pr1 1

The revelations by Edward Snowden about PRISM, a NSA-operated national security electronic surveillance program, and that the agency used it to gather data from Google, Facebook, Paltalk and other sites, came as little surprise to jihadists, who for the past decade have tried to stay two steps ahead of monitoring...

 

PRISM and US Government Surveillance: No News to Jihadists

By Rita Katz and Adam Raisman

The revelations by Edward Snowden about PRISM, a NSA-operated national security electronic surveillance program, and that the agency used it to gather data from Google, Facebook, Paltalk and other sites, came as little surprise to jihadists, who for the past decade have tried to stay two steps ahead of monitoring. While the specific methods of how the US acquires data were not previously known, jihadists adopted early the use of internet proxies, encrypted emails, and virtual machines to elude detection and protect their data in the event of arrest. Anonymity is a chief concern for jihadi users of forums and social networking websites, and al-Qaeda-affiliates and jihadists themselves have repeatedly stressed the importance of encryption and internet security, and have offered software and tips.

While jihadi forums played a vital role in the promotion for jihad and recruitment to al-Qaeda, they also provided an important and strong platform for educating the online members on how to avoid intelligence interception of their communications, which was always a common discussion. Understanding the importance of the subject, al-Fajr Media Center, the official online distributor of propaganda for al-Qaeda and its affiliates, started the publication of the "Technical Mujahid Magazine" in 2006 and 2007, offering recommendations for computer and internet security. The first issue, released in November 2006, explored Pretty Good Privacy (PGP), a data encryption and decryption program, and advised to protect one's files if their computer is hacked, and how to hide files, referring to hackers hiding their tools and root kits on a compromised system and execute programs without being detected by a system administrator. In its introduction, al-Fajr stressed the importance of internet security and argued that fear of being caught is what hinders some Muslims from actively participating in the "service of jihad," for they believe that "intelligence agencies are counting their breaths and their movements". The second issue of "Technical Mujahid" was posted on the forums in March 2007 and gave tips about steganography and a detailed explanation of "Asrar al-Mujahideen," in addition to how to setup a jihadi website.

pr2 pr3
Issues of al-Fajr's "Technical Mujahid" magazine

A major milestone occurred when jihadists, profoundly distrustful of Western internet security programs, successfully developed their own personalized encryption program to avoid interception of their communications. Over the years, several encryption programs were created and utilized by jihadists. Among the most important programs is "Asrar al-Mujahideen, " or "Secrets of the Mujahideen," an encryption software package developed by the Global Islamic Media Front (GIMF), and first released to the jihadist community in 2007. About a year later, in 2008, a newer and updated version was released by the administrators of the al-Qaeda affiliated al-Ekhlaas Network, an al-Qaeda primary source forum, which went offline in August 2008.. The updated current version, "Asrar al-Mujahideen 2," boasts encryption with the Advanced Encryption Standard (AES), symmetric 256-bit encryption keys, and anti-symmetric RSA 2048-bit encryption, and is the standard for jihadi communications. Even five years after its release, online jihadists from all over the world as well as al-Qaeda members continue to use it, and groups such as the Shabaab al-Mujahideen Movement and al-Qaeda in the Arabian Peninsula (AQAP) require jihadists to communicate with them with "Asrar al-Mujahideen 2". Indeed, in each issue of its English e-magazine, "Inspire," AQAP gives its public key for the program. It said in one of these issues, for example:

"If you are interested in contributing to this magazine with any skills - be it writing, research, editing, or advice - or have any questions for us, you can contact us at any of the email addresses below. We strongly encourage everyone to use the Asrar al-Mujahideen program to get in touch with us as we explained in our first issue. Please take special precautions when using the programs in order to avoid detection from the intelligence services."

pr4
AQAP offering its public key for "Asrar al-Mujahideen 2" in Inspire, Issue 10

Understanding the potential dangers of online communication, the introduction to the user's manual for "Asrar al-Mujahideen 2" explained the reasons behind its development and the benefit it will provide to jihadists. It stated:

"Asrar al-Mujahideen was created to provide secure communications, as it relies on a source code that has been developed for many years, and benefited from the research of algorithms that was submitted to thousands of analyses by the greatest scientists and cryptologists in the world. Cryptology is dealt with as an electronic weapon, which it is, but its origin is in securing communications and ensuring the safety of the communicators and protecting the mujahideen's secrets. There is nothing more dangerous than someone relying on a foreign program to protect his secrets and secure his communications, and then perhaps he would discover when it was too late that all his communications were intercepted by the enemy."

pr1
Asrar al-Mujahideen, Version 2

Later, in February 2013, the GIMF released what it called the first "Islamic program for encrypted instant messaging," naming it "Asrar al-Dardashah," or "Secrets of Chat". The program's manual explains that it is an extension of the “Asrar al-Mujahideen” encryption program for written communications, and represents the group's support of jihadi media and the fighters. According to the GIMF, the plugin uses keys generated by “Asrar al-Mujahideen,” and is to be used with the instant messaging program Pidgin, which it chose due to its support for popular messaging networks such as AOL Instant Messenger, Google Talk, and Yahoo Messenger.

pr5
GIMF's "Asrar al-Dardashah" encryption program for chat software

Understanding the consistent attempts by the Western government to infiltrate jihadist communications, in its introduction to the new chat program, GIMF explained:

"With the appearance of the internet, [the jihadi media] became an important new means for the Mujahideen to be able to express themselves and deliver their word. There is no doubt that they have used it well, despite the lack of capabilities they have, and even with the pursuit, trials, and criminalization by unjust governments. Yet despite all of this, the Mujahideen have been victorious in the media war against the West. In March 2006, Eric Clark, the official spokesperson for the American Central Command, acknowledged that the Al-Qaida organization won the media war against the United States, and he clarified that Al-Qaida works through the internet to provide a new technical level and harness it for its use. This represents the driving force of those who mobilize everywhere in order to extol a specific concept for the Islamic world’s opinion, and even the world."

pr6
GIMF's "Technical Center" website: gimfmedia.com

The release of the chat encryption program was widely publicized on the jihadi forums, with the administrators of the forums urging and assisting members on the use of the new program. In addition, the "Technical Department" of the GIMF also launched a special website in English and Arabic to help jihadists utilize its encryption programs for emails and chat programs. The GIMF website, gimfmedia.com, also provides detailed video tutorials as well as written instructions in Arabic, Bengali, English, German, Indonesian, Pashto and Urdu.

Indeed, jihadists celebrated the release of the "Asrar al-Dardashah" program, and regarding it and the website, they expressed joy that spies would be unable to monitor their messages. On the top-tier Shumukh al-Islam forum, for example, user Turkistan1 opened a discussion thread on February 7, 2013, titled, "=== Here We Offer Condolences to the Spies on the Forum === Regarding Asrar al-Dardashah," and wrote:

"After the spies of the forum and their masters despaired from knowing the content of the messages that we issue and that are being received among the members of the forum, today their despair increased with this news, for even chat has become encrypted, praise be to Allah, and then by the grace of Allah the program Asrar al-Mujahideen. So, congratulations for the lions of the jihadi media and shame on those who sold their religion for the worldly pleasures of others. Will you offer condolences to them??? Hahahahaha"

Since its release, the program continues to be promoted by the jihadi community, with the most prominent English jihadi forum, the Ansar al-Mujahideen English Forum (AMEF), marking it "sticky," for instance. By making the subject "sticky," it remains above all other discussion threads, making it noticeable and easily accessible to members. In response to the "Asrar al-Dardashah's" release, one AMEF user, Hamza al-Ansari, wrote enthusiastically: "I've been waiting for something like this for a while. I'm anxious to get it up and running."

pr7
AMEF's posting of Asrar al-Dardashah

Over time, other jihadist groups emerged that helped users safeguard their identity and internet presence. One such group, the "Technical Research and Studies Center (TRSC)," gave a program called "Mobile Secrets" to use encryption on cell phones in September 2009, and a guide to speed up internet browsing over The Onion Router (TOR) network in October 2009. Individual jihadists also provide recommendations and often post them in the forums' technical sections. The Shumukh al-Islam forum, for example, has a sub-section called "Forum for Secure Communications and Linux Operation Systems," which focuses on Linux and TOR. There, users post updates to TOR; information about other programs such as The Amnesic Incognito Live System (TAILS), which forces connection to the Internet through TOR and encrypts files, email and instant messaging chats; Proxifier; and Ubuntu and system cleaners that one jihadist promoted as "Anti Spies & Intelligence Agency".

After the leak of information regarding PRISM, jihadists alerted fellow supporters about it and advised to continue using encryption programs, and other means of security such as TOR to hide their IP address while accessing jihadi forums such as al-Fida', Shumukh al-Islam and Ansar al-Mujahideen.

Historically, jihadists have given the utmost attention to protecting their identities online, and they continue to make efforts to seek new programs and methods to avoid successful interception, achieve anonymity and secure their communications. Programs developed by jihadi media groups, special sections on forums for TOR, proxies and operating systems, and frequent discussions among forum users about the latest in online and computer security are part and parcel of the jihadi internet community, which has taken enemy monitoring and surveillance as the norm. Snowden's leak about PRISM and the US government's acknowledgement of the program and what it does, has for the most part not seriously impacted jihadists and their internet activities, for they had already assumed it existed and took steps to protect themselves. Revealing just how they're being monitored will only strengthen their security, and will likely result in their redoubling and intensifying the efforts to continue the GIMF path, with the development of their own counter-surveillance programs.