I had commented before on a new al-Qaeda encryption tool but now security researchers have had more time to analyze the piece, they have troublesome news.
The updated encryption tool improves on a first version, is well-written, and is an easily portable piece of code.
The messages that are encrypted using the tool, Mujahideen Secrets 2, should be relatively easy to spot and track, according to Paul Henry, vice president of technology evangelism at Secure Computing Corporation.
I disagree that this should be handled by law enforcement, though most counter-terrorism is, but it is better than no tracing at all.
The files can be identified because it puts a unique fingerprint on them. "You may not be able to read the messages, but you will be able to figure out where it was sent from and to whom," Henry stated.
Mujahideen Secrets 2 was released last month via an Arabic-language Web site set up by an Islamic forum called al-Ekhlaas. The two servers it was available on, from a Web hosting firm in Tampa, Fla., and previously on a system owned by another company in Rochester, Minnesota, both have ceased working.
The al-Ekhlaas site had been moved to a server based in Phoenix but the link to the site on that server also is broken.
Mujahideen Secrets 2 is sophisticated software, from an encryption perspective, in that the new tool is easy to use and provides 2,048-bit encryption, an improvement over the 256-bit AES encryption supported in the original version. Moreover, even more interesting is the ability to encrypt Yahoo and MSN chat messages in addition to e-mails.
Not surprisingly, I have noted my dismay with the ability to house terrorist sites, and use sites, all based in the U.S.
The tool also employs a more obscure manner of communication. The tool can take a binary file and encrypt it in such a way that the file can be posted in a pure ASCII or text-only format. What this means is that terrorists could use Mujahideen Secrets 2 to encrypt files and post them on sites that aren't on the Internet, for example, on a telephone-accessed bulletin board.
The portability of the tool is also impressive. The software can be loaded on a USB memory stick, then a person could employ an Internet cafe, plug in the USB device and run Mujahideen Secrets 2 to encrypt any communications from that cafe.
This would make it virtually impossible to track such an individual because the communication can be done so covertly and quickly.
The ease of use is improved in the new version, it has an improved GUI (Graphical User Interface) and the software appears to be easy to use by relatively low-level operators according to Henry. The tool and transmission of information allows relative novices to easily and surreptitiously access encrypted messages.