America

Big Data Firm Says It Can Link Snowden Data To Changed Terrorist Behavior

Editor's note on Aug. 17 at 11:25 a.m. ET: A clarification and links to the ombudsman's critique of this post have been added.

For nearly a year, U.S. government officials have said revelations from former NSA contract worker Edward Snowden harmed national security and allowed terrorists to develop their own countermeasures. Those officials haven't publicly given specific examples — but a tech firm based in Cambridge, Mass., says it has tangible evidence of the changes.

This photo provided by The Guardian in London shows Edward Snowden, who worked as a contract employee at the National Security Agency, in Hong Kong last year. i

This photo provided by The Guardian in London shows Edward Snowden, who worked as a contract employee at the National Security Agency, in Hong Kong last year. AP hide caption

itoggle caption AP
This photo provided by The Guardian in London shows Edward Snowden, who worked as a contract employee at the National Security Agency, in Hong Kong last year.

This photo provided by The Guardian in London shows Edward Snowden, who worked as a contract employee at the National Security Agency, in Hong Kong last year.

AP

According to a new report to be released Friday by big data firm Recorded Future, a direct connection can be drawn: Just months after the Snowden documents were released, al-Qaida dramatically changed the way its operatives interacted online.

"We saw at least three major product releases coming out with different organizations with al-Qaida and associated organizations fairly quickly after the Snowden disclosures," said Recorded Future's CEO and co-founder Christopher Ahlberg. "But we wanted to go deeper and see how big those changes were."

By "product releases," Ahlberg means new software. And for the first time, Recorded Future says, it can now codify just how big a change it was.

The company brought in a cyber expert, Mario Vuksan, the CEO of Reversing Labs, to investigate the technical aspects of the new software. Vuksan essentially reverse-engineered the 2013 encryption updates and found not only more sophisticated software but also newly available downloads that allowed encryption on cellphones, Android products and Macs.

To put that change into context, for years, al-Qaida has used an encryption program written by its own coders called Mujahideen Secrets. It was a Windows-based program that groups like al-Qaida's arm in Yemen and al-Shabab in Somalia used to scramble their communications. American-born radical imam Anwar al-Awlaki used it, too. Since Mujahideen Secret's introduction in 2007, there had been some minor updates to the program, but no big upgrades.

Ahlberg thought the fact that the group changed the program months after Snowden's revelations provided good circumstantial evidence that the former contractor had had an impact — but he wanted to see how much.

As it turns out, Recorded Future and Reversing Labs discovered that al-Qaida didn't just tinker at the edges of its seven-year-old encryption software; it overhauled it. The new programs no longer use much of what's known as "homebrew," or homemade algorithms. Instead, al-Qaida has started incorporating more sophisticated open-source code to help disguise its communications.

"This is as close to proof that you can get that these have changed and improved their communications structure post the Snowden leaks," Ahlberg said.

Others are less sure that you can draw a straight line from Snowden to the changes in al-Qaida's encryption program. Bruce Schneier, a technologist and fellow at the Berkman Center at Harvard, said it's hard to tell.

"Certainly they have made changes," Schneier said, "but is that because of the normal costs of software development or because they thought rightly or wrongly that they were being targeted?"

Whatever the reason, Schneier says, al-Qaida's new encryption program won't necessarily keep communications secret, and the only way to ensure that nothing gets picked up is to not send anything electronically. Osama bin Laden understood that. That's why he ended up resorting to couriers.

Upgrading encryption software might mask communications for al-Qaida temporarily, but probably not for long, Schneier said.

"It is relatively easy to find vulnerabilities in software," he added. "This is why cybercriminals do so well stealing our credit cards. And it is also going to be why intelligence agencies are going to be able to break whatever software these al-Qaida operatives are using."

The NSA, for its part, declined to comment.

Correction Aug. 17, 2014

This report should have said that In-Q-Tel has invested in the firms Recorded Future and Reversing Labs. As NPR ombudsman Edward Schumacher-Matos notes, In-Q-Tel is "a quasi-government venture capital fund that publicly invests in young high-tech companies on behalf of the CIA and other partner intelligence agencies." Record Future and Reversing Labs are among the companies In-Q-Tel has invested in. You can read Schumacher-Matos' critique here: "Attacking NPR As A Shill For Government Intelligence."

Comments

 

Please keep your community civil. All comments must follow the NPR.org Community rules and terms of use, and will be moderated prior to posting. NPR reserves the right to use the comments we receive, in whole or in part, and to use the commenter's name and location, in any medium. See also the Terms of Use, Privacy Policy and Community FAQ.