Big Data Firm Says It Can Link Snowden Data To Changed Terrorist Behavior

Play associated audio

For nearly a year, U.S. government officials have said revelations from former NSA contract worker Edward Snowden harmed national security and allowed terrorists to develop their own countermeasures. Those officials haven't publicly given specific examples — but a tech firm based in Cambridge, Mass., says it has tangible evidence of the changes.

According to a new report to be released Friday by Big Data firm Recorded Future, a direct connection can be drawn: Just months after the Snowden documents were released, al-Qaida dramatically changed the way its operatives interacted online.

"We saw at least three major product releases coming out with different organizations with al-Qaida and associated organizations fairly quickly after the Snowden disclosures," said Recorded Future's CEO and co-founder, Christopher Ahlberg. "But we wanted to go deeper and see how big those changes were."

By "product releases," Ahlberg means new software. And for the first time, Recorded Future says, it can now codify just how big a change it was.

The company brought in a cyber expert, Mario Vuksan, the CEO of Reversing Labs, to investigate the technical aspects of the new software. Vuksan essentially reverse-engineered the 2013 encryption updates and found not only more sophisticated software, but also newly available downloads that allowed encryption on cellphones, Android products and Macs.

To put that change into context, for years, al-Qaida has used an encryption program written by its own coders called Mujahideen Secrets. It was a Windows-based program that groups like al-Qaida's arm in Yemen and al-Shabab in Somalia used to scramble their communications. American-born radical imam Anwar al-Awlaki used it, too. Since Mujahideen Secret's introduction in 2007, there had been some minor updates to the program, but no big upgrades.

Ahlberg thought the fact that the group changed the program months after Snowden's revelations provided good circumstantial evidence that the former contractor had had an impact — but he wanted to see how much.

As it turns out, Recorded Future and Reversing Labs discovered that al-Qaida didn't just tinker at the edges of its 7-year-old encryption software; it overhauled it. The new programs no longer use much of what's known as "homebrew," or homemade algorithms. Instead, al-Qaida has started incorporating more sophisticated open-source code to help disguise its communications.

"This is as close to proof that you can get that these have changed and improved their communications structure post the Snowden leaks," Ahlberg said.

Others are less sure that you can draw a straight line from Snowden to the changes in al-Qaida's encryption program. Bruce Schneier, a technologist and fellow at the Berkman Center at Harvard, said it's hard to tell.

"Certainly they have made changes," Schneier said, "but is that because of the normal costs of software development or because they thought rightly or wrongly that they were being targeted?"

Whatever the reason, Schneier says, al-Qaida's new encryption program won't necessarily keep communications secret, and the only way to ensure that nothing gets picked up is to not send anything electronically. Osama bin Laden understood that. That's why he ended up resorting to couriers.

Upgrading encryption software might mask communications for al-Qaida temporarily, but probably not for long, Schneier said.

"It is relatively easy to find vulnerabilities in software," he added. "This is why cyber criminals do so well stealing our credit cards. And it is also going to be why intelligence agencies are going to be able to break whatever software these al-Qaida operatives are using."

The NSA, for its part, declined to comment.

Copyright 2014 NPR. To see more, visit


'Not Without My Daughter' Subject Grows Up, Tells Her Own Story

"Not Without My Daughter" told the story of an American mother and daughter fleeing Iran. Now that young girl is telling her own story in her memoir, "My Name is Mahtob."

Internet Food Culture Gives Rise To New 'Eatymology'

Internet food culture has brought us new words for nearly every gastronomical condition. The author of "Eatymology," parodist Josh Friedland, discusses "brogurt" with NPR's Rachel Martin.

Proposed Climate Change Rules At Odds With U.S. Opponents

President Obama says the U.S. must lead the charge to reduce burning of fossil fuels. But American lawmakers are divided on limiting carbon emissions and opponents say they'll challenge any new rules.

Payoffs For Prediction: Could Markets Help Identify Terrorism Risk?

In a terror prediction market, people would bet real money on the likelihood of attacks. NPR's Scott Simon speaks with Stephen Carter about whether such a market could predict — and deter — attacks.

Leave a Comment

Help keep the conversation civil. Please refer to our Terms of Use and Code of Conduct before posting your comments.