How Al-Qaeda Uses Encryption Post-Snowden (Part 1)
May 8, 2014 • Christopher Ahlberg
Update: We recently released part two of this analysis. You can find it here.
- Since 2007, Al-Qaeda’s use of encryption technology has been based on the Mujahideen Secrets platform which has developed to include support for mobile, instant messaging, and Macs.
- Following the June 2013 Edward Snowden leaks we observe an increased pace of innovation, specifically new competing jihadist platforms and three (3) major new encryption tools from three (3) different organizations – GIMF, Al-Fajr Technical Committee, and ISIS – within a three to five-month time frame of the leaks.
Al-Qaeda (AQ) has been using encryption technology in various forms for a long time. The original Mujahideen Secrets is the most common one, but recently we’ve seen multiple new encryption products as well as adaptations to new platforms like mobile, instant messaging, and Mac.
The nature of these new crypto products indicates strategy to overlay stronger and broader encryption on Western (mainly US) consumer communication services. We do not find evidence of abandonment of US-based consumer communication services. Likely risks are still greater to hide outside the consumer crowd, and non-US-based services may be exposed to even stronger lawful intercept.
In this analysis using web intelligence (i.e. OSINT), we will explore AQ use of encryption and platforms – as well as explore product developments following former NSA contractor Edward Snowden’s disclosures.
Timeline of AQ Crypto Developments 2007 to Now
The Recorded Future timeline below lays out key developments from 2007 until now.
- The original Mujahideen Secrets (Asrar al-Mujahideen) encryption software launched in 2007, primarily for use with email. Asrar has had multiple releases over time and is distributed by the Global Islamic Media Front.
- Asrar al-Dardashah, released by GIMF in February 2013, which is an encryption plugin for instant messaging based on the Pidgin platform – which connects to major US-based platforms.
- Tashfeer al-Jawwal is a mobile encryption program, again from GIMF, released in September 2013, based on Symbian and Android.
- Asrar al-Ghurabaa is yet another alternative encryption program, however importantly, released in November 2013 by Islamic State Of Iraq And Al-Sham (ISIS), which coincides with ISIS breaking off from main AQ after a power struggle.
- Amn al-Mujahid is an alternative encryption program released in December 2013. In this case from Al-Fajr Technical Committee (FTC) which is also a mainstream AQ outfit.
Below: The blue line in the middle of 2013 shows the approximate cut-off pre-/post-Snowden disclosures.
Click image for larger view
Impact of Edward Snowden Disclosures
Let’s go back to the question of impact regarding the Edward Snowden disclosures. Did his massive release of secret documents lead to a change in communication behavior of terrorists, and maybe others?
Click image for larger view
This analysis is only looking at a very small sliver of this, but the timeline above tells a compelling story showing how four to five months after the Snowden disclosures both mainstream AQ, as well as the break-off group ISIS, launches three new encryption tools.
For additional analysis on this subject, be sure to read the research completed by the Middle East Media Research Institute (MEMRI).
*We recently released part two of this analysis. You can find it here.