Security firm: Al-Qaeda group's encryption software stronger

"Mujahideen Secrets 2" software gets security boost

Al-Qaeda support group Al-Ekhlaas has improved the encryption software it now provides to its online members, according to one security researcher who examined the software, known as "Mujahideen Secrets 2."

Mujahideen Secrets 2 has added the ability to encrypt chat communications, which the first version lacked, says Paul Henry, vice president of technology evangelism at Secure Computing. Henry says he got the software through a contact in the intelligence community. The home-grown Mujahideen Secrets 2 encryption software, based on open source RSA code, can encrypt binary files so they can be posted on ASCII-text-based bulletin boards and Web sites.

"They have improved the operation of the graphical user interface and it will now encrypt chat communications," says Henry, who adds that the Arabic translation suggests the software is encouraged for use by Al-Ekhlaas members to evade US government efforts at surveillance.

Tampa-based ISP NOC4Hosts and Rochester, Minn.,-based SiteGenesis in January found out their operations were being used to host the Al-Ekhlaas Web sites where Mujahideen Secrets 2 can be found. Both hosting firms pulled the plug on the Web sites after receiving specific technical information about the content.

This week another Web hosting company, CrystalTech Web Hosting in Phoenix, shut down sites linked to the Al Qaeda-link support group.

"As soon as we found out, we brought the IP sites down," says Bob Cichon, president of CrystalTech Web hosting, who blamed a reseller for it happening. "We're a very large host and it's hard to track everything."

In its analysis of Mujahideen Secrets 2, Secure Computing has noticed that the software appears to violate copyright law.

"Typically with open source, they still require a copyright notification," Henry says. "There's no copyright notification whatsoever here."

Another notable thing is that the public-key signature in Mujahideen Secrets 2 leaves a tell-tale sign that the Al-Ekhlaas home-rolled software produced it. The encryption itself is strong at up to a 2,048-bit key length, and like the previous version, provides e-mail and file encryption using public-key certificates.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Ellen Messmer

Network World
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?