For nearly a year, U.S. government officials have said revelations from former NSA contract worker Edward Snowden harmed national security and allowed terrorists to develop their own countermeasures. Those officials haven’t publicly given specific examples — but a tech firm based in Cambridge, Mass., says it has tangible evidence of the changes.
According to a new report to be released Friday by Big Data firm Recorded Future, a direct connection can be drawn: Just months after the Snowden documents were released, al-Qaida dramatically changed the way its operatives interacted online.
“We saw at least three major product releases coming out with different organizations with al-Qaida and associated organizations fairly quickly after the Snowden disclosures,” said Recorded Future’s CEO and co-founder, Christopher Ahlberg. “But we wanted to go deeper and see how big those changes were.”
By “product releases,” Ahlberg means new software. And for the first time, Recorded Future says, it can now codify just how big a change it was.
The company brought in a cyber expert, Mario Vuksan, the CEO of Reversing Labs, to investigate the technical aspects of the new software. Vuksan essentially reverse-engineered the 2013 encryption updates and found not only more sophisticated software, but also newly available downloads that allowed encryption on cellphones, Android products and Macs.
To put that change into context, for years, al-Qaida has used an encryption program written by its own coders called Mujahideen Secrets. It was a Windows-based program that groups like al-Qaida’s arm in Yemen and al-Shabab in Somalia used to scramble their communications. American-born radical imam Anwar al-Awlaki used it, too. Since Mujahideen Secret’s introduction in 2007, there had been some minor updates to the program, but no big upgrades.
Ahlberg thought the fact that the group changed the program months after Snowden’s revelations provided good circumstantial evidence that the former contractor had had an impact — but he wanted to see how much.
As it turns out, Recorded Future and Reversing Labs discovered that al-Qaida didn’t just tinker at the edges of its 7-year-old encryption software; it overhauled it. The new programs no longer use much of what’s known as “homebrew,” or homemade algorithms. Instead, al-Qaida has started incorporating more sophisticated open-source code to help disguise its communications.
“This is as close to proof that you can get that these have changed and improved their communications structure post the Snowden leaks,” Ahlberg said.
Others are less sure that you can draw a straight line from Snowden to the changes in al-Qaida’s encryption program. Bruce Schneier, a technologist and fellow at the Berkman Center at Harvard, said it’s hard to tell.
“Certainly they have made changes,” Schneier said, “but is that because of the normal costs of software development or because they thought rightly or wrongly that they were being targeted?”
Whatever the reason, Schneier says, al-Qaida’s new encryption program won’t necessarily keep communications secret, and the only way to ensure that nothing gets picked up is to not send anything electronically. Osama bin Laden understood that. That’s why he ended up resorting to couriers.
Upgrading encryption software might mask communications for al-Qaida temporarily, but probably not for long, Schneier said.
“It is relatively easy to find vulnerabilities in software,” he added. “This is why cyber criminals do so well stealing our credit cards. And it is also going to be why intelligence agencies are going to be able to break whatever software these al-Qaida operatives are using.”
The NSA, for its part, declined to comment.