A Gift from the Islamic Faithful Network – Mujahedeen Secrets 2 Program (بـرنـامـج // أســرار المجاهـديـن) was released this week. The download was easy to find and available on several sites. After a couple hour review (very tentative at that just installing this on one of my machines), I have come to the once again reinforced decision that the cyber jihad is ongoing and continuous. The first edition (مزايا الإصدار الأول) zipped up in a .rar file contained several encryption algorithms (5 including AES 256); 2048-bit encryption keys (RSA), ROM compression (with encryption considerations); encryption and encryption auto-detection; and file shredding capabilities.The second edition (مزايا جديدة ÙÙŠ الإصدار الثاني), which is also zipped up in a .rar file and was just released last week, contains automatic (instantaneous-instant) message/messaging encryption/authentication and file encryption, as well as code signing and checking (digital signature creation/checking) and file shredding. (The key to open the file is Asrar@_EkLaAs.TsG@[$^/!p@]z-2008). I initially thought the key was auto-generated until I took a closer look at the beginning (Asrar (secrets)) and the end for the date – 2008.)The actual contents of the file are to the right: What is very interesting about the suite of encryption tools is just that. The sophistication level has increased covering several encryption methods. The logo for the product is below. Of note is the map in the background that provides locations of their global network. Also of note is the weapon (M16 with a key as the barrel). What is interesting here is that the usual weapon of choice is the AK47, giving one pause as to the author of the suite. I was able to create keys, encrypt and decrypt files as well as utilize all the features of the toolset. The help screens were detailed, including indexing and search capabilities. What was also of interest was the fact that the tool was in English, although the download information as well as the help files were in Arabic. The key above was also in English. This toolset provides groups like Al-Qaw-eda methods to securely transmit and wipe their files. Not that they haven’t had such tools in the past, but a second edition toolset demonstrates a software development lifecycle with some level of sophistication and planning. We should not underestimate our enemies. Even though there may be a distinct footprint, take the encrypted file, use steganography that does not use least common bit or expand the size of the image or file and you can hide the package in plain site. What if malware is contained within the encrypted packaged with a significant payload waiting to be triggered by some other event? A comment from ‘alHambra’ on one of the download sites is as follows:Mujahedeen Secrets #2 (Encryption Program) has been released today, and i just took a short look at it, but it is really a vast improvement compared to the first version, and seems like a really nice encryption program now. here’s post and downloadinfo… ———————————If it is more in Arabic, does that change anything? Related content opinion The Sandbox - RSA Conference 2014 - San Francisco By Jeff Bardin Feb 24, 2014 3 mins Technology Industry IT Leadership opinion NY Times Story on Snowden Way Off the Mark Snowden story worthless - Basic IT protocols ignored - By Jeff Bardin Jul 05, 2013 2 mins Data and Information Security Network Security opinion Maskirovka – Tactical, Operational, Strategic Deception "The Op is in Motion" By Jeff Bardin Apr 29, 2013 4 mins Physical Security IT Leadership opinion Is this gun smoking? Certified Unethical Training http://attrition.org/errata/charlatan/ec-council/eccouncil_emails.html By Jeff Bardin Mar 15, 2013 14 mins Social Engineering IT Leadership Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe