[ISN] Terrorists Turn to the Web as Base of Operations

From: InfoSec News (isn@private)
Date: Sun Aug 07 2005 - 22:05:26 PDT


Forwarded from: William Knowles <wk@private>

http://www.washingtonpost.com/wp-dyn/content/article/2005/08/05/AR2005080501138.html

By Steve Coll and Susan B. Glasser
Washington Post Staff Writers
August 7, 2005

In the snow-draped mountains near Jalalabad in November 2001, as the
Taliban collapsed and al Qaeda lost its Afghan sanctuary, Osama bin
Laden biographer Hamid Mir watched "every second al Qaeda member
carrying a laptop computer along with a Kalashnikov" as they prepared
to scatter into hiding and exile. On the screens were photographs of
Sept. 11 hijacker Mohamed Atta.

Nearly four years later, al Qaeda has become the first guerrilla
movement in history to migrate from physical space to cyberspace. With
laptops and DVDs, in secret hideouts and at neighborhood Internet
cafes, young code-writing jihadists have sought to replicate the
training, communication, planning and preaching facilities they lost
in Afghanistan with countless new locations on the Internet.

Al Qaeda suicide bombers and ambush units in Iraq routinely depend on
the Web for training and tactical support, relying on the Internet's
anonymity and flexibility to operate with near impunity in cyberspace.  
In Qatar, Egypt and Europe, cells affiliated with al Qaeda that have
recently carried out or seriously planned bombings have relied heavily
on the Internet.

Such cases have led Western intelligence agencies and outside
terrorism specialists to conclude that the "global jihad movement,"  
sometimes led by al Qaeda fugitives but increasingly made up of
diverse "groups and ad hoc cells," has become a "Web-directed"  
phenomenon, as a presentation for U.S. government terrorism analysts
by longtime State Department expert Dennis Pluchinsky put it. Hampered
by the nature of the Internet itself, the government has proven
ineffective at blocking or even hindering significantly this vast
online presence.

Among other things, al Qaeda and its offshoots are building a massive
and dynamic online library of training materials -- some supported by
experts who answer questions on message boards or in chat rooms --
covering such varied subjects as how to mix ricin poison, how to make
a bomb from commercial chemicals, how to pose as a fisherman and sneak
through Syria into Iraq, how to shoot at a U.S. soldier, and how to
navigate by the stars while running through a night-shrouded desert.  
These materials are cascading across the Web in Arabic, Urdu, Pashto
and other first languages of jihadist volunteers.

The Saudi Arabian branch of al Qaeda launched an online magazine in
2004 that exhorted potential recruits to use the Internet: "Oh Mujahid
brother, in order to join the great training camps you don't have to
travel to other lands," declared the inaugural issue of Muaskar
al-Battar, or Camp of the Sword. "Alone, in your home or with a group
of your brothers, you too can begin to execute the training program."

"Biological Weapons" was the stark title of a 15-page Arabic language
document posted two months ago on the Web site of al Qaeda fugitive
leader Mustafa Setmariam Nasar, one of the jihadist movement's most
important propagandists, often referred to by the nom de guerre Abu
Musab Suri. His document described "how the pneumonic plague could be
made into a biological weapon," if a small supply of the virus could
be acquired, according to a translation by Rebecca Givner-Forbes, an
analyst at the Terrorism Research Center, an Arlington firm with U.S.  
government clients. Nasar's guide drew on U.S. and Japanese biological
weapons programs from the World War II era and showed "how to inject
carrier animals, like rats, with the virus and how to extract microbes
from infected blood . . . and how to dry them so that they can be used
with an aerosol delivery system."

Jihadists seek to overcome in cyberspace specific obstacles they face
from armies and police forces in the physical world. In planning
attacks, radical operatives are often at risk when they congregate at
a mosque or cross a border with false documents. They are safer
working on the Web. Al Qaeda and its offshoots "have understood that
both time and space have in many ways been conquered by the Internet,"  
said John Arquilla, a professor at the Naval Postgraduate School who
coined the term "netwar" more than a decade ago.

Al Qaeda's innovation on the Web "erodes the ability of our security
services to hit them when they're most vulnerable, when they're
moving," said Michael Scheuer, former chief of the CIA unit that
tracked bin Laden. "It used to be they had to go to Sudan, they had to
go to Yemen, they had to go to Afghanistan to train," he added. Now,
even when such travel is necessary, an al Qaeda operative "no longer
has to carry anything that's incriminating. He doesn't need his
schematics, he doesn't need his blueprints, he doesn't need formulas."  
Everything is posted on the Web or "can be sent ahead by encrypted
Internet, and it gets lost in the billions of messages that are out
there."

The number of active jihadist-related Web sites has metastasized since
Sept. 11, 2001. When Gabriel Weimann, a professor at the University of
Haifa in Israel, began tracking terrorist-related Web sites eight
years ago, he found 12; today, he tracks more than 4,500. Hundreds of
them celebrate al Qaeda or its ideas, he said.

"They are all linked indirectly through association of belief,
belonging to some community. The Internet is the network that connects
them all," Weimann said. "You can see the virtual community come
alive."

Apart from its ideology and clandestine nature, the jihadist
cyberworld is little different in structure from digital communities
of role-playing gamers, eBay coin collectors or disease sufferers.  
Through continuous online contact, such communities bind dispersed
individuals with intense beliefs who might never have met one another
in the past. Along with radical jihad, the Internet also has enabled
the flow of powerful ideas and inspiration in many other directions,
such as encouraging democratic movements and creating vast new
commercial markets.

Since the U.S. invasion of Iraq more than two years ago, the Web's
growth as a jihadist meeting and training ground has accelerated.

But al Qaeda's move into cyberspace is far from total. Physical
sanctuaries or unmolested spaces in Sunni Muslim-dominated areas of
Iraq, in ungoverned tribal territories of Pakistan, in the southern
Philippines, Africa and Europe still play important roles. Most
violent al Qaeda-related attacks -- even in the most recent period of
heavy jihadist Web use -- appear to involve leaders or volunteers with
some traditional training camp or radical mosque backgrounds.

But the Web's growing centrality in al Qaeda-related operations and
incitement has led such analysts as former CIA deputy director John E.  
McLaughlin to describe the movement as primarily driven today by
"ideology and the Internet."

The Web's shapeless disregard for national boundaries and ethnic
markers fits exactly with bin Laden's original vision for al Qaeda,
which he founded to stimulate revolt among the worldwide Muslim ummah
, or community of believers. Bin Laden's appeal among some Muslims has
long flowed in part from his rare willingness among Arab leaders to
surround himself with racially and ethnically diverse followers, to
ignore ancient prejudices and national borders. In this sense of
utopian ambition, the Web has become a gathering place for a rainbow
coalition of jihadists. It offers al Qaeda "a virtual sanctuary" on a
global scale, Rand Corp. terrorism specialist Bruce Hoffman said. "The
Internet is the ideal medium for terrorism today: anonymous but
pervasive."

In Afghanistan, the Taliban banned television and even toothbrushes as
forbidden modern innovations. Yet al Qaeda, led by educated and
privileged gadget hounds, adapted early and enthusiastically to the
technologies of globalization, and its Arab volunteers managed to
evade the Taliban's screen-smashing technology police.

Bin Laden used some of the first commercial satellite telephones while
hiding out in Afghanistan. He produced propaganda videos with
hand-held cameras long before the genre became commonplace. Bin
Laden's sons played computer games in their compound in Jalalabad,
recalled the journalist Abdel Bari Atwan, who interviewed bin Laden
late in 1996.

Today, however, bin Laden and his deputy, Ayman Zawahiri, have fallen
well behind their younger followers worldwide. The two still make
speeches that must be recorded in a makeshift studio and couriered at
considerable risk to al-Jazeera or other satellite stations, as with
Zawahiri's message broadcast last week. Their younger adherents have
moved on to Web sites and the production of short videos with shock
appeal that can be distributed to millions instantly via the Internet.

Many online videos seek to replicate the Afghan training experience.  
An al Qaeda video library discovered on the Web and obtained by The
Washington Post from an experienced researcher showed in a series of
high-quality training films shot in Afghanistan how to conduct a
roadside assassination, raid a house, shoot a rocket-propelled
grenade, blow up a car, attack a village, destroy a bridge and fire an
SA-7 surface-to-air missile. During a practice hostage-taking, the
filmmakers chuckled as trainees herded men and women into a room,
screaming in English, "Move! Move!"

One of al Qaeda's current Internet organizations, the Global Islamic
Media Front, is now posting "a lot of training materials that we've
been able to verify were used in Afghanistan," said Givner-Forbes, of
the Terrorism Research Center. One recent online manual instructed how
to extract explosive materials from missiles and land mines. Another
offered a country-by-country list of "explosive materials available in
Western markets," including France, Germany, Italy, Japan, the former
Soviet Union and Britain.

These sites have converted sections of the Web into "an open
university for jihad," said Reuven Paz, who heads the Project for the
Research of Islamist Movements in Israel. "The main audience are the
younger generation in the Arab world" who now can peruse at their own
pace "one big madrassa on the Internet."

 From One Site to Many

Al Qaeda's main communications vehicle after Sept. 11 was Alneda.com,
a clearinghouse for new statements from bin Laden's leadership group
as his grip on Afghan territory crumbled. An archive of the site, also
obtained by The Post from the researcher, includes a library of
pictures from the 2001 Afghan war, along with a collage of news
accounts, long theological justifications for jihad, and celebrations
of the Sept. 11 hijackers.

The webmaster and chief propagandist of the site has been identified
by Western analysts as Yusuf Ayiri, a Saudi cleric and onetime al
Qaeda instructor in Afghanistan. In the summer of 2002, U.S.  
authorities and volunteer campaigners who were trying to shut him down
chased him across multiple computer servers. At one point, a
pornographer gained control of the Alneda.com domain name, and the
site shifted to servers in Malaysia, then Texas, then Michigan. Ayiri
died in a gun battle with Saudi security forces in May 2003. His site
ultimately disappeared.

Rather than one successor, there were hundreds.

Realizing that fixed Internet sites had become too vulnerable, al
Qaeda and its affiliates turned to rapidly proliferating jihadist
bulletin boards and Internet sites that offered free upload services
where files could be stored. The outside attacks on sites like
Alneda.com "forced the evolution of how jihadists are using the
Internet to a more anonymous, more protected, more nomadic presence,"  
said Ben N. Venzke, a U.S. government consultant whose firm
IntelCenter monitors the sites. "The groups gave up on set sites and
posted messages on discussion boards -- the perfect synergy. One of
the best-known forums that emerged after Sept. 11 was Qalah, or
Fortress. Registered to an address in Abu Dhabi, the United Arab
Emirates, the site has been hosted in the U.S. by a Houston Internet
provider, Everyone's Internet, that has also hosted a number of sites
preaching radical Islam. Researchers who follow the site believe it
may be connected to Saad Faqih, a leading Saudi dissident living in
exile in Britain. They note that the same contact information is given
for his acknowledged Web site and Qalah. Faqih has denied any link.

On Qalah, a potential al Qaeda recruit could find links to the latest
in computer hacking techniques (in the discussion group called
"electronic jihad"), the most recent beheading video from Iraq, and
paeans to the Sept. 11 hijackers and long Koranic justifications of
suicide attacks. Sawt al-Jihad, the online magazine of al Qaeda in
Saudi Arabia, was available, as were long lists of "martyrs" who had
died fighting in Iraq. The forum abruptly shut down on July 7, hours
after a posting asserted responsibility for the London transit
bombings that day in the name of the previously unknown Secret
Organization of al Qaeda in Europe.

Until recently, al Qaeda's use of the Web appeared to be centered on
communications: preaching, recruitment, community-building and broad
incitement. But there is increasing evidence that al Qaeda and its
offshoots are also using the Internet for tactical purposes,
especially for training new adherents. "If you want to conduct an
attack, you will find what you need on the Internet," said Rita Katz,
director of the SITE Institute, a group that monitors and tracks the
jihadist Internet sites.

Jarret Brachman, director of research at West Point's Combating
Terrorism Center, said he recently found on the Internet a 1,300-page
treatise by Nasar, the Spanish- and English-speaking al Qaeda leader
who has long trained operatives in poison techniques. The book urged a
campaign of media "resistance" waged on the Internet and implored
young prospective fighters to study computers along with the Koran.

The Nasar book was posted anonymously on the hijacked server of a U.S.  
business, a tactic typical of online jihadist propagandists, whose
webmasters steal space from vulnerable servers worldwide and hop from
Web address to Web address to evade the campaigners against al Qaeda
who seek to shut down their sites.

The movement has also innovated with great creativity to protect its
most secret communications. Khalid Sheik Mohammed, a key planner of
the Sept. 11 attacks later arrested in Pakistan, used what four
researchers familiar with the technique called an electronic or
virtual "dead drop" on the Web to avoid having his e-mails intercepted
by eavesdroppers in the United States or allied governments. Mohammed
or his operatives would open an account on a free, public e-mail
service such as Hotmail, write a message in draft form, save it as a
draft, then transmit the e-mail account name and password during
chatter on a relatively secure message board, according to these
researchers.

The intended recipient could then open the e-mail account and read the
draft -- since no e-mail message was sent, there was a reduced risk of
interception, the researchers said.

Matt Devost, president of the Terrorism Research Center, who has done
research in the field for a decade, recalled that "silverbullet" was
one of the passwords Mohammed reportedly used in this period. Sending
fake streams of e-mail spam to disguise a single targeted message is
another innovation used by jihadist communicators, specialists said.

Al Qaeda's success with such tactics has underscored the difficulty of
gathering intelligence against the movement. Mohammed's e-mails, once
discovered, "were the best actionable intelligence in the whole war"  
against bin Laden and his adherents, said Arquilla, the Naval
Postgraduate School professor. But al Qaeda has been keenly aware of
its electronic pursuers and has tried to do what it can to stay ahead
-- mostly by using encryption.

Building Cells on the Web

In the last two years, a small number of cases have emerged in which
jihadist cells appear to have formed among like-minded strangers who
met online, according to intelligence officials and terrorism
specialists. And there are many other cases in which bonds formed in
the physical world have been sustained and nurtured by the Internet,
according to specialists in and outside of government.

For example, Royal Canadian Mounted Police officers burst into the
Ottawa home of Mohammed Momin Khawaja, a 24-year-old computer
programmer, on March 29, 2004, arresting him for alleged complicity in
what Canadian and British authorities described as a transatlantic
plot to bomb targets in London and Canada. Khawaja, a contractor with
Canada's Foreign Ministry, met his alleged British counterparts online
and came to the attention of authorities only when he traveled to
Britain and walked into a surveillance operation being conducted by
British special police, according to two Western sources familiar with
the case.

British prosecutors alleged in court that Khawaja met with his online
acquaintances in an Internet cafe in London, where he showed them
images of explosive devices found on the Web and told them how to
detonate bombs using cell phones. The first person jailed under a
strict new Canadian anti-terrorism law passed after Sept. 11, Khawaja
is not scheduled to have a preliminary hearing on his case until
January.

The transit attacks in London may also have an Internet connection,
according to several analysts. They appear to be successful examples
of "al Qaeda's assiduous effort to cultivate and train professional
insurgents and urban warfare specialists via the Internet," wrote
Scheuer, the former CIA analyst.

In a posting not long after the London attacks, a member of one of the
al Qaeda-linked online forums asked how to take action himself. A cell
of two or three people is better, replied another member in an
exchange translated by the SITE Institute. Even better than that is a
"virtual cell, an agreement between a group of brothers over the
Internet." It is "safe," extolled the anonymous poster, and "nobody
will know the identity of each other in the beginning." Once "harmony
and mutual trust" are established, training conducted and videos
watched, then "you can meet in reality and execute some operation in
the field."

Staff researcher Julie Tate contributed to this report.

© 2005 The Washington Post Company

 

*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*



_________________________________________
Attend ToorCon 
Sept 16-18th, 2005
Convention Center
San Diego, California
www.toorcon.org 



This archive was generated by hypermail 2.1.3 : Sun Aug 07 2005 - 22:34:57 PDT