown encryption technology since the Edward Snowden leaks began last June.

The question puzzling some security experts is: Why?

“This is hard, and the odds they are doing it correctly are low,” said cryptographer and author Bruce Schneier, citing a number of implementation issues that could arise. “People make mistakes with this stuff all the time. The question is why use something made up as opposed to OTR (Off the Record) or PGP? It’s just crazy.”

The move, web intelligence company Recorded Future says, is a counter to NSA surveillance capabilities that have been made public since the Snowden leaks. Recorded Future published its research last week and said a number of groups inside and related to Al Qaeda have developed as many as three different encryption platforms to mask their communication.

“The nature of these new crypto products indicates strategy to overlay stronger and broader encryption on Western (mainly U.S.) consumer communication services,” said a post on the company’s site dated May 8. “We do not find evidence of abandonment of U.S.-based consumer communication services. Likely risks are still greater to hide outside the consumer crowd, and non-U.S.-based services may be exposed to even stronger lawful intercept.”

Recorded Future is a startup based in Cambridge, Ma., and Arlington, Va., specializing in Web intelligence, analysis and security in areas such as cyber intelligence, corporate security, competitive intelligence and defense intelligence. It has received funding from Google Ventures and In-Q-Tel, the investment arm of the CIA. Requests to them for comments were not returned in time for publication.

Despite the alarm bells, Schneier said rather than confound intelligence agencies such as the NSA and the U.K.’s GCHQ, the homegrown crypto could be easier to crack. Al Qaeda, he said, likely had no faith that conventional U.S.-bred crypto wasn’t already compromised.

“A lack of trust on their part drives you to something worse,” Schneier said. “The NSA is probably thrilled these guys are writing their own stuff.”

Schneier mentioned this phenomenon is happening in more conventional circles too. He said he receives emails occasionally from random people in the security community tinkering with their own crypto deployments.

“I had people send me stuff saying look I’ve built this cool thing to stop the NSA. The odds of this stuff working is extremely low,” Schneier said.

In his blog this week, Schneier recalled a conversation with fellow crypto expert Matt Blaze of the University of Pennsylvania, who said the publication of the Snowden documents would begin a “new dark age of cryptography, as people abandon good algorithms and software for snake oil of their own devising.”

Recorded Future said its research is based on open source intelligence and explained that since 2007, the terror organization’s primary encryption platform has been Mujahideen Secrets, which recently added support for mobile platform, instant messaging and Apple platforms.

Starting last September, Recorded Future has charted three new encryption platforms being used by several Al Qaeda groups, starting with the Global Islamic Media Front (GIMF), which released a mobile encryption tool for Symbian and Android devices.

In November, the Islamic State of Iraq and Al-Sham (ISIS) developed and released its own encryption platform, coinciding, Recorded Future said, with its splintering off from Al Qaeda. Finally, in December, Al-Fair Technical Committee, a mainstream Al Qaeda group, released its own program.