The Global Islamic Media Front, a Jihadist propaganda arm for Alqeda, Somalia’s al-Shabaab and the Pakistani Taliban, has released an encryption program for Android and Symbian smartphones.
Originally named “Mobile Encryption Program” it is being advertised as being able to send encrypted SMS messages and files as a way for “fighters in the frontline” to securely communicate in between them. The program is using the Twofish algorithm in CBC (Cipher Block Chaining) mode, the program is based in public key encryption and digital fingerprints can be displayed to make sure that encryption keys have not been tampered with. Encrypted messages can be exchanged in Arabic and English using up to 400 characters, one of the settings allows you to enter SMTP and POP3 hostnames detailing port numbers to send encrypted files via SSL email, it will work with any SMTP email provider.
Ballkan Islamik Media Front video
Various terrorist groups, like Alqeda in Yemen, encourages its supporters to communicate with them using encryption programs produced by their propaganda arm.
Global Islamic Media Front programmers have avoided the AES algorithm, a US government standard, but it is highly unlikely that a couple of guys in the bedroom can defeat the best mathematicians the NSA can hire and billions of dollars of budget available to crack it. With all of the available open source encryption program this is totally uncalled for, they could have easily saved themselves the effort, unless of course the CIA wanted them to release this tool.
As soon as you spot that The Islamic Emirate of Afghanistan financial department is using a Gmail address and most terrorist related files are hosted in American servers, you can tell that everything is under control. However, the GIMF is highly skilled at creating amazing videos with beautiful background music and footage to recruit new members.
The Global Islamic Media Front official download site is down at the moment but you can read the announcement at the usual jihadist terrorist NSA monitored forums, like Ansar1, Ballkan-Islamic or Shumukh al-Islam forum.
Ansar1 announcement of Mobile Encryption Program (Jihadist forum gone)
bob
I am not quite getting what you wanted to tell in the fourth paragraph. Are You saying that they could have used an already available encryption tool thus avoiding unnecessary “spotlight”? And NSA can crack the twofish cypher?
I know twofish was candidate for the AES contest but was rejected and became free.
Ps.: I like your blog, by the way 🙂
hacker10
Hello,
The Twofish cipher is not the problem, but it has to be implemented correctly. Since the Mobile Encryption Program is exclusively used by Muslim terrorists, it would make sense to backdoor the whole thing, this can be easily done since many times these so called jihadist are stupid enough to store their security software in US servers, all that is needed is to swap it by one that has a backdoor.
There are other programs used by everyone, from bankers to Joe Doe, that have far higher scrutiny and are available for download from dozens of places. The more eyes on the program code, and the more download places are available, the more difficult it should be to compromise the program. There would also be huge legal implications if a widely used encryption program is busted by the NSA, it would not only affect Muslim terrorists, but everyone else as well.
When your opponent is a nation state able to force companies to introduce backdoors in the code for them, it is necessary to only use open source software.
See this link to find out about other programs that can encrypt data in Android: http://www.hacker10.com/tag/android-encryption/
hacker10
bob
Thank You for clarifying it!