Al-Qaeda-linked online forum Al-Ekhlaas claims to be offering strengthened encryption software called Mujahideen Secrets 2 to its members. The surprise? It's coming from U.S.-based Web sites.
An online forum linked to Al-Qaeda claims to be offering strengthened encryption software to its members. The twist? It's coming from U.S.-based Web sites.
The encryption software, "Mujahideen Secrets 2," was announced in the last few days at an Arabic-language site and may well be better than last year's software, "Mujahideen Secrets 1," which some experts claim is poorly designed and breakable. Most surprising, though, is that the Al-Ekhlaas forum that announced the 2.0 version is hosted at a Web site based in Tampa, Fla.
"The original Mujahideen Secrets used a weak methodology, it was not properly designed and it was breakable," asserts Paul Henry, vice president of technology evangelism at Secure Computing. Henry notes that the first version of Mujahideen Secrets makes use of the RSA-based public-key cryptography.
Secure Computing and others have traced the Al-Qaeda-linked group's Web sites to multiple IP addresses and domain names associated with ISP NOC4Hosts and another ISP, SiteGenesis in Rochester, Minn.
SiteGenesis today quickly moved to black out the IP address for the Al-Ekhlaas-related content after looking into the matter.
Scott Litke, CEO at SiteGenesis, says his company has firm policies banning content that includes terrorism, pornography and other undesirable topics. Litke says it's difficult to police content on more than 400 servers in his business, which depends on resellers selling tens of thousands of Web sites.
"We might have 500 Web sites in one server," Litke says. "We can't police it all. But when we learn about a violation of our policies, we will take action." He adds groups like Al-Ekhlaas are likely to pop up again somewhere else within a few hours.
NOC4Hosts did not immediately respond to inquiries made by phone and e-mail about any relationship it may have to the Web site Al-Ekhlaas, which can also be found spelled several ways, including alekhlass, aekhlaas, and shortened as ek-ls.
Washington, D.C.-based Middle East Media Research Institute (MEMRI) has also identified NOC4Hosts as the Web site provider for Al-Ekhlaas, noting that on Jan. 13 the Islamist forum "announced the imminent release of a new version of the 'Mujahideen Secrets' software."
Last October, MEMRI, which has a project to track hosting providers of radical Islamist content, issued a bulletin asserting that Al-Ekhlaas posts videos and communiqués from a variety of terrorist organizations through different domain names in the United States and Malaysia.
MEMRI stated that the first version of the Mujahideen Secrets encryption software released a year ago was described as "the first Islamic computer program for the secure exchange [of information] on the Internet," providing users with "the five best encryption algorithms, and with symmetrical encryption keys (256 bit), asymmetrical encryption keys (2048 bit) and data compression [tools]."
Secure Computing's Henry says he hasn't been able to get a close look at Mujahideen Secrets 2 yet from the password-protected site, but there's cause to be concerned that Al-Qaeda may be bulking up its technologies.
"Up to this point in time, we have been able to discount Al-Qaeda's use of the Internet as an attack vehicle because of their use of outdated and easily thwarted technologies," Henry says. But danger increases when "the bad guys begin to use current 21st century technologies."
Learn more about this topicRSA Security announces Key Manager
02/01/06Data breaches, regulation spurring encryption adoption
12/10/07Quantum cryptography to secure ballots in Swiss election