Cardiff man Samata Ullah admits terrorist charges after posting encryption details on Islamic blog

Samata Ullah, a resident of Cardiff, pleaded guilty to five terrorism charges, including developing an encrypted version of an Islamic website and posting videos explaining how to use encryption

A former Welsh insurance worker has pleaded guilty to terrorism charges after posting encryption training videos and creating an encrypted version of an Islamic blog.

Samata Ullah, a 34-year-old resident of Cardiff, pleaded guilty to five counts under the Terrorism Act, including researching a technology, known as ZeroNet, “with the intention of assisting another or others to commit acts of terrorism”.

But at a hearing on 20 March before Judge Gerald Gordon, the Old Bailey heard that, according to a forensic analysis submitted to the court, Ullah’s intention to encrypt the blog would have failed.

Ullah admitted professing to be a member of a proscribed organisation, Isis, also known as Daesh and Islamic State, at the Old Bailey on 6 March, the court heard today.

ZeroNet is a peer-to-peer network that allows people to create websites that are virtually impossible for law enforcement authorities to censor or take down because the contents of the website are stored on multiple users’ computers.

The service, which was developed in Budapest, Hungary, uses bitcoin cryptography and open source peer-to-peer technology. People can view ZeroNet sites using an ordinary web browser, but would need to take further steps if they wanted to hide their identity, according to details readily accessible on the internet.

At the 6 March hearing, Ullah (pictured left), of 77 Rennie Street in Cardiff’s Riverside area, admitted developing a ZeroNet version of an Islamic blog platform, known as Ansar al Khilafah, it can now be reported.

He pleaded guilty to publishing instructions on the site – hosted on the WordPress blogging platform – explaining how to use the technology to create an encrypted site.

According to a statement on the Ansar al Khilafah blog, ZeroNet offers a “permanent back-up and uncensorable version” of the site.

Cannot be deleted

It goes on to say that ZeroNet uses BitTorrent technology, which “means the website cannot be deleted” because it is hosted by all its readers, rather than one person. The blog post encourages readers to bookmark the ZeroNet version of Ansar al Khilafah for future updates “in case the WordPress version is deleted”.

But Brian Altman, QC for the prosecution, told the court hearing on 20 March that a forensic analysis report, received last week, said that in practice, Ullah’s plans for an encrypted version of the blog site would not have succeeded.

“The report is a technical one that deals with defendant’s desire to copy the blog site onto another site that could not be closed by authorities,” he said.

“The essence of the report was it was so difficult, the defendant could not achieve what he wanted to achieved.”

Ullah was arrested on 22 September 2016 following an operation by the Kenyan Anti-Terrorism Police, the Metropolitan Police and the Wales Extremism and Counter Terrorism Unit (WECTU).

Ullah admitted professing to be a member of a proscribed organisation, Isis, also known as Daesh and Islamic State, at the Old Bailey on 6 March, the court heard today.

It can now be reported that Ullah also pleaded guilty to offering instructions on secure communications in videos posted on Ansar al Khilafah, at the hearing on 6 March.

Blog site post explains how readers can use encryption tools to prevent compromising data being left on their computers.

One of the videos, Using Tails OS with Persistence, TOR, PGP, Pidgin – a two-part video, offers advice on how to remain anonymous over the internet using the Tails secure operating system and a variety of encrypted email, messaging and browsing services, “without leaving traces of your activity on your PC or laptop”.

An accompanying description of the video says: “Many people have got into trouble because of what they said, however what got them into real trouble is what was found on their computers, including compromising data, and traces of their internet and reading activities. Learn how to protect yourself from these dangers with this comprehensive guide.”

The second video, Secure your sensitive data using VeraCrypt, is understood to have explained how to use the VeraCrypt encryption programme to hide data. The technology offers the capability for users to hand over dummy passwords if requested by the police, leaving sensitive data hidden, according to a post on the blog.

Ullah pleaded guilty to terrorist training, contrary to section 6(1) of the Terrorism Act 2006, for providing instructions in the videos when “he knew that a person receiving them intended to use the skills…for, or in connection with, the commission or preparation of acts of terrorism or for assisting the commission or preparation of acts of terrorism by others”.

An examination of the Ansar al Khilafah blog by Computer Weekly found articles and literature referring to the Islamic State, biographies of its prominent figures, and downloadable books, including one publication entitled The issue of beheading

Computer on a cufflink

Ullah also pleaded guilty to possessing a USB cufflink loaded with a copy of the Linux operating system, for a purpose connected with the commission, preparation or instigation of terrorism – a breach of section 57 of the Terrorism Act 2000.

Similar cufflinks, with up to 32GB of memory, can be openly bought on Amazon for less than £50.

Police found two technical books about guided missiles in Ullah’s possession, in breach of section 57 of the Terrorism Act 2000, which prohibits possession of an article for purposes connected with the commission, preparation or instigation of terrorism.

Ullah admitted possessing a book entitled Guided missiles fundamentals AMF 52-31, which, according to specialist online retailer, is a US Air Force technical training manual.

Post on Ansar Al Khilafa blog site explains how to hide sensitive data from the authorities.

According to information on the retailer’s website, the book contains “once-secret information, drawings and data about the most advanced rockets and missile systems” from the 1960s and 1970s. The 575-page textbook, first published in July 1972, is long out of print, but its most important chapters have been republished, the website says.

A second PDF book in Ullah’s possession, called Advances in missile guidance control, and estimation, is described by publisher CRC Press as an advanced guide to missile guidance and control. It brings together knowledge from experts in government, the defence industry and academia from the UK, the US, Canada, Korea, France and Israel.

Ullah denied a charge under section 56 of the Terrorism Act 2000 of directing others to conduct hacking of military information and of opponents of Isis, also known as Islamic State and Daesh.

The Metropolitan Police said Ullah was traced after police in Kenya arrested a suspect and found he was in regular contact with Ullah, and that the pair had had discussions about developing specialist skills to help Isis in its terror campaign.

Police said they had found numerous documents and videos on electronic devices owned by Ullah, and discovered that he had saved “infamous” Isis publications on a USB cufflink.

Commander Dean Haydon of the Metropolitan Police Counter Terrorism Command said: “Just because Ullah’s activity was in the virtual world, we underestimated how dangerous his activity was. He sat in his bedroom in Wales and created online content with the sole intention of aiding people who wanted to actively support Isis and avoid getting caught by the authorities.”

Gym goer who rarely left the house

According to local press reports, Ullah lived in a terraced house with his family, who ran a commercial cleaning company from their home.

Neighbours were reported as saying he was always seen in tracksuit bottoms and a white t-shirt, and rarely left the house.

“He doesn’t really leave the house other than to go to the gym each night at about seven o’clock,” one neighbour told the Metro newspaper.

“When he was a young boy, we would always see him through the window playing on his computer. We used to think he was good with computers, but now I don’t know what to think.”

Ullah made his first court appearance at Westminster magistrates court on 5 October 2016, when he spoke only to confirm his name, date of birth and address.

The offences are alleged to have take place between 31 December 2015 and 22 September 2016, according to an indictment read out in court.

The court ordered a pre-sentencing report on Ullah, after hearing on 20 March that Simon Baron-Cohen, a professor of developmental psychology, had diagnosed Ullah as having Asperger’s.

Det Supt Lee Porter, head of the WECTU, said Ullah’s activities had “come as a shock for those who knew him, including his family and the local community”.

This article has been updated with additional comments from the Metropolitan Police.

Read more on Hackers and cybercrime prevention