Software designed specifically to aid Muslim terrorists hide their identities and location while online has been released in an updated version, according to security analyst Paul Henry of Secure Computing. He says the program is named Mujahideen Secrets 2, and claims it is "the first Islamic program for secure communications through networks with the highest technical level of encoding." Henry, VP of technology evangelism at Secure states that until recently al-Qaida didn't pose a credible threat on the Internet because of its reliance upon outdated technology. But having now developed modern encryption tools, the entire equation is changed. Equally disturbing is the fact the new jihadist program is being distributed via servers based in the U.S. -- in Tampa, Florida.
The software is available free at the password-protected Ekhlaas.org site, a destination frequently carrying al-Qaida messages, and is an updated version of the Mujahideen Secrets program that was released in early 2007 by the Global Islamic Media Front, an al-Qaida-linked Internet organization. The website says about the program, "This special edition of the software was developed and issued by Ekhlaas in order to support the mujahideen (holy war fighters) in general and the (al-Qaida-linked group) Islamic State in Iraq in particular." Henry said that he contacted the FBI about the al-Ekhlaas site and its contents in mid-January but that the website continued to be up and running afterwards. The al-Ekhlaas site had previously been at a Minnesota server until it was chased off, according to Henry.
This information was first made public during an online chat that Henry had with the group Middle East Media Research Institute (MEMRI), a Washington-based organization that monitors suspected jihadist Web sites. MEMRI was able to determine that the Web host for the al-Ekhlaas site is owned by Tampa-based Noc4hosts Inc., who did not return phone calls made to their toll-free number.
Since the site is pass-word protected, Henry was not able to download the program and apply any rigorous testing to find out what level of encryption it supports. But he says a banner ad on the site claims that the software offers the highest level of encryption available, meaning it probably uses 1024-bit encryption, whereas the first version of Mujahideen Secrets used 256-bit AES encryption. According to a Reuters story from Jan. 18, the al-Ekhlaas Web site had claimed the new software release was a "special edition" of the encryption tool designed "to support the mujahideen in general and the Islamic State in Iraq in particular."
It is ironic that Henry is not legally allowed to hack his way into the site, despite the extreme security risks it represents and the fact that American lives could be at stake if it were allowed to stay up. He says he is now concerned that the Muslim terrorists seem to be getting better at concealing themselves. Henry said, "What concerns me personally is we've relied on their use of archaic technology to block them in the past, and it looks like this might be the start of a tech refresh for the bad guys."
In November, IBLS reported a story about a electronic Web attack supposed to occur in November against "Western, Jewish, Israeli, Muslim apostate and Shiite Web sites," called the e-Jihad, yet it never materialized (please see Western Intelligence Claim:Western Intelligence Claim: November Electronic Jihad Ordered as Al Qaeda Reels in Decline ). Henry claims that authorities were able to crack the e-jihadist's codes before the attack went down, foiling their plans. Now the terrorists are mimicking the methods of the Storm Worm creators, employing the fast flux DNS, that can switch IP addresses of the main servers every 300 seconds, making it impossible to track down the IP address of the terrorists. (IBLS also reported on Storm Worm menace in
[Reference 1]
[Reference 2]
[Reference 3]