A Gift from the Islamic Faithful Network – Mujahedeen Secrets 2 Program (بـرنـامـج // أســرار المجاهـديـن) was released this week. The download was easy to find and available on several sites. After a couple hour review (very tentative at that just installing this on one of my machines), I have 
come to the once again reinforced decision that the cyber jihad is ongoing and continuous.
come to the once again reinforced decision that the cyber jihad is ongoing and continuous. The first edition (مزايا الإصدار الأول) zipped up in a .rar file contained several encryption algorithms (5 including AES 256); 2048-bit encryption keys, ROM compression (with encryption considerations); encryption and encryption auto-detection; and file shredding capabilities.
The second edition (مزايا جديدة ÙÙŠ الإصدار الثاني), which is also zipped up in a .rar file and was just released last week, contains automatic (instantaneous-instant) message/messaging encryption/authentication and file encryption, as well as code signing and checking (digital signature creation/checking) and file shredding. (The key to open the file is Asrar@_EkLaAs.TsG@[$^/!p@]z-2008). I initially thought the key was auto-generated until I took a closer look at the beginning (Asrar (secrets)) and the end for the date – 2008.)
The actual contents of the file are to the right:
What is very interesting about the suite of encryption tools is just that. The sophistication level has increased covering several encryption methods. The logo for the product is below. Of note is the map in the background that provides locations of their global network. Also of note is the weapon (M16 with a key as the barrel). What is interesting here is that the usual weapon of choice is the AK47, giving one pause as to the author of the suite.
I was able to create keys, encrypt and decrypt files as well as utilize all the features of the toolset. The help screens were detailed, including indexing and search capabilities. What was also of interest was the fact that the tool was in English, although the download information as well as the help files were in Arabic. The key above was also in English.
This toolset provides groups like Al-Qaw-eda methods to securely transmit and wipe their files. Not that they haven’t had such tools in the past, but a second edition toolset demonstrates a software development lifecycle with some level of sophistication and planning. We should not underestimate our enemies. Even though there may be a distinct footprint, take the encrypted file, use steganography that does not use least common bit or expand the size of the image or file and you can hide the package in plain site. What if malware is contained within the encrypted packaged with a significant payload waiting to be triggered by some other event?
A comment from ‘alHambra’ on one of the download sites is as follows:
Mujahedeen Secrets #2 (Encryption Program) has been released today, and i just took a short look at it, but it is really a vast improvement compared to the first version, and seems like a really nice encryption program now. here's post and downloadinfo...
---------------------------------
If it is more in Arabic, does that change anything?
I don't know who is more retarded; the "terrorists," writing their own encryption software instead of just using one of the numerous Free alternatives available, or the people reporting on it as if it actually mattered.
And no, the NSA does not have backdoors built into those Free alternatives.
While I certainly dont want the government reading my emails, or any of my electronic communications, this is one time that I wish the NSA luck in creating backdoors to this program. It does beg the question why would the terrorist groups use this instead of commercially available, or open scource encryption tools ? has PgP been compromised by the "man" ... hmmmm. As the author stated I'd be a little leary of installing this program on my machine because you never know if it contains a virus, or other payload which could compromise your system, then again on the other hand I would like to be able to use the tools of the enemy against him. a famous saying .. it is wise to study the ways of ones enemy's .... they certainly study ours, perhaps its time for all hackers and security professionals to study them back....
Weird. Did anyone check the integrity of crypto in this program? Are the algos implemented okay?
Also, it does not make sense to design "Al-Quaeda TerrRRRrrroRRR software"(TM) with English menu. Target demographic would clearly prefer some other language ;)
Also, as one commenter a Scheier's ( http://www.schneier.com/blog/archives/2008/02/mujahideen_secr_1.html ) pointed out, this quote is SO TOTALLY HILLARIOUS: "Of note is the map in the background that provides locations of their global network."=))))ROTFLMAO
Hope the roll was a good one :-)
Why would one think that software for this intent is designed for one language? Do you believe that terrorists come in one package that requires Arabic as part of the entrance exam? Maybe the target demographic, is as designed.
Break out of the mold that this is just for one culture, one language.
What's the difference between using this tool or the many free, open sourced encryption tools out there, like GnuPG?
In a world where the NSA really had no backdoor to US created encryption tools there would be none. So do they know something we don't or is all this just a paranoid delusion and a propaganda tool?
That is a good question. Why would a group of this type use the M-16 as their weapon of choice in their splash page? I would tend to think that the tool is for real. Based upon the number of available locations at offshore web hosting facilities published in Arabic requiring userid/password access (you must register of course) and other characteristics within the tool, I would believe this to be both real and a propaganda tool.
http://www2.csoonline.com/blog_view.html?CID=33517
A reason to be skeptical of the details of that article:
"He said the new tool is easy to use and provides 2048-bit encryption, an improvement over the 256-bit AES encryption supported in the original version."
This looks like nothing more than PGP (aka GnuPG) with a new interface. That doesn't mean it's not legitimate. PGP is quite legitimate. It's just old news. On the other hand, the English language screens but Arabic help files, the M-16 instead of an AK-47 on the splash screen and the name that screams "I'm a terrorist! Really!" have got to make you wonder.
> "He said the new tool is easy to use and provides 2048-bit encryption, an improvement over the 256-bit AES encryption supported in the original version."
And that statement is coming from Paul Henry, a "security-expert" that is a vice president at Secure Computing - makers of things like IronMail. I personally think this is typical of the experts out there who don't have a formal education in Computer Science and Mathematics (Mr. Henry doesn't have a college degree at all!). In my undergrad education in CS, we covered Number Theory and Discrete Mathematics, in which ciphers were covered at length. In my MS in CS classes, you had to know Discrete Math and Number Theory as a prereq for the study of encryption.
Secure Computing is laughable for keeping this blowhard on the payroll. I'm going to steer away from Secure Computing, lest Mr. Henry's "expertise" be incorporated into their products.