The Snowden Effect in Real Terms

“Those who don’t know the value of loyalty, can never appreciate the cost of betrayal.” – Unknown Author

So next week, ole Greg Greenwald’s (or whatever his name is) new book comes out, and it’s no coincidence that on the same day, him, Snowden and the Wikileaks tree-huggers will be releasing a cache of the sensitive information ‘Fast Eddie S’ stole from the US. Now we all know what I initially thought about the whole ‘Snowden Affair’ from my previous blog post about it at the time, I’m not gonna go over all that again. If you want the backstory feel free to read it here. Not much has changed my mind since then. In fact, since then we’ve had time to observe the effects of Eddie’s so-called ‘patriotism’ first hand. And that’s what I’m gonna cover today.

It’s been observed, by more than a few well-connected individuals that since Snowden’s theft, defection, and revelations that certain things have changed within certain threat actor camps. For me, most notably, and predictably, the particular threat actor I am referring to is none other than Al-Qaeda. You see, they had a shitty bit of software they developed called ‘Mujahideen Secrets II’, and they used this to encrypt sensitive messages among their top-tier players online. This software was as, like I said pretty shitty, and certain people, in certain places had the ability to monitor/decrypt messages encrypted with said software, thus… well… I’m pretty sure you get the skinny.

Along comes Fast Eddie Snowden.

Things started to change (keep in mind I’m only talking about my field here), the threat actors wised-up, and started to develop a new way to encrypt their chatter. It’s gone public today from multiple sources that this is the case, notably from The Wall Street Journal, and The Middle East Media Research Institute (MEMRI). Thanks Eddie. You certainly messed up protecting our 4th Amendment right there. Great job.

While the above mentioned organizations have covered that it’s happened and happening, as a direct result of Fast Eddie’s actions, I’m going to show you data that , in real terms, proves the point.

Let’s get it done.

Since 2007, Al-Qaeda’s use of encryption technology has been based on the Mujahideen Secrets platform which has developed to include support for mobile, instant messaging, and Macs. Following the June 2013 Edward Snowden leaks we observe an increased pace of innovation, specifically new competing jihadist platforms and three (3) major new encryption tools from three (3) different organizations – GIMF, Al-Fajr Technical Committee, and ISIS – within a three to five-month time frame of the Snowden leaks. Al-Qaeda (AQ) has been using encryption technology in various forms for a long time. The original Mujahideen Secrets is the most common one, but recently we’ve seen multiple new encryption products as well as adaptations to new platforms like mobile, instant messaging, and Mac.

The nature of these new crypto products indicates strategy to overlay stronger and broader encryption on Western (mainly US) consumer communication services. We do not find evidence of abandonment of US-based consumer communication services. Likely risks are still greater to hide outside the consumer crowd, and non-US-based services may be exposed to even stronger lawful intercept. In this analysis using web intelligence (i.e. OSINT), we will explore AQ use of encryption and platforms – as well as explore product developments following former NSA contractor Edward Snowden’s disclosures.

Timeline of Al-Qaeda Crypto Developments 2007 to Now

The Recorded Future timeline below lays out key developments from 2007 until now.

The original Mujahideen Secrets (Asrar al-Mujahideen) encryption software launched in 2007, primarily for use with email. Asrar has had multiple releases over time and is distributed by the Global Islamic Media Front.
Asrar al-Dardashah, released by GIMF in February 2013, which is an encryption plugin for instant messaging based on the Pidgin platform – which connects to major US-based platforms.
Tashfeer al-Jawwal is a mobile encryption program, again from GIMF, released in September 2013, based on Symbian and Android.
Asrar al-Ghurabaa is yet another alternative encryption program, however importantly, released in November 2013 by Islamic State Of Iraq And Al-Sham (ISIS), which coincides with ISIS breaking off from main AQ after a power struggle.
Amn al-Mujahid is an alternative encryption program released in December 2013. In this case from Al-Fajr Technical Committee (FTC) which is also a mainstream AQ outfit.

Below: The blue line in the middle of 2013 shows the approximate cut-off pre-/post-Snowden disclosures.

CK ABOVE OR HERE FOR THE ACTUAL RECORDED FUTURE ANALYSIS CHART

Impact of Edward Snowden Disclosures

So let’s go back to the question of impact regarding the Edward Snowden disclosures. Did his massive release of secret documents lead to a change in communication behavior of terrorists, and maybe others?

CLICK ABOVE OR HERE FOR THE ACTUAL RECORDED FUTURE ANALYSIS CHART

As you can see, I’m not messing around here, and thats just one example of the results of Fast Eddies’ meddling. Like I said would happen.

This analysis is only looking at a very small sliver of this, but the timeline and web-intelligence can provide to anyone interested in OSINT, as you can see above tells a compelling story showing how four to five months after the Snowden disclosures both mainstream AQ, as well as the break off group ISIS, launches three new encryption tools.

Need some more convincing? Try this from MEMRI: