Comments for New al Qaeda Encryption Tool

Comment from Blue3 on 2013-02-16

2013-02-16T21:40:42Z

Plus public key encryption works well for messengers.

Comment from Blue3 on 2013-02-16

2013-02-16T21:34:03Z

BlueRaja: From what I know (correct me if I'm wrong), key size is critical with RSA. Large enough/diverse enough key is fine (decryption time is obviously increased). RSA is quicker and, if used correctly, would work well for their needs.

Comment from BlueRaja on 2013-02-15

2013-02-15T22:50:44Z

Didn't the NSA basically admit they had some breakthrough for cracking RSA? Why not use AES?

Comment from Nick P on 2013-02-14

2013-02-14T19:34:05Z

@ AC2

"Which would be the key for the US to start a bigger data centre in Utah and expand their limited SIGINT capability?

I can see it now.... "Obama legal team and massive new data centre in Utah break AQ encryption and save the day...""

AC2 could get a job in the White House's strategy department. ;)

Comment from Peter Smith on 2013-02-14

2013-02-14T15:19:46Z

All are sharing the same private key ?
Never laughed so loud reading an article.

Comment from AC2 on 2013-02-14

2013-02-14T10:01:21Z

Don't you see it is the key to AQ's resurgence?

Which would be the key for the US to start a bigger data centre in Utah and expand their limited SIGINT capability?

I can see it now.... "Obama legal team and massive new data centre in Utah break AQ encryption and save the day..."

Comment from silly sanderson on 2013-02-14

2013-02-14T07:29:02Z

stepj, Jan: I thought the Mujahideen program was a key-generator, not a specific key? If it's just one private key, why call it asymmetric?

mishehu: I bet they even use Al Jabr in their Al Gorizms and then drink some Al Cohl.

Btw, I love their poll!

"As 'Arab Spring' has turned into Arab darkness, allowing Al Qaeda to entrench in failed Muslim states, do you believe the jihadi network has more potential today than before 9/11?"

Like asking "have you stopped beating your wife"?

Comment from silly sanderson on 2013-02-14

2013-02-14T06:27:56Z

"a new encryption capability would almost certainly complicate counterterrorism and intelligence missions"

No. Understanding the "old" encryption capabilities well, and using them correctly, would complicate things. If all terrorists were using a new encryption method, that would simply mark them as terrorists.

Comment from pfogg on 2013-02-13

2013-02-14T00:21:16Z

@RSaunders "Right. Do we think they are all Richard Reid stupid?"

This could be a long-term strategy for populating watch lists (or be used as one if the "Asrar Al Dardashah" plugin wasn't intended as bait by the author). It's possible for people to be naive wannabes now, get serious later, and draw official attention to whatever groups they join.

Comment from Jan on 2013-02-13

2013-02-13T22:53:20Z

"import the Asrar Al Mujahideen private key into the Asrar Al Dardashah plugin", emphasis mine. Given that they explicitly mention the public key afterwards that is supposed to be derived from it, it also doesn't look like a simple case of bad reporting.

I suspect that either they are really dumb, or it's a trap for dumb terrorists.

Comment from phred14 on 2013-02-13

2013-02-13T19:50:44Z

@mishehu, @vinzent,

Isn't it obvious that the Israeli added a backdoor to the RSA algorithm? AQ communications would much more secure if some loyal AQ member read a book or two on cryptography and a book or two on programming, and secured the code for AQ use.

Isn't that about the same as saying in the headlines, "Hey AQ, we can't possibly read your communications if you encrypt them with this plugin! (Pay no attention to the MITM behind the curtain.)"

Comment from RSaunders on 2013-02-13

2013-02-13T18:41:21Z

That's right, all you terrorists out there, Osama Bin Laden was tracked down through his dependence on old-school OPSEC and a small trusted circle of cutouts. What you want to do instead is rely on unbreakable encryption that uses math you don't understand. Put everything in the cloud, encrypted, because nobody who's hunting you is really serious about monitoring cyberspace or cracking the flimsy system built around all that hard math. All those computers in Utah use the electricity to find cutouts and dead-drops.

Right. Do we think they are all Richard Reid stupid?

Comment from Vinzent on 2013-02-13

2013-02-13T17:02:38Z

@mishehu

Hatred towards Soviet invaders didn't stop the Mujahideen from using Kalashnikovs.

Comment from Also on 2013-02-13

2013-02-13T17:01:55Z

using a so called encrypted chat prog posted to watched terrorist forums is the same as downloading a "triple hop privacy VPN" from a watched carding forum. Hello feds.

if I remember correctly no AQ (does AQ even exist anymore?) agent is using encryption. OBL sure didnt, same with the hijackers and their email dropbox scheme. Catching these guys must be the easiest job in the world compared to secret service agents who have to go after skilled euro hackers

Comment from mishehu on 2013-02-13

2013-02-13T16:36:57Z

Isn't the "S" in RSA for Adi Shamir, one of the co-inventors of the RSA encryption scheme? I always find it amusing in a way that those who so espouse hatred towards a given people have no problem using technology created by said people.

Comment from Alan on 2013-02-13

2013-02-13T15:56:15Z

>"it uses the technical algorithm RSA for asymmetric encryption, which is based [on] a pair of interrelated keys: a public key allocated for encrypting and a private key used for decrypting"

It does asymmetric (public key-private key) encryption on every bit of data that passes through the channel? If that's the method they chose, they probably made some mistakes along the way...

Comment from stepj on 2013-02-13

2013-02-13T15:55:26Z

Is it just me, or are they all using the same private key?

Comment from jdbertron on 2013-02-13

2013-02-13T15:47:18Z

I like the fact this comes shortly after the TLS MiM attack post.

Comment from h4x on 2013-02-13

2013-02-13T14:45:50Z

looks like a NSA made tool that is just backdoored otr. lol why would these guys install something called 'terrorist chat tool' instead of using open source otr.

Comment from Atavia Jones on 2013-02-13

2013-02-13T13:07:45Z

If members of a group all use a certain application unique to their group... then that application helps them be located and fingerprinted regardless of who makes it or how strong it is for protection.

Comment from Danny Moules on 2013-02-13

2013-02-13T12:52:11Z

"The use of encryption software in something as loosely organized as the Al Qaeda and general jihadi networks would only benefit them substantially if they could clean out all the infiltrators, informants and guarantee that everyone was on the same page and used it properly," said Smith. "That's an order they most likely will never be able to fill."

Quite. Technological 'solution' which doesn't address the human element. The guy from the uh... CSISTTP... thingy... needs a good slap and a new line of work.

Comment from Oz Ozzie on 2013-02-13

2013-02-13T12:45:20Z

made by the NSA?

Comment from bobD on 2013-02-13

2013-02-13T12:37:56Z

why you think otr is a new tool ? pidgin support all languages for a long time

Comment from MK on 2013-02-13

2013-02-13T12:33:18Z

looks like a customised pidgin-otr ...