ISIS has long taken full advantage of secure communication tools, and utilized mainstream[1] communication platforms in unexpected ways. Extremist groups even develop their own software at times to tailor things like encrypted messaging to their specific needs. One such project is the clandestine, unfortunately named communication tool MuslimCrypt, which uses an encryption technique called steganography[2] to spread secret messages. And while many of these homegrown tools don't live up to their promised protections, a new evaluation of MusilmCrypt by the Middle East Media Research Institute reaches a basic, but crucial conclusion: MuslimCrypt's steganography works.
MuslimCrypt was first released by unknown actors on January 20 in a private, pro-ISIS Telegram channel, and like other steganographic tools, it hides information in plain site. Think of writing in invisible ink, except instead it's encoding a digital message in an otherwise unremarkable piece of software. And while steganography has of late been linked to malicious hacks, MuslimCrypt brings the technique back to its clandestine communication roots. (In fact, Osama bin Laden was apparently a regular practitioner[3].)
Specifically, MuslimCrypt hides information in images that can be shared or posted freely because only the recipient will know to check it for the secret message. MuslimCrypt doesn't come with a manual or provenance, so MEMRI researcher Marwan Khayat worked to trace the tool's history on Telegram, look into the users who talked about and posted it, vetted the tool in an attempt to confirm that downloading it wouldn't be dangerous, and then examined it in a software sandbox to determine how to use the tool. He then focused on testing its ability to actually encode information in image files—JPEGs and TIFs—and then facilitate extraction of that data on the receiver's end. Given that ISIS and its sympathizers