Post Hoc Ergo Propter Hoc Poop: Recorded Future and the Jihadi FUD-O-Sphere
Jihadi Crypto
Recently Recorded Future caused a stir in the media over what they gathered through OSINT on Jihadi crypto since the Snowden revelations. This report nearly made me have an aneurysm from it’s simplistic approach to the problem and it’s deep lack of knowledge on the subjects of crypto and jihadism.This report though made the rounds and ended up on places like NPR (which RF cited on their report LA DE DA) adding cache to it all.
The realities though are that RF has in fact only seen one small slice of a larger issue concerning crypto, propaganda, jihad, and the GWOT in general and it makes me mental when I see shit like this. So this post is to set some things straight and I will be furthering this out with a guest appearance on The Loopcast to discuss all of this in a longer forum. For now though, let me splain some things.
Jihadi Crypto AFTER Snowden
Before Snowden the crypto choices for the jihadi’s online pretty much broke down to a couple choices. The Mujahideen Secrets, a couple other crappy ones, and PGP. I will tell you now that the Mujahideen Secrets was the “gold” standard for these guys and it was the suck to start. So really, pre Snowden there were more limited options sure, but the reality is that Mujahideen Secrets was only really used for low level talk between guys on jihobbyist boards and for emailing the brothers at Inspire their derpy ass questions about jihad.
The cryptography was standard in Mujahideen Secrets and the programming of the application itself was so so. I have looked at this before and didn’t think much of it back then. Today I think even less of the whole prospect of the great cryptojihad being an actual “thing” at all. Now though, since Snowden sure, there are more options out there and some may actually be well programmed and using cryptography that is solid. However, that does not mean that the real players are using them post Snowden. Nor does it mean that the players who ARE using the crypto are a serious threat at all to begin with.
Crypto is a Red Herring
Cryptography is only as good as it’s user in many cases. In the case of the jihadi’s out there on the net they are mostly luddites when it comes to tech. Tell me RF, who do you have on your list of great Jihadi hackers today? No, really, who do you have on that list? Don’t throw TH3PR0 at me either because he is not a Muslim extremist as far as I have seen in his traffic. So who do you see as the great threat technically today? If a lot of these guys were adept at tech then most certainly their shitty site’s wouldn’t be getting PWN3D all the time right?
So there is that. Now look at the user base of the jihad. If you are not in country then you are elsewhere and on the Shamikh site spouting shit and throwing as much puffery as possible out there to look good for all the girls right? On the whole, after watching these guys I have to say that the majority aren’t the swiftest boats in the river nor the sharpest blades in the drawer if you catch my drift. So how many of these guys you figure are gonna be able to handle a two key system effectively and not fuck up the key exchange right off the bat?
*Let me give you a hint.. I have seen these idiots place their PRIVATE keys on the Shamikh site**
These guys are like any other users in the base of common people who have trouble comprehending how crypto works never mind how to send a PUBLIC key to the person they want to talk to! So I say to you all here and now, the issue of crypto with these guys on the net is a complete red herring and just a means to an end for RF to get clicks and revenue.
SIGINT/HUMINT/TRADECRAFT
So let’s get past all the crap about “ZOMG SNOWDEN GAVE THE JIHADI’S INTEL!!” and speak about the realities. Sure, the jiahdi’s saw what was being dropped and they learned from it. They immediately went out to create a new means to have encrypted traffic sure. However, ask yourselves how many of these guys using this stuff are really hard core AQ/ISIS/ISIL/AQAP etc guys? The truth of the matter is that the core AQ types are not even using the net because of fears that anything they do will be compromised.
A for instance is this; Post 9/11 UBL started using a sneakernet approach with REAL TRADECRAFT to carry his messages to his commanders. They carried messages by hand and if they used the net they did so sparingly for key comms. They did this because they knew that the net was PWN3D (more assumed) and they already knew communications like SATPHONE was already tagged. After all UBL’s SATPHONE had already been compromised and he found out after an attack.
My point here is that OPSEC and TRADECRAFT are important. If you have good crypto but you fail at OPSEC and TRADECRAFT then you lose. An example of this is that the Inspire accounts that they published in their so called magazine were Gmail and Hotmail accounts. That’s right kids, the jihadi’s were emailing their super secret questions and other things right to the NSA!
…But you think.. THEY USED CRYPTO! HA HA!
No, you see they have the account.. Then when YOU email them they have YOUR account too. See where I am going? Relational databases and bad OPSEC puts the jihadi on the list for flights to GITMO. On average these guys were not carrying out proficient OPSEC tactics and thus were likely to give up their private information along with the accounts and thus you have a black van or a drone showing up in the current GWOT. Crypto is not the answer nor is it the rubric to hang your hat on as to how a leak has compromised operations for the US.
Recorded Future has just taken a slice of the problem and blown it out of proportion for attention and that is a disservice. So please mass media ask some more questions on this. Don’t run with the Snowman OMG story because that is bogus. I know you won’t listen to me but hey a man’s gotta try right? The rest of you out there who read this blog likely already understand this and I am preaching to the choir.
I will look at the varying crypto programs soon and critique them as well as use the data to track some of these idiots just to show the MSM how easy it can be to track them. I have done it before and man sometimes these guys just make it too easy. Like that Jihadi who thought he was l337 by putting up YOUTUBE’s of himself hacking… With his own IP…
SUPER DERP.. But now he has CRYPTO post SNOWDEN OMG!
K.
PS.. Look for the Loopcast podcast on all this coming soon.
Krypt3ia 
Regardless of how the hajjis operate, we can all agree they’re not what western media crack them up to be. They are almost exclusively extremists who are willing to kill or sabotage to /terrorize/. Those who’ve almost exclusively attended Koran school couldn’t fix a moped with a flat tire. Their commanders have no particular illusions that they can win the war by blowing up fat tourists at a nightclub – they are only recruiting more food for powder. The theaters that have their intention are not in Europe or the U.S. I don’t give two flying fecks about any extremists or their ability to encrypt – when it’s important they run mules with their messages, and there are many other ways to transport data besides the internet and similar tech wonders. Snailmail w. stego… SD cards hidden in dark, smelly, truly terrible places.
This article is good, but the real problem is the recruitment continues to be very effective, despite frozen assets, the ‘NON ENEMY COMBATANTS’ clause &c., and the attention of all the MI services – it works because the media continue to dump fear into populations who are just as damned clueless as any would-be extremist. That was always the problem, that is why it is called terror ( but it isn’t scary at all ), and let me reiterate: they are recruiting. Let the media STFU, send their bosses to X-Ray as well, and let the MI services kill the terrorist commanders in peace. It’s a long established fact that those who rally to such causes have a need to change the world ( by exploding themselves or similar acts of pieous devotion ). They may just as well found orphanages, or start green energy windmill farms. KILL THE COMMANDERS. KEEP KILLING THEM. REPEAT.
Most of your articles are very worthwhile reading, but why are you infiltrating a group of lemmings at the lowest tier? Please write about hajji commanders, how the media need to be muzzled for great justice, and drop coordinates for those wonderful drone pilots we’ve come to rely on for our moral and physical well-being. That is not sarcasm, I mean it. Lambda indeed, lambda FTW.
KBO,
n0rse
n0rse
2014/08/12 at 13:50
Norse,
They do cross pollinate and who say’s I am not? Perhaps it’s a situation of “the first rule of fight club” The fact of the matter is that the lemmings also can activate as well as the hard core guys who are in fact in country. There is a stratification but they can interact. I would also point you here: http://nypost.com/2014/07/30/american-born-jihadist-threatened-us-in-video/ and here: http://www.ibtimes.com/isis-arrest-jfk-north-carolina-man-alleged-islamic-state-weapons-trafficker-held-without-1654956 the latter was on my radar back in 2012.
Krypt3ia
2014/08/12 at 14:05
That was not my point. ‘pl4nt s33dz’s, I got that – but the miserable fools at the lowest tier are already scoped and ready to be bagged and tagged by MI services. I cannot imagine their role as anything except cannonfodder or bait. The commanders, or anyone higher up than a group using a more or less public forum to discuss the evils of the West are far more resourceful and should be targeted by anyone ( but not th3j3st3r, he just makes them reconfigure – his time would be better spent DDOSing CNN ). You’re telling the dumbest pieces of shit online ( think Anonymous, equally righteous, but murderous ) how to avoid intelligence being gathered, Don’t teach lemmings how to avoid jail.
n0rse
2014/08/12 at 14:31
Verily, I have known it since the sheikh got popped. You were the one who told them the who-where! 😉
n0rse
2014/08/12 at 14:36