[ISN] Hacking al Qaeda's Secrets

From: InfoSec News (isnat_private)
Date: Mon Mar 11 2002 - 22:41:31 PST

  • Next message: InfoSec News: "Re: [ISN] U.S. to Curb Computer Access by Foreigners"

    MARCH 12, 2002 
    By Alex Salkever 
    You read it here first: Al Qaeda has been hacked. That's right.  
    Hacked. Compromised. Cracked.
    Why am I sure of this? No, I don't have any sources divulging
    top-secret intelligence. But the string of attacks that police and
    intelligence agencies have averted since September 11 tells a
    interesting tale. From seizing a bomb-materials cache in Belgium to
    uncovering a possible plot to gas the U.S. Embassy in Rome with deadly
    cyanide, the success in thwarting threats has been truly breathtaking.  
    Considering the difficulties in getting agents on the ground inside
    small terrorist cells that function within tight-knit militant Islamic
    communities, the likely alternative is that al Qaeda has been hacked
    quite nicely.
    Other signs point the same way. First, for all their vaunted
    organizational skills, the terrorists appear to be less than
    sophisticated in the art of concealing their cells and its members.  
    Second, the technological intelligence-gathering capabilities of the
    National Security Agency and other state-sponsored hackers are
    probably better than they get credit for. Third, even small amounts of
    information can tell a huge amount about an organization's strategy
    and movements.
    After the horror of September 11, pundits couldn't stop talking about
    how sophisticated the World Trade Center attack was -- Osama bin Laden
    turning jumbo passenger jets into weapons of mass destruction. While
    the al Qaeda terrorists pulled off an operation that was more complex
    than anyone could have imagined, they've also proven to be anything
    but technologically savvy.
    BOND WOULD BLANCH.  The World Trade Center assailants thought they
    were anonymous when they used public Internet terminals. They sent
    clear-text messages when most e-mail services, such as Yahoo! and
    HotMail, offer free heavy-duty encryption of messages. One of the
    alleged terrorist organizers, caught in Milan last April, coughed up
    an address book full of cell-phone numbers and e-mail addresses -- not
    exactly text-book spycraft.
    Bin Laden himself took a very long time to realize that not only are
    cell-phone communications easy to track but they're also simple to
    crack. "These are the same guys who only stopped using cell phones to
    coordinate their activities when CNN outed them on TV. Security
    experts these guys are not," says Marcus Ranum, chief technology
    officer at Network Flight Recorder, a maker of computer-intrusion
    detection systems. Ranum is a computer-security expert who has watched
    over networks for the White House.
    Then, there's the underestimated technological prowess of spy
    organizations. Although it keeps by far the lowest profile of all the
    intelligence agencies in the U.S., if not the world, the NSA remains a
    potent force. Its key weapon is a system called Echelon, a shadowy
    network of so-called "sniffer" devices that sit astride the global
    Internet's handful of key choke points. Perhaps as much as 90% of all
    Internet traffic passes through these sniffers, some sources with
    knowledge of the system think. The devices are connected to computer
    systems that look through communications, seeking tip-offs such as
    word associations -- bomb and Bush in the same e-mail, for example.
    AN IP STAKEOUT.  This might sound simplistic. But according to Ranum
    and others, the systems are far more potent than commercial programs
    that perform similar tasks. In part, that's because they can narrow
    down the type of data they're looking for by geography or location. In
    response to September 11, Internet security consultancy iDefense
    published a listing of all the IP address ranges for 80 countries
    around the globe. An IP address is a unique numerical identity -- a
    different one is attached to every device on the Internet.
    So techno-spies could, theoretically, target IP addresses more likely
    associated with terrorists, and then zero in on those areas for
    intense snooping. That could mean IP addresses at a specific cybercafe
    in a neighborhood where suspected al Qaeda operatives live. Or it
    could mean even an entire country, if Internet penetration remains
    relatively low. "Pakistan, in the world of the Internet, only has 55
    IP address ranges registered to itself. We are talking about an
    extremely small pond compared to the ocean of the Internet," explains
    Michael Cheek, iDefense's director of intelligence.
    Finally, a little information can actually go a long way, thanks to an
    exotic intelligence discipline dubbed traffic analysis. This is the
    science of deciphering the structure and purpose of an organization
    without understanding anything that members of the organization say to
    each other. It's an art, really. NFR's Ranum explains that if an
    e-mail goes from one address to another and then 50 e-mail messages
    subsequently come out from the second e-mail, that means a leader has
    likely issued a command to a so-called reflector. Thus, watchers have
    ascertained a key piece of information about the organization.
    SIMPLE COOPERATION.  Of course, traffic analysis is tough to execute
    if the organizational network isn't known or all that obvious. But
    that's no longer the case with al Qaeda. In the first week in March,
    U.S. intelligence officials warned that intercepted e-mail traffic
    indicated that al Qaeda was regrouping. Due to the inherent
    connectivity of the Net, identifying a single e-mail address belonging
    to a group member can quickly reveal large chunks of information about
    the terrorist network.
    Tracing this information requires nothing more than cooperation from
    Internet service providers. At the very least, most ISPs log several
    months worth of e-mail traffic (though usually not the content). "The
    NSA is the worldwide god of traffic analysis. Just based on the
    fan-out of subsequent e-mail, you can make a guess at who is whom,"  
    says Ranum.
    I'm not saying that hacking al Qaeda will be a slam dunk. Terrorists
    have plenty of ways to confuse authorities. While using strong
    encryption might raise a red flag with the NSA, that's not the only
    way to evade detection. A cell member in Pakistan might dial out to an
    ISP in India over the public phone network, explains Bill Stearns, a
    senior research engineer at Dartmouth's Institute for Security
    Technology Studies. And in many parts of the world where the U.S.  
    government is not viewed as a friendly entity, the cooperation of ISPs
    and telecom companies isn't a given.
    Yes, the war against terrorism may have just begun, even though it's
    now six months since the World Trade Center and Pentagon attacks. But
    just as on the battlefield, the U.S. government has technological
    superiority online, too. Like the attack on al Qaeda holdouts in the
    mountains of Afghanistan, the hack is on, and it appears to be making
    great strides at lifting the veil on al Qaeda.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Tue Mar 12 2002 - 01:46:05 PST