Threat Management, Incident Response, TDR

U.S.-based site offers new encryption software for al Qaeda


An al Qaeda-linked website, apparently based in the United States, is distributing formidable encryption software – a sign that the group could be improving other technological capabilities, researchers have warned.

Although extremist groups largely use outdated software to communicate via the web, a website is disseminating "Mujahideen Secrets 2," a mainstream encryption program, according to researchers at Secure Computing, an enterprise security vendor.

Paul Henry, vice president of technology evangelism at Secure Computing, told today that the most alarming aspect of the website is that it is hosted in the United States.

“[The website] went forward to note that the new version improved upon a weak key issue and also offered a higher level of encryption,” he said. “What really shook me on this was when we did a simple WHOIS [domain name] search, it showed up as a Tampa Bay server.”

Henry said he and his colleagues notified the FBI after he found a link to the website posted to a research newsgroup page.

Henry said that he is “not trying to make this into a FUD (fear, uncertainty and doubt) issue,” but cautioned that security professionals and the federal government should keep an eye on al Qaeda's technological growth.

“If they're upgrading their encryption, they're probably upgrading their technology in other areas,” he said.

Israeli military and intelligence website DEBKAfile had warned in October that al Qaeda's cyber-brigades
were threatening to launch an “electronic jihad” against Western financial websites.

The cyberjihad turned out to be a dud, as
numerous security experts had predicted.

The federal government
issued a warning in November 2006 that al Qaeda could attack financial websites.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.