Several months ago a web intelligence company Recorded Future has surveyed encryption software most commonly used by Jihadist groups such as Al-Qaeda and IS (Islamic State). The arsenal of tools used by extremist groups, mostly Windows and Android applications, included a wide range of encryption algorithms, ranging from widely accepted public-key RSA algorithm and AES or Twofish for symmetric encryption, to homebrew and undisclosed “unique encryption algorithms”.
The choice to employ their own cipher schemes made many researchers in cryptography smile. It is an often repeated mantra within the security community that “if you are writing letters ‘AES’ [the most common symmetric algorithm] in your code, you’re doing something wrong” – alluding to the fact that actual implementation of a cryptographic system is an enormously complicated task which normally undergoes a prolonged process of public review by other researchers in the field. The problem is that there are so many potential points of failure that it is practically impossible for one person or one single group of people to design and implement it without any fatal flaws.
Recently Recorded Future decided to check up on software used by Jihadists to see if they have changed their privacy habits. In June 2014 Al-Fajr, one of Al-Qaeda’s media representitives, released a new encryption app for Android called “The Mujahid’s Security”. GIMF, another of Al-Qaeda’s media off-shoots, released an Android version of their previously released application.
Al-Fajr encryption programs use Twofish symmetric algorithm by default instead of a NIST standard AES, although several other ciphers are included in the package. Researchers at Recorded Future note that this is possibly due to distrust in American standartization agencies and possible backdoors in standard algorithms – not really a far out idea given recent discoveries provided by Snowden’s documents.
All in all it seems that Al-Qaeda is moving towards adopting the more standard encryption methods. Al-Qaeda’s adversary IS seems to no longer use its own issued software that boasts of “unique encryption algorithms”, and there is a general tendency to move towards encryption standards yet at the same time further discourage use of known and audited encryption software.
However, it is also noteworthy that even standard algorithms can be and ususally are implemented badly. That is why infosec experts advice using known implementations such as those provided by OpenSSL cryptographic protocol or GnuPG file and e-mail encryption package. These systems, although flawed as shown by recently discovered critical bugs such as Heartbleed, are the most reviewed and most developed. It could be said that standard systems are “the least of all evils” and thus are a standard choice.
All of this is good news for counter-terrorist agencies, although it seems that extremist organizations are slowly realizing the importance of cryptographic standards and are moving towards their adoption.
Reference article: How Al-Qaeda Uses Encryption Post-Snowden (Part 2) – New Analysis in Collaboration With ReversingLabs, Recorded Future Blog, source link.