A Cardiff man has been charged with crimes relating to encryption. Samata Ullah, 33, is alleged to have been a member of ISIS, also known as Daesh, and to have trained members in the use of encryption programmes for the explicit purpose of carrying out acts of terror.
Furthermore, Ullah is alleged to possess materials about missile guidance as well as a USB cufflink “that had an operating system loaded onto it for a purpose connected with the commission, preparation or instigation of terrorism.” The charges violate various sections of the Terrorism Acts 2000 and 2006.
Ullah was arrested by the Metropolitan Police Service's (MPS) Counter Terrorism Command in late September in Cardiff, after an investigation in conjunction with the Wales Extremism and Counter Terrorism Unit.
He was handed the charges at Westminster Magistrates' Court on the morning of 5 October. Ullah has been remanded in custody and will appear at the Old Bailey, otherwise known as the Central Criminal Court of England and Wales, on 28 October.
Of note here is perhaps that despite this suspect's alleged affiliation with a known terrorist group, the chargeable offences include use of and instruction in the use of encryption software. The release from the MPS states that Ullah, “engaged in conduct in preparation for giving effect to his intention namely, by researching an encryption programme, developing an encrypted version of his blog site and publishing the instructions around the use of the programme on his blog site”.
The offence comes under Section 5 of the Terrorism Act 2006 which states that anyone conspiring to commit, or to aid others in committing an act of terrorism. The section notes that it is irrelevant “whether the intention and preparations relate to one or more particular acts of terrorism, acts of terrorism of a particular description or acts of terrorism generally.” If Ullah is found guilty on this charge alone he could face a life sentence.
The MPS and the National Police Chief's Council both declined to comment.
Steve Armstrong, MD Logically Secure noted to SCMagazineUK.com that the use of a cufflink device was notable: “The use of micro storage devices to house hidden operating system installs is no longer the sole remit of 007.”
This builds on cases like Lulzsec member Jake Davies, otherwise known as Topiary, hiding an SD card in his Android phone. Much like security researchers learning from others, “hackers and terrorists are building on the experience and knowledge of others.”“With open forums relating how to install an encrypted Linux OS onto a consumer grade USB jewellery is just testament to the miniaturisation of technology. But as the American gun lobby would say ‘don't blame the technology blame the user', as all technology can be used for good and evil.”