Hacker OPSEC

STFU is the best policy.

Jihadist Fan Club CryptoCrap

Think of Mujahideen Secrets as a branded promotional tool, sort of like if Manchester United released a branded fan chat app.

Although there has been a lot of FUD written about the encrypted messaging systems developed and promoted by jihadis groups, very little has focused on the how they are actually used. I wrote some notes about this earlier but wanted to expand on the subject in more depth.

Web Warriors: Security Practices on Jihadi Web Forums

There are a number of internet web forums that are used by supporters of the various jihadi groups fighting in the middle east. These sites are primarily cheerleading and “in grouping” social networks, rather than opertational message boards.

An important point to understand about these online forums is that they are about group dynamics. They provide a mechanism for people to feel like they are part of the struggle with a graded scale of committment. They dont actually need to worry about getting their hands dirty or risking their lives (technically, they might be risking their lives and freedom).

The sites all attempt to educate their users on security best practices, for example the Islamic State (nee ISIS) web forum heavily promotes the use of TAILS, AQAP advocates for Tor usage in a 9 page guide. Despite this, few users actually bother with security precautions. Indeed, many continue to use Facebook and Skype as their primary communications channels with fellow online jihadists.

The encryption tools are branded software for self identifying jihadis to feel like they belong. Indeed, other than the media outlets who emphasise the use of the tools (branding and messaging), the actual jihadis have a hard time using the tools. Actual web jihadis complain of usability problems that prevent them from using the tools.

The media outlets for the different groups: IS, Nusra, AQ, all make sure that their followers know about their own branded encrypted messenger. Indeed, this is the primary clue to how these apps are actually used. They are branding tools that promote in-group sentiment. “I’m using the AQ encrypted messenger, so I am basically AQ”. These tools deliberately identify the user as a jihadi associate, not by accident or due to bad security practice, but rather as a deliberate part of their value proposition. “Use our encrypted messaging app and you will securely let the world know that you are with us!”

mujahideen secrets

All of the major apps are simply branded wrappers around industry standard libraries, ciphers, and protocols. There is nothing particularly Islamic or Jihadist about them except the branding. That is because the branding is actually the point. These are just social signals. Using AQAP’s messaging tool is the rough equivalent of wearing a sports jersey. It signals to others that there is group identity. (Of course, given the outlaw nature of these groups it seems like an extremely poor life decision)

These apps are not designed for actual clandestine operational use. They are for making a social statement. Signaling membership in a peer group. Despite this simple purpose for using the apps, there is still remarkably low uptake amongst the online jihadist set who still primarily rely on Facebook and Skype for comms.

So if almost no one is using the encryption apps, and those that do are using them to signal membership in a broader organisation, what are the real jihadis using operationally? Facebook.

Jihadi Operational Covert Communications:

There was a Facebook account “sniper outside the law” that was posting clear text, but coded, messages believed to be related to jihadi operations in Tunisia. The account has been taken down and the guy running it was arrested.

Here are some examples of what he was posting (taken from here):

1
Eagle 1 group please change route to k :?via trees !.ch
1
Refiling will be through the loaded mule same place of refiling thank you
1
2
3
(Yesterdays posts (before today's attack))
To all "units" please change direction towards .?k1 after 500m (meters?).
Info came from scout about invaluable avant-post
1
2
3
Expecting news in the coming days we promise heavy news(important),
For those fighting Islam? wake up before it is too late you traitors
and snitches you will regret your tyranny

Jihadi Encryption Is Overrated

The key take away is that the encrypted messaging apps from ISIS or AQAP are as operationaly relevant as an encrypted messaging app from Man U or Liverpool. It might be exciting for some hardcore fans who want to show their support, but the real players don’t touch the stuff.

Real jihadis use secure codes and couriers, not some Android toy My First Crypto Chat.

Must Read: An article by Kryt3ia (published minutes before me, the swine!)