The ‘brand’ value of groups like GIMF and the al-Mahalem Media Foundation benefit from disseminating these tools. While the tools are less secure than their more popular, mainstream counterparts, actions like blatantly tagging all public keys with ‘#—Begin Al-Ekhlaas Network ASRAR El Moujahedeen V2.0 Public Key 2048 bit—’ and the group branding on the program itself promote the associated al-Qaeda media brands. Despite the fact that using these tools clearly increases the attack surface for these groups through easily identifiable and unique methods, the propaganda value seems to be worth it. In the online jihadist world there are continually competing tiers of forums, release groups, and actors, but less than a handful of encryption programs.
Taking the jihadist point of view, another reason for the development and use of these tools could be heightened mistrust. Anything outside the relatively small ecosystem of online jihadist circles is seen as suspect. Many take the ‘Leviathan’ view of the US and Israel, and continue to apply it towards the cynical views that any Western developed software could contain government backdoors. Even with the popularity of open source security programs, those less technically capable would have a much easier time trusting what’s known to be used by Anwar al-Awlaki, what’s promoted in Inspire, and by prominent jihadist hackers online.
Therefore, factors like attention and mistrust explain the divergence between indicators of technical expertise, like choosing AES finalists, and avoidance, like forgoing PGP or similar programs. These programs are less secure, but allow groups like GIMF to maintain their high profile and feed a confirmation bias of an all-powerful U.S. government. As for now, the programs may arguably protect against ‘backdoors’, but provide easily recognizable data to identify terrorist communications, organizations, and users online.
On May 20, he boarded a flight to Hong Kong, where he has remained ever since. He chose the city because “they have a spirited commitment to free speech and the right of political dissent”, and because he believed that it was one of the few places in the world that both could and would resist the dictates of the US government.
In the three weeks since he arrived, he has been ensconced in a hotel room. “I’ve left the room maybe a total of three times during my entire stay,” he said. It is a plush hotel and, what with eating meals in his room too, he has run up big bills.
He is deeply worried about being spied on. He lines the door of his hotel room with pillows to prevent eavesdropping. He puts a large red hood over his head and laptop when entering his passwords to prevent any hidden cameras from detecting them.
For example, when a Mercedes-Benz driver requests data from the internet, this is processed via an external Daimler back end server. The data then move to the car via a secure virtual private network connection.
Many carmakers now offer customers downloadable apps such as via Toyota Motor’s Touch, Ford’s Sync and Chrysler’s Uconnect systems. However, these tend not to be fully open but rather offer a limited number of secure, approved apps.
Mr Hoheisel, at Bosch, says: “At the moment we don’t have open app stores in the car industry — these are really protected and shielded systems.”
A Ford spokesman says that “the safety, privacy and security of our customers is paramount” and therefore any software updates are “code-signed” and must be recognised as coming from Ford in order to update its Sync system.