The research moves into cryptographic area proper, explaining the principles of jihadis’ encrypting techniques and providing specific terror investigation cases.
Now, finally, we have cryptography from jihadis. This is “Asrar al-Mujahideen” (see image) – “The Secrets of Mujahideen” in Arabic, and it embodies a series of executables and various other files promoted as “the first Islamic programme for secure network communication”. It was originally published on the website aclass.org. Now that aclass has been closed, Asrar still can be found on the Net, if you know where to look for it; “Asrar” is Arabic for “secrets”.The main screen here offers encryption, decryption, file wiping and key management (see screenshot). And I’d ask you to especially note this feature, right over there, under “Mujahideen Secrets”, you see they’ve come up with something clearly devastating to world of cryptography, it’s “Anti-Symmetric Keys”, in order to carry out their communications.
Asrar offers a choice of 5 candidate AES ciphers, you can see Rijndael as a symmetric algorithm written down there, they also include Mars, Serpent, RC 6, and Twofish. The key management structure is based on so-called AKF files, or Asrar Key Files, and this is the content of an AKF file (see image), for all the world it looks like a clone of PGP. Now, I’m not a reverse engineer, and I hope that many of you are, a quick look at Asrar showed that it was using the PGP for Win executable Cleopatra, and with the key management looking like PGP, it is possibly nothing more than an Islamic GUI for open source PGP and AES software.
But is it? Are the AES engines intact, or have they’ve been tampered with? Could they’ve been stealthed to send out keys? Both Islamist sources that I’ve seen and people like Bruce Schneier and his blog have expressed doubts about whether this is the genuine thing, or whether it’s a plant by NSA or somebody else.
I don’t know. I haven’t heard of anyone doing any proper tests. It’s an interesting question since it’s the only modern mujahideen crypto that’s out there. So if any of you would like to have a go at it, please, do. It’s in the speaker area, Asrar is there, I can provide anything additional that any of you might need, or any collateral material, but it would be lovely to get an answer to the question as when they put out Asrar, was it spiked, and if so, by whom? Or is it a trustworthy project? You’ll see how this has confounded the jihadists in a minute. So, that’s the tool set.
How have real terrorists communicated in the last decade? Since 2002 I’ve been asked to be an expert in several dozen terrorism cases, and in most of the big ones in Britain. And this is a sample of the cases from evidence in open court and from public sources. Going to look at about a dozen of them.
On 22nd of December 2001 Richard Reid attempted to detonate high explosive hidden in his boots while on a flight inbound to Miami (see image). Reid did use the method of Web mail dead drops to send messages to another jihadi in the days running up to his attempt at martyrdom, but no encryption.
In 2003 in January in the run up to the attack on Iraq, British police arrested 5 men who were alleged to be manufacturing the poison ricin from castor oil beans as a weapon of mass destruction. In fact, you can make about enough to off a medium sized sheep from a jar of castor beans, but no worry. The arrest of the so-called “Ricin Ring” was used to support the case for war on Iraq, and in February of 2003 the U.S. Secretary of State Colin Powell relied on it with much else in the way of notorious and, now debunked, evidence to make the case for war to the United Nations. Powell said that Iraq and bin Laden were at the center of a European wide terror ring (see image), securely and secretly communicating details of poisons and explosives chemistry.
This was found to be fiction, 2 years later, after the war, at trial. There was no ricin actually found, that had been an undisclosed scientific error, right at the start. The lists of chemicals which were claimed directly to link the plotters in Europe to Iraq and al-Qaeda turned out to be Internet copies of an identical document, in fact, one of the explosives manuals that had been kicking around, that we’ve seen, for 6 years, from the “Encyclopaedia Jihad”. So, this plot that was used to help make the case for the attack on Iraq, with its poisons, its plotters, and its secret communications, simply didn’t exist – no ricin, no encrypted communications, no plot.
However, after the attack on Iraq, the situation did change. In Britain, earlier in 2004, March 2004, operation CREVICE. The police and security services arrested 6 Muslim men who’d been acquiring and storing very large quantities of fertilizer (see image). That’s one of them, on the left there, shipping it around in a storage site. The principal organizer, Omar Khyam, had created a shared e-mail dead drop account which he used to link to Canadian and American conspirators, and he handed it out to them, according to reports out of a training camp in Pakistan.
His collaborator Canadian Momin Khawaja was brought in and came over to Britain to supply the vitally needed detonators for their major explosives plans, and he claimed to have brought with him a specially invented detonator system which he called the “HiFi Digimonster”. Pretty good! When it was taken apart it turned out to be a garage remote door opening system.
7th of July 2005, operation THESEUS. This was the investigation of the 4 coordinated suicide attacks that killed 52 people in London’s transport system. No secret codes were reported to have been used. The official enquiry later found little evidence that 3 of the 4 bombers were big Internet users. However, they were Britain’s worst ever terrorist killers.
Read previous: How Terrorists Encrypt 3: Communication Tools
Read next: How Terrorists Encrypt 5: International Anti-Terror Operations