Duncan Campbell proceeds with the analysis of several more ideological Jihadist documents out there, and gives a brief insight into communication tools applied.Among the “Encyclopedia of Jihad” PDF files being circulated, there was also the “Mujahideen Poisons Handbook” which I really can’t recommend to you. You can probably find it, but you do not want to follow the recipe for making Botulinum toxin from fermented excrement.
The Amrikis also did PGP, now we’re getting somewhere. The organization for the preparation of Mujahideen – that’s the “Computer Privacy” document you can see online if you want (see image) – I think Mr. Goldsmith’s still around, if anyone knows him – he might not know they used his material.So the organization for the preparation of Mujahideen now adopted and promulgated PGP, they included their public key, their e-mail address in every document, and supporters were invited to send in scanned and electronic material to build an electronic Jihad library (see image). They’ve been obviously doing this competently, but it was never used, or suggested to be used for operational communications, and what you actually find when you’re looking at the classes of people who do this kind of things is the people that collect documents and distribute documents and copy stuff and like to think that they’ve got the biggest library than the other person, and then the people who get out in the streets and do harm, and this kind of stuff, this use of PGP – was the kind of people who distribute and collect documents, that being their thing. However, in 2002, after the Western invasion of Afghanistan destroyed the training camps, the 3rd edition of “Encyclopedia of Jihad” appeared on the Internet (see image), and it was published in the West, at GeoCities which was later taken over by Yahoo. And this is the full index of “Encyclopedia of Jihad” 3rd edition, down there, to the left, you’ll see the address at which it was originally published, it’s dead now, don’t try, it’s taken over by Yahoo as well. And those of you who speak Arabic fluently will, of course, have spotted down at the bottom one of the files is “Emir Khattab’s course on cryptography and symbols”. This was now an al-Qaeda project, there was an endorsement to Osama bin Laden as now the head of the organisation, so it’s become integrated to al-Qaeda’s activities.
There was a chapter here on secret writing (see image), but when we read it in Arabic, “Secret writing” turns “Tasnya al-ahbar as-suriya” – which just turns out to be a set of recipes for chemicals to make secret inks.So we’ve got to 1993, we’ve got on to Yahoo, we’re doing GeoCities, we’ve passed through PGP, but when we’re putting it out there and we’ve got the endorsement of Sheikh Osama, but its chemical secret inks, and the other one which was “Emir Khattab’s course on cryptography and symbols” (which sounds pretty exciting, as it’s coming from a real Emir) – that turns out to just be a series of diagrams on military manoeuvres. Up there there’s an index list and another Hotmail and Yahoo address, all very standard, all very similar stuff.
There were also “Encyclopedia of Jihad” manuals in Arabic on hacking and cracking, and the English one that you’ve seen already on computer privacy.This is the 4th edition of “Encyclopedia of Jihad” (see image), now it’s published at Yahoo in California, it’s December 2004, and it’s got new sections, it’s got “Nuclear Weapons”, it’s got “Bio-war”, it’s got plans from Hamas, the Palestinian group, for home-made missiles which are sadly and unusually lethally effective, and how-to videos on suicide vests, but there was still nothing on electronic cryptography. Same year al-Qaeda launched a couple of new magazines – they also ran a discussion group right there on Yahoo – this is the magazine, or the journal, of the camp al-Batar, or “The Sword”, for several years it published the usual fare of explosives and booby trap guidance mixed in with religious fatwas, but it did not cover crypto. And the same is true even of newer CDs (see image). This is in the last few years picked up in the Middle East, quite extensive and new materials – bombs, bazookas – but not cryptography. So that’s the literature review.
What about the tools? During most of the early 2000s, most sensitive communications used by jihadists went by unencrypted e-mail. The use of code names, code word substitutions was extremely common and standard practice. The collaborators often used the now very well known method of a Web mail dead drop on Hotmail, Yahoo, or the like; that is to say that messages would be written and left in Web mail “Draft” folders to be accessed by multiple users from different locations all of whom have shared the username and password. By doing that, although they were not using encryption, the communications obviously went over the Net as Web traffic, and not as e-mail. Now, more recently they’ve been doing this again, but they do it using sites using the Cloud.
Read previous: How Terrorists Encrypt 2: Encyclopedia of Jihad
Read next: How Terrorists Encrypt 4: “Mujahideen Secrets” Software