Table of Contents
- Introduction
- January 2007: GIMF Announces Release of New "Mujahideen Secrets" Software
- January 2008: Al-Ekhlas Announces Release of "Mujahideen Secrets 2" Software
- January 2009: GIMF Forum Posts Video Guide to Online Security
- September 2009: TRSC Releases "Mobile Secret" for Encryption on Cell Phones and PDAs
- October 2009: AQAP Leader and Former Osama bin Laden Secretary Nasir Al-Wuheishi Discusses Email Encryption
- September 2010: New Online Jihadi Group to Crowdsource Technical Expertise for Mujahideen – Including Disseminating "Mujahideen Secrets" Encryption Software
- 2010-2011: Anwar Al-Awlaki Provides Encryption Tools to His Followers
- AQAP, Al-Awlaki Provide Encryption Information For Followers in the West, Allowing Easy Communication
- Summer 2010: Inspire Magazine Issue I Includes Article Titled "How To Use Asrar Al-Mujahiden: Sending and Receiving Encrypted Messages"
- Fall 2010: Inspire Magazine Issue II Includes Article Titled "ASRAR AL-MUJAHIDEEN Terr0r1st Extras 2.0"
- March 2011: Inspire Magazine Issue V Invites Readers To "Send Your Questions to Sheikh Al-Awlaki" – via Encrypted Email Messages
- Testing Inspire's Encryption Code to Contact Al-Awlaki
- Conclusion
- Appendix I: Inspire Magazine Issue I Provides Six Steps to Encrypt Files for Communication Purposes
- Appendix II: Inspire Magazine Issue II Provides Three More Steps to Protect Files Including File Shredding and Warns to be Careful of Intelligence Services
Introduction
In January 2007, Al-Qaeda began to use encryption tools for its online activities, particularly for communications efforts, often utilizing security software based on military grade technology. The goal was to hide messages and to protect data transferred via networks, the Internet, mobile phones, ecommerce, Bluetooth, and the like. This development was in direct response to various security breaches of its websites over the past years by Western government agencies.
The issue of encryption by Al-Qaeda made news most recently following the killing of Osama bin Laden. U.S. intelligence sources reported that much of the material seized at bin Laden's compound was encrypted and stored electronically on computers, laptops, hard drives, and storage devices.[1]
This report traces the development of Al-Qaeda's encryption development efforts – from basic software first used by a few high ranking members to mass online distribution available to major Al-Qaeda-affiliated websites and chat rooms.
January 2007: GIMF Announces Release of New "Mujahideen Secrets" Software
On January 1, 2007 the Global Islamic Media Front (GIMF) announced the imminent release of new computer software called "Mujahideen Secrets."[2] The promotional material for the software stated that it was "the first Islamic computer program for secure exchange [of information] on the Internet," and noted that it provided users with "the five best encryption algorithms, and with symmetrical encryption keys (256 bit), asymmetrical encryption keys (2048 bit) and data compression [tools]."
January 2008: Al-Ekhlas Announces Release of "Mujahideen Secrets 2" Software
On January 13, 2008, the Islamist forum Al-Ekhlas announced the release of the next upgraded version of the "Mujahideen Secrets" software.[3] A press release issued with the software stated, "…It represents the highest level of technical multicast encryption…" and that "…this special edition of the software was developed and issued by Ekhlas in order to support the mujahideen in general and the Islamic State in Iraq in particular."
January 2009: GIMF Forum Posts Video Guide to Online Security
On January 6, 2009, the Islamist forum Al-Falluja posted a video guide for online security.[4] The guide, produced by GIMF, included instructions on downloading and using encryption software to enhance online security.
September 2009: TRSC Releases "Mobile Secret" for Encryption on Cell Phones and PDAs
On August 28, 2009 the Technical Research and Study Center (TRSC)[5] was established. According to their initial statement, posted on the jihadi forum Hanein.info on September 21, 2009, it will "specialize in researching technical matters in the fields of information, communication and electronics." The statement detailed the goals behind the center are to support Islamic media and improving its performance in uniting the efforts and encouraging those who possess the knowledge and expertise to support the struggle of their Ummah.
The "Mobile Secret" software was created to allow encryption data to be used on mobile devices, including most cell phones and PDAs. Following its announcement, it was posted for download on many jihadi forums.
October 2009: AQAP Leader and Former Osama bin Laden Secretary Nasir Al-Wuheishi Discusses Email Encryption
The October 2009 issue of Al-Qaeda in the Arabian Peninsula's (AQAP's) Sada Al-Malahim magazine included information for jihadists seeking to expand their intelligence database through crowdsourcing – outsourcing tasks to an undefined group of people through an open call – as well as an appeal to readers to send in information they had collected on political, military, and security officials and on Western military targets.
The magazine included an essay by Nasir Al-Wuheishi, the Yemeni-born Emir of AQAP and former personal secretary to Osama bin Laden, which discussed Al-Qaeda's use of encryption software and outreach efforts. He wrote: "For our part, we will make contact with anyone who wants to wage jihad with us, and we will guide him to a suitable means to kill the collaborators and the archons of unbelief – even in his bedroom or workplace. Anyone who wants to give support to [AQAP's] operational side and to give tithes [to the organization] can contact us through a special email [set up] for this purpose, using the 'Mujahideen Secrets' software and employing the proper security measures…"[6]
September 2010: New Online Jihadi Group to Crowdsource Technical Expertise for Mujahideen – Including Disseminating "Mujahideen Secrets" Encryption Software
In September 2010, a newly formed organization called Markaz Shura Al-Fikr Al-Islami proposed crowdsourcing suggestions and advice from Muslims around the world on behalf of the mujahideen.[7] According to the organization's founding communiqué, there are Muslim experts in various fields whose suggestions may be of great value to the mujahideen, but who have so far been unable to contact them. The new organization was established to bring their insights to the jihadi organizations.
The communiqué, dated September 16, 2010, was posted on the Shumukh Al-Islam forum. The organization urged forum members to repost its communiqué to other jihadist and Islamic forums in order to reach a wider audience, and promised to examine and evaluate all the proposals and ideas and to forward them to the jihad leaders. It called on every Muslim to become "one of Allah's soldiers in the domain of media jihad."
The organization also explained in the communiqué that it has no regular email address, and asks that all proposals be sent by private messenger to its account on Shumukh Al-Islam, using the "Mujahideen Secrets" encryption program.
2010-2011: Anwar Al-Awlaki Provides Encryption Tools To His Followers
Until November 9, 2009, Yemeni-American jihadist cleric Anwar Al-Awlaki's followers communicated with him via a section on his website; followers such as Fort Hood shooter Nidal Hassan could post messages and responses. However, after this was shut down, following the Fort Hood shooting, Al-Awlaki reportedly began using encryption software for secure communication with his followers.
A WikiLeaks document released in March 2011 stated that U.S. officials had collected data indicating that "tens of thousands" of different email account holders had been in contact with Al-Awlaki, and that 23 individuals in Australia had been named for possible air travel restrictions because of ties to Al-Awlaki.[8]
That same month, one of Al-Awlaki's disciples, Rajib Karim, an IT expert for British Airways, was convicted of, among other things, plotting to blow up an aircraft. During Karim's trial, it was revealed that Al-Awlaki asked him if "it is possible to get a package or person with a package on board a flight heading to the U.S."[9] It was also reported Al-Awlaki asked about getting cabin crew jobs.[10]
By cracking encrypted messages, described by authorities as "sophisticated" and taking nine months to decrypt, evidence was released during the trial that revealed that Karim had been in direct contact with Al-Awlaki. Unnamed U.S. intelligence officials discussing Al-Awlaki and AQAP's use of "highly sophisticated encryption software" were quoted in an April 16, 2011 Associated Press report as saying that these messages were encrypted using custom software written in the Gulf region by "cyber jihadists" or "virtual Al-Qaeda." The software is similar to, but more sophisticated than, the off-the-shelf program used by Faisal Shahzad to disguise his emails in preparation for his May 2010 attempted bombing in New York's Times Square.[11]
AQAP, Al-Awlaki Provide Encryption Information for Followers in the West, Allowing Easy Communication
On July 1, 2010, AQAP released the first issue of the English-language online magazine Inspire, dated Summer 2010. A total of five issues have been published to date. This slickly laid-out English-language magazine, used to recruit English-speaking Muslims to join Al-Qaeda, includes multiple ongoing series focusing on different aspects of jihad important to recruitment and potentials recruits of Al-Qaeda.
Each issue of Inspire includes, in its back pages, information on "How To Communicate With Us," providing a series of Hotmail, Gmail, Fastmail, and Yahoo email addresses, and including an encryption code to protect the email. In each issue, the encryption code has been identical. Also provided is an email address through which AQAP may be contacted, along with an encryption key, with the warning that only emails using "'Mujahideen Secrets' software will be accepted."[12]
Summer 2010: Inspire Magazine Issue I Includes Article Titled "How To Use Asrar Al-Mujahideen: Sending and Receiving Encrypted Messages"
In an article titled "How To Use Asrar Al-Mujahideen: Sending and Receiving Encrypted Messages," the first issue of Inspire explained how to protect emails from being read by others, and included step-by-step instructions on using one type of encryption software: "Sending an important message in the old days only required a piece of paper, a writing utensil, and a trustworthy messenger that knows the location of the party you need to reach. Today, this is still an effective method if such a messenger is available and can get around without anyone stopping him.
"However, for the most part, this method has slowly evaporated and is now replaced with the Internet. Its benefit is that if there is no messenger that exists, access to the other party is only a few clicks of a mouse button away. Its harm is that the spies are actively paying attention to the emails, especially if you are an individual that is known to be jihadi-minded.
"So how does one go about sending important messages without it being noticed by the enemy? Following is one method, and that is by using an encryption software." [The full chapter includes six steps to follow in order to encrypt files – See Appendix I]
Fall 2010: Inspire Magazine Issue II Includes Article Titled "Asrar Al-Mujahideen Terr0r1st Extras 2.0"
The second issue of Inspire, dated Fall 2010, included an article titled "Asrar Al-Mujahideen Terr0r1st Extras 2.0," which focused on deleting encrypted messages after they are sent. It reads: "In the previous issue, we discussed in-depth the main function of Asrar al-Mujahideen 2.0., namely its communication methods through the use of encryption. Here, we will be touching on some of the extra functions of the program that you can find useful. We will talk about encrypting and decrypting files on your computer. Afterwards, we will discuss the File Shredder process.
"Before we start talking about that, it is important to note that getting caught from the intelligence services for using this program will most likely end you up in prison. So we have explained how to use the program, but it is entirely up to you on how to establish communication between contacts without being obvious to the intelligence services that you are using this program. It will take research and exploration on your part in order to devise a well-thought out plan to keep every identity safe. [The full chapter includes three more steps to encrypt files including file shredding – See Appendix II]
March 2011: Inspire Magazine's Issue V Invites Readers To "Send Your Questions to Sheikh Al-Awlaki" – via Encrypted Email Messages
The fifth and most recent issue of Inspire, released March 29, 2011, included a series of email addresses for readers to send emails to Al-Qaeda as well as details on protecting them by encryption. It also included a full page ad with a photo of Al-Awkali, with the text: "Send Your Questions to Sheikh Al-Awlaki" and promising readers, "We will hold an exclusive video interview with the Sheikh where he will answer your questions." Readers are told to send in their questions using the encryption information provided.
Since this issue's publication, there have been ongoing discussions on leading jihadi forums, including Shumukh Al-Islam, about when the interview might take place and what questions might be asked.
Testing Inspire's Encryption Code to Contact Al-Awlaki
On May 5, 2011, The Sun (UK) reported that an investigator for the newspaper had recently communicated with Al-Awlaki. Intelligence from what was described as a "sting" by The Sun was given to UK authorities and, according to an article on the matter, the newspaper contacted Al-Awlaki though the encryption code provided in Inspire. The following is the newspaper's description of what happened:
"FIRST, we obtained an email address for Awlaki's Yemen-based 'al-Qaeda in the Arabian Peninsula' network hidden in material on an extremist website.
"THEN our investigator, posing as a UK-based fanatic named 'Q. Khan,' sent an email addressed personally to Sheikh Anwar al-Awlaki.
"FINALLY, we received a reply from the terror chief – convinced he was in contact with the leader of a British cell eager to obey his commands. Our man 'Khan' wrote: 'Sheikh Anwar, the brothers and I need some help with a query about the pipe devices. We've had enough of talking and want to take things into our own hands as regards the situation towards the haters of the Prophet. A lot of us are suspicious about some goings on at the local masjid (mosque) and a potential Scotland Yard informer.'"[13]
Clearly, even if Al-Awlaki is deep underground, as most media outlets claim, his ability to communicate to followers or to release videos and articles is unimpeded.
Conclusion
It has now been four years since jihadi groups including Al-Qaeda have been utilizing encryption software. In fact, it has become a very important weapon in their arsenal of online activities. Entire sections of leading jihadi forums and webpages are devoted to encryption software. Manuals and videos for jihadis to learn about encryption can be found on YouTube and Facebook.
As Al-Qaeda continues to turn its focus to recruitment in the West, and as we have seen with the recent cases of Al-Awlaki followers, the importance of encryption in jihadis communication and activity is only growing with time.
Appendix I: Inspire Magazine Provides Six Steps to Encrypt Files for Communication Purposes
"One such software is a program created by our brothers called Asrar al-Mujahideen 2.0. Here, we will discuss how to use this program, how to create your key, how to send and receive the public key of the other party, and how to check if your version of the software is forfeited [sic] or not. There are many things you can do with this program besides sending and receiving encrypted messages; we will cover those aspects in later issue, In Shā' Allāh.
"I. CREATING YOUR KEY
"After you download Asrar and open the program, you will see the main interface as is:
"The first thing you need to do is create a key for yourself. So go ahead and click on 'Keys Manager' on the left hand side menu. You will get a small pop-up menu looking like the image to the left. Go ahead and click on 'Generate Keys' towards the bottom. You will get a pop-up looking like the image on the right:
"In the first field, you type in your username that you would like to use; it has to be at least 5 characters. If you would like to use Arabic, you just have to click on the button to the far right to change the language. Then for the passphrase, enter in a password that is easy for you to remember, but difficult for anyone to figure out; it has to be at least 8 characters.
"Afterwards, click on 'Generate Now' at the bottom. This will take some time to create, so be patient. Mines took 10 minutes, so don't be surprised if it's longer. Afterwards, click 'Close'. Now you are back to the previous pop-up. Click on 'Import Key' and import both the public and private keys. When you do that, it should look like what I have below. When finished, click 'Close'.
"So now, under the Anti-Symmetric Keys, you should have both your keys listed. The first key is your private key; the second is your public. When you send your key to other people, you always send your public key and never the private one. This is because if they have the private key, they will be asked for your password.
"II. IMPORTING YOUR ASSOCIATE'S KEY
"The next step is to import your associate's public key in order to communicate with him. But before we do that, we need to know how to export a key (pretending that you are the friend) and how to send that key. Click on 'Keys Manager' and click 'Export Public Key.' Here, you will notice that your Public Key is readily available from before, sitting in the folder that has the Asrar program. If you save, it's just going to overwrite the same file, so click 'Cancel.' Now access the folder that has your Asrar program and open your Public key using notepad. You will get the image to the left:
"The code sitting in the middle of the two lines is the public key. What you do is copy the entire page, and send that to your associate via any communication method you use such as Email. So now let's pretend that you already sent it over Email and your associate accesses that Email and sees the code. What does he do with it? He needs to first open notepad, and copy and paste the entire code. Save the file (the name doesn't matter) and close it. Then rename the file extension; notepad ends with .txt so we need to change it to .akf by right click, choosing rename and changing the extension. If you are unable to change the extension, then you need to access your folder options in any open window and uncheck 'hide extensions for known file types' [Tools – Folder Options – View]. Once you change it to .akf, go back to the Arar program and import that public key by clicking 'Keys Manager' and 'Import Key'. Choose the file and click 'Open' to import it. Once imported, click close.
"III. ENCRYPTING THE MESSAGE
"Now that you have your and your associate's key ready, it's time to send a message to him. On the main interface of Asrar, click on your private key (under 'Type', it starts with 'Pub/Priv') and then click the red arrow to the left of 'Local User (Private Key)' towards the middle. You will do this every single time you want to send a message to someone. Then click on your associate's public key and click the blue arrow to the left of 'Remote User (Public Key).' You are clicking this because you want to send the message to this individual. If you make a mistake, you can always click 'Clear Key' to the right.
"Now lick on 'Messaging' on the menu bar. Here, you will see a variety of options. For now, we will stick the tabs entitled, 'Message to Send' and 'Received Encrypted Message.' In the 'Message to Send,' write a short message for your friend. If you want to change between Arabic and English, you can click on the buttons on the top right.
"Once finished, click 'Encrypt.' The next step is to send the code between the two lines to your associate through a method that you both agreed upon. Make sure to only send the code in between and not the 'Begin' and 'End' lines if the authorities or any administrator sees such, it may open the door for more difficulties.
"IV. DECRYPTING THE MESSAGE
"So now let's pretend that you are the associate and you just received a new message in your inbox that has all this code. How do you decrypt the code?
"First copy the code and open Asra (keep in mind you can only do this party if you have your associate's private key and password since you cannot decrypt your own message unless if you send it to yourself originally in the Asra program; you can always create a set of test keys to try this out.) Click on your private key and choose the red arrow. Then click on your associate's public key (that has sent the message) and choose the blue arrow. Click 'Messaging' and then click 'Received Encrypted Message'. In the Passphrase, enter your password. If your password is in English, make sure to click on the button that is left to the top right button. You can uncheck 'Mask' to see if you are entering in your password correctly. Once you enter your password, paste the code into the empty box below and click 'Decrypt'. It will then take a moment to decrypt. If the code decrypted successfully, you will see the secret message from your associate. If you get an error, then it could be because of any of the following reasons:
"a) You have more than one 'Pub/Priv' key and you chose the wrong one or did not put it in the correct place (i.e., local user).
"b) The message is intended for someone else.
"c) You copied the code incorrectly; make sure that the code is left aligned. You can do this by pasting it into Microsoft Word or a Rich Text Editor.
"d) Your associate did not copy the code correctly.
"e) Your associate changed his public key and used a new one to send you the message.
"f) You imported the wrong public key.
"If you get an error, try to troubleshoot with these reasons in mind. The program is very easy to use, so it's easy to find where the error lies.
"Lastly, you can click on 'Save' on the top right to save the message as a text file to your computer.
"V. CHECKING THE AUTHENTICITY
"Now before you start using Asrar to send and receive encrypted messages, you need to first check if your copy of the Asrar program is legit or not. This is because the enemy has created an Asrar program identical to what the brothers created; the only difference is that the enemy had built in a mechanism that would allow them to spy on your program if they were to just have access to your public key.
"So how do you check the authenticity? First open Asrar. Towards the bottom, you will see a few tabs starting with 'Select File to Encrypt'. Click on the arrow pointing right to go to the last tab entitled, 'Check Files Fingerprints'. Click on 'Browse' and select your Asrar program.
"Click 'Open'. You will then see in the FFP field a bunch of characters. Copy and Paste these characters onto the OFP field below.
"Then click on 'Check'. A pop-up box will appear to immediately tell you if your copy of the program is legit or not. If it is legit, it will look like the image to the left. If it is not legit, it will look like the image to the right:
"If your program is fraudulent, you would have to find the authentic copy over the Internet and download it and re-run the fingerprint check to make sure it's safe to use. If you have the authentic copy, it's good to story a few extra copies on various formats such as CD, DVD, External Storage Devices and whatnot.
"VI. ADVICE
"Finally, I would like to give some practical advice to the ones using this program. Firstly, don't trust the program 100% even though it's been proven to be effective and safe. Strive to use other means such as writing letters or leaving messages using special symbols in uninhabited areas. If you need to use the program to contact someone that you have no other way of contacting except through the Internet, then follow these procedures:
"a) Never keep the Asrar program on your computer's hard drive. Always have it ready on a USB flash drive that you don't use for anything else. This is because if the Asrar program is available on the hard drive and you access the Internet with that computer, it's possible that the enemy will use spy programs to infiltrate your computer and figure out your password for your private key by recording your key strokes.
"b) Don't use this USB flash drive whilst connected to the Internet. Keep your computer offline while writing, encrypting and decrypting messages.
"c) Get in the habit of changing your private key password as much as possible. The ideal way would be to change it every time before compiling a new message. To change the password, click on, 'Keys Manager' and 'Change Passphrase'.
"d) Use any program that provides USB flash drive protection just in case. Some flash drives now come with security protection; invest in security.
"Northeast Intelligence Network
"Investigating threats to our homeland
"e) When you send your message to your associate over the Internet, use a proxy and an Internet connection that you don't regularly use (such as coffee shops).
"f) If you and your associate will use Email as the primary means of communication, then obviously, don't use your regular public Email to send encrypted messages; create a new Email using a proxy and an Internet connection you don't regularly use.
"g) Do careful research (using a proxy) and exploration to figure out other alternatives besides Email; if you are confident about its security, use it.
Appendix II: Inspire Magazine Issue II Provides Three More Steps to Protect Files Including File Shredding and Warns to be Careful of Intelligence Services
"1. Encrypt File
"Let's say you have a Word Document on your computer that you don't want any prying eyes to see. You could just use the hidden feature available on the system or bury the file somewhere in some system file, but it's still possible that someone can find it if he searches hard enough. For law enforcement agencies however, finding files isn't much of an issue. They have programs exclusive to their departments that can seek out what they are looking for based on both the file name and its contents. In order to have some peace of mind, the encryption method would be the best alternative to take.
"Towards the bottom of Figure 1.0, you will see a series of tabs. The first of them is 'Select File to Encrypt'. This is what we want. What will happen in this process of encryption is that a copy of your file will be made and converted into an unreadable format, leaving the original intact. In order to get rid of the original, place a check in 'Shred Out Original File' towards the bottom.
"Next, click the yellow folder to the right to select your file. When you click open, you will see the path bar filled in. If not, try again.
"Next, you will choose your Pub/Priv key and click the large red arrow. Then you will choose the one which will be able to see your encrypted file and click the large blue arrow.
"Afterwards click 'Encrypt File' towards the top left of the menu. You should get a message saying that the file was encrypted successfully. You should then see a file that ends with .enc in the same place your original file is. If you get an error saying 'No mail box specified', then it means you haven't properly chosen either the Local or Remote User (i.e., the blue and red arrows).
"2. Decrypt File
Decrypting the file you made is the same process as above. In the main window, you will click on the tab on the bottom 'Select File to Decrypt'. Click the yellow folder to select your file then click 'Decrypt File' at the top left in the menu. You will be asked for your password. Type it in and click OK. Once that's finished, depending on the size of the file, it will take some time to decrypt. You should then get a message saying that the file was decrypted successfully. In the same folder where your encrypted file is, a new folder will be automatically created called 'Decrypted'. In it you will find your file.
"3. File Shredder
"Many intelligence officers are able to find deleted files on a hard drive through the use of specially made programs. For instance, let's say a person deleted a file and formatted their computer. After a few years, the hard drive falls into the hands of the intelligence agency. Through their programs, there's a high possibility of them recovering that file. The Asrar program has a feature for permanently deleting your files, making it harder for the enemy to retrieve them.
"Click on 'File Shredder' on the left menu.
"From here, the process is simple. In Figure 1.3 you will see three columns. Starting from the left, the first column shows the root folders and disks of your computer. You will select the folder in which your file is located from here. Once you select the folder, the second column displays all the files in that folder. To delete the file, simply click on it, drag it into the third column and click the 'Shred Files' button towards the bottom.
"There are many programs that can do the same. If you ever come across them, you will find options such as wiping three times over, seven times over and so on. This just means that the process of deletion will be repeated that many times. The more times it is wiped over, the safer is your hard drive from prying eyes. The minimum wipe times you should use is 7 times.
"FIGURE 1.0: The first tab in the bottom panel will allow you to encrypt any file of your choosing.
"FIGURE 1.1: Select your Pub/ Priv key as the local user & then choose a remote user. Then click Encrypt File.
"FIGURE 1.2: Choose the folder in which your file is located. Drag & drop from the second column to the third. Click Shred Files."
*Steven Stalinsky is the Executive Director of The Middle East Media Research Institute
Endnotes:
[1] CBS News, May 4, 2011.
[4] See MEMRI Jihad and Terrorism Threat Monitor Project; January 13, 2009. http://www.memrijttm.org/content/en/blog_personal.htm?id=135¶m=APTGJN
[5] It is not clear who is behind this group – but its software is available on many jihadi forums.
[6] See MEMRI Jihad and Terrorism Threat Monitor Project: “Al-Qaeda in the Arabian Peninsula Looks to Continue Political Assassinations, Encourages Lone Wolf Bombers in the West,” JTTM No. 2633 - November 5, 2009.
[7] See MEMRI Jihad and Terrorism Threat Monitor Project; September 19, 2010.
[8] MSNBC, March 9, 2011.
[9]The Guardian UK March 18, 2011.
[10] Foreign Policy, March 22, 2011.
[11] The Wall Street Journal, May 6, 2011, states steps Rajib Karim allegedly used to encrypt messages included the following:
· Messages were stored on an external hard drive in files that appeared to have been made in one kind of program, but which in fact used a different type of program
· The program used enables each file to run as a separate, password-protected 'virtual hard drive'
· Text contained in those files was in scrambled form unless decrypted with the help of a custom-built software program
· Messages allegedly contained made up names and codes
· Messages were not exchanged as emails, which can be intercepted; instead were uploaded to publicly available websites that host files
[12] See MEMRI Jihad and Terrorism Threat Monitor Project; November 5, 2009 http://www.memrijttm.org/content/en/report.htm?report=3736¶m=APT.
[13] The Sun, May 5, 2011.
