ISIS has long taken full advantage of secure communication tools, and utilized mainstream communication platforms in unexpected ways. Extremist groups even develop their own software at times to tailor things like encrypted messaging to their specific needs. One such project is the clandestine, unfortunately named communication tool MuslimCrypt, which uses an encryption technique called steganography to spread secret messages. And while many of these homegrown tools don't live up to their promised protections, a new evaluation of MusilmCrypt by the Middle East Media Research Institute reaches a basic, but crucial conclusion: MuslimCrypt's steganography works.

MuslimCrypt was first released by unknown actors on January 20 in a private, pro-ISIS Telegram channel, and like other steganographic tools, it hides information in plain site. Think of writing in invisible ink, except instead it's encoding a digital message in an otherwise unremarkable piece of software. And while steganography has of late been linked to malicious hacks, MuslimCrypt brings the technique back to its clandestine communication roots. (In fact, Osama bin Laden was apparently a regular practitioner.)

Specifically, MuslimCrypt hides information in images that can be shared or posted freely because only the recipient will know to check it for the secret message. MuslimCrypt doesn't come with a manual or provenance, so MEMRI researcher Marwan Khayat worked to trace the tool's history on Telegram, look into the users who talked about and posted it, vetted the tool in an attempt to confirm that downloading it wouldn't be dangerous, and then examined it in a software sandbox to determine how to use the tool. He then focused on testing its ability to actually encode information in image files—JPEGs and TIFs—and then facilitate extraction of that data on the receiver's end. Given that ISIS and its sympathizers use active multimedia propaganda campaigns, there are a lot of places for messages to hid.

'It’s really fascinating actually that they’re using steganography.' Marwan Khayat, MEMRI

"It’s really fascinating actually that they’re using steganography," Khayat says. "I found random pictures online, checked that you can embed a message and checked that you can extract it, and compared the two images visually. Someone online who sees the resulting image, there’s no way to tell. So to me it is working."

Though the algorithms driving MuslimCrypt remain mysterious, the fact that the tool works in any capacity is a significant first step. But Khayat notes that just because the tool is functional doesn't necessarily mean that its users have actually leaned on it for clandestine communication yet. "Think about it as a jihadi," Khayat says. "I hid a message inside and then I have it on my computer then what? Where do I send it?"

Steganography's value as a secret communication tool makes it unsurprising that jihadis would eventually adopt the technique, says Simon Wiseman, chief technology officer at the British network security firm Deep Secure, which works on malicious steganography defense. "Trying to communicate covertly is the traditional view of steganography, and MuslimCrypt is a standard application intended to do the encoding and decoding," Wiseman notes. Meanwhile, "detection through analysis is very difficult to do accurately so [investigators] may try to spot the distribution of the tool. I guess the next phase of the operation for MuslimCrypt would be to disguise that and create covert distribution."