Archive for August 9th, 2014
Recently Recorded Future caused a stir in the media over what they gathered through OSINT on Jihadi crypto since the Snowden revelations. This report nearly made me have an aneurysm from it’s simplistic approach to the problem and it’s deep lack of knowledge on the subjects of crypto and jihadism.This report though made the rounds and ended up on places like NPR (which RF cited on their report LA DE DA) adding cache to it all.
The realities though are that RF has in fact only seen one small slice of a larger issue concerning crypto, propaganda, jihad, and the GWOT in general and it makes me mental when I see shit like this. So this post is to set some things straight and I will be furthering this out with a guest appearance on The Loopcast to discuss all of this in a longer forum. For now though, let me splain some things.
Jihadi Crypto AFTER Snowden
Before Snowden the crypto choices for the jihadi’s online pretty much broke down to a couple choices. The Mujahideen Secrets, a couple other crappy ones, and PGP. I will tell you now that the Mujahideen Secrets was the “gold” standard for these guys and it was the suck to start. So really, pre Snowden there were more limited options sure, but the reality is that Mujahideen Secrets was only really used for low level talk between guys on jihobbyist boards and for emailing the brothers at Inspire their derpy ass questions about jihad.
The cryptography was standard in Mujahideen Secrets and the programming of the application itself was so so. I have looked at this before and didn’t think much of it back then. Today I think even less of the whole prospect of the great cryptojihad being an actual “thing” at all. Now though, since Snowden sure, there are more options out there and some may actually be well programmed and using cryptography that is solid. However, that does not mean that the real players are using them post Snowden. Nor does it mean that the players who ARE using the crypto are a serious threat at all to begin with.
Crypto is a Red Herring
Cryptography is only as good as it’s user in many cases. In the case of the jihadi’s out there on the net they are mostly luddites when it comes to tech. Tell me RF, who do you have on your list of great Jihadi hackers today? No, really, who do you have on that list? Don’t throw TH3PR0 at me either because he is not a Muslim extremist as far as I have seen in his traffic. So who do you see as the great threat technically today? If a lot of these guys were adept at tech then most certainly their shitty site’s wouldn’t be getting PWN3D all the time right?
So there is that. Now look at the user base of the jihad. If you are not in country then you are elsewhere and on the Shamikh site spouting shit and throwing as much puffery as possible out there to look good for all the girls right? On the whole, after watching these guys I have to say that the majority aren’t the swiftest boats in the river nor the sharpest blades in the drawer if you catch my drift. So how many of these guys you figure are gonna be able to handle a two key system effectively and not fuck up the key exchange right off the bat?
*Let me give you a hint.. I have seen these idiots place their PRIVATE keys on the Shamikh site**
These guys are like any other users in the base of common people who have trouble comprehending how crypto works never mind how to send a PUBLIC key to the person they want to talk to! So I say to you all here and now, the issue of crypto with these guys on the net is a complete red herring and just a means to an end for RF to get clicks and revenue.
So let’s get past all the crap about “ZOMG SNOWDEN GAVE THE JIHADI’S INTEL!!” and speak about the realities. Sure, the jiahdi’s saw what was being dropped and they learned from it. They immediately went out to create a new means to have encrypted traffic sure. However, ask yourselves how many of these guys using this stuff are really hard core AQ/ISIS/ISIL/AQAP etc guys? The truth of the matter is that the core AQ types are not even using the net because of fears that anything they do will be compromised.
A for instance is this; Post 9/11 UBL started using a sneakernet approach with REAL TRADECRAFT to carry his messages to his commanders. They carried messages by hand and if they used the net they did so sparingly for key comms. They did this because they knew that the net was PWN3D (more assumed) and they already knew communications like SATPHONE was already tagged. After all UBL’s SATPHONE had already been compromised and he found out after an attack.
My point here is that OPSEC and TRADECRAFT are important. If you have good crypto but you fail at OPSEC and TRADECRAFT then you lose. An example of this is that the Inspire accounts that they published in their so called magazine were Gmail and Hotmail accounts. That’s right kids, the jihadi’s were emailing their super secret questions and other things right to the NSA!
…But you think.. THEY USED CRYPTO! HA HA!
No, you see they have the account.. Then when YOU email them they have YOUR account too. See where I am going? Relational databases and bad OPSEC puts the jihadi on the list for flights to GITMO. On average these guys were not carrying out proficient OPSEC tactics and thus were likely to give up their private information along with the accounts and thus you have a black van or a drone showing up in the current GWOT. Crypto is not the answer nor is it the rubric to hang your hat on as to how a leak has compromised operations for the US.
Recorded Future has just taken a slice of the problem and blown it out of proportion for attention and that is a disservice. So please mass media ask some more questions on this. Don’t run with the Snowman OMG story because that is bogus. I know you won’t listen to me but hey a man’s gotta try right? The rest of you out there who read this blog likely already understand this and I am preaching to the choir.
I will look at the varying crypto programs soon and critique them as well as use the data to track some of these idiots just to show the MSM how easy it can be to track them. I have done it before and man sometimes these guys just make it too easy. Like that Jihadi who thought he was l337 by putting up YOUTUBE’s of himself hacking… With his own IP…
SUPER DERP.. But now he has CRYPTO post SNOWDEN OMG!
PS.. Look for the Loopcast podcast on all this coming soon.