A Gift from the Islamic Faithful Network - Mujahedeen Secrets 2 Program

by Jeff Bardin, The Brave New World of InfoSec

Sun, 2008-02-03 02:40

A Gift from the Islamic Faithful Network – Mujahedeen Secrets 2 Program (Ø¨Ù€Ø±Ù†Ù€Ø§Ù…Ù€Ø¬ // Ø£Ø³Ù€Ù€Ø±Ø§Ø± Ø§Ù„Ù…Ø¬Ø§Ù‡Ù€Ø¯ÙŠÙ€Ù†) was released this week. The download was easy to find and available on several sites. After a couple hour review (very tentative at that just installing this on one of my machines), I have

come to the once again reinforced decision that the cyber jihad is ongoing and continuous.

The first edition (Ù…Ø²Ø§ÙŠØ§ Ø§Ù„Ø¥ØµØ¯Ø§Ø± Ø§Ù„Ø£ÙˆÙ„) zipped up in a .rar file contained several encryption algorithms (5 including AES 256); 2048-bit encryption keys, ROM compression (with encryption considerations); encryption and encryption auto-detection; and file shredding capabilities.

The second edition (Ù…Ø²Ø§ÙŠØ§ Ø¬Ø¯ÙŠØ¯Ø© ÙÙŠ Ø§Ù„Ø¥ØµØ¯Ø§Ø± Ø§Ù„Ø«Ø§Ù†ÙŠ), which is also zipped up in a .rar file and was just released last week, contains automatic (instantaneous-instant) message/messaging encryption/authentication and file encryption, as well as code signing and checking (digital signature creation/checking) and file shredding. (The key to open the file is Asrar@_EkLaAs.TsG@[$^/!p@]z-2008). I initially thought the key was auto-generated until I took a closer look at the beginning (Asrar (secrets)) and the end for the date – 2008.)

The actual contents of the file are to the right:

What is very interesting about the suite of encryption tools is just that. The sophistication level has increased covering several encryption methods. The logo for the product is below. Of note is the map in the background that provides locations of their global network. Also of note is the weapon (M16 with a key as the barrel). What is interesting here is that the usual weapon of choice is the AK47, giving one pause as to the author of the suite.

I was able to create keys, encrypt and decrypt files as well as utilize all the features of the toolset. The help screens were detailed, including indexing and search capabilities. What was also of interest was the fact that the tool was in English, although the download information as well as the help files were in Arabic. The key above was also in English.

This toolset provides groups like Al-Qaw-eda methods to securely transmit and wipe their files. Not that they haven’t had such tools in the past, but a second edition toolset demonstrates a software development lifecycle with some level of sophistication and planning. We should not underestimate our enemies. Even though there may be a distinct footprint, take the encrypted file, use steganography that does not use least common bit or expand the size of the image or file and you can hide the package in plain site. What if malware is contained within the encrypted packaged with a significant payload waiting to be triggered by some other event?

A comment from ‘alHambra’ on one of the download sites is as follows:

Mujahedeen Secrets #2 (Encryption Program) has been released today, and i just took a short look at it, but it is really a vast improvement compared to the first version, and seems like a really nice encryption program now. here's post and downloadinfo...

---------------------------------

If it is more in Arabic, does that change anything?