It seems consistent that Al Qaeda prefers being 'fish in the sea' to standing out by use of crypto. Also, given the depth and breadth of conspiracies they believe in, it seems that they might see all us cryptographers as a massive deception technique to get them to use bad crypto. (And hey, they're almost right! We love that they use bad crypto.)
Right. Although only based on very limited experiences, where I've come across those in "interesting lines of business", the strong impression I get is that they would not touch any new or geeky tool that had some claimed benefits that couldn't be proven on examination. This was most forcefully put to me by a dealer of narcotics in Amsterdam (I wasn't buying, just trying to be polite at a party ;) who said that he and his like would not use any of the payment systems that had supposed privacy built in, as they assumed that the makers were lying about the privacy provisions. As far as 3 systems that the guy was aware of, he was dead right twice, and for the third, I'd say he was approximately right. So, if this is a valid use case and we can extend from small time narcotics payments to big time terrorism chitchat, we could suggest that they will be using standard people tools, and trying hard to stay unobservable in the mass of traffic. In this sense, one could say they were using steganography, but I think it is more useful to say they are simply staying out of sight. Either way, the public policy implication is to challenge any specious claims of how we need to control XXX because terrorists use it. In the case of crypto, it would appear they don't use much, and what's more, they shouldn't.
And see the link there to Ian Grigg's http://www.financialcryptography.com/mt/archives/000246.html
I was hoping that the 'Terrorist Encyclopedia' had made its way to somewhere like smoking gun or cryptome by now. iang