[ISN] Terrorist 007, Exposed

From: InfoSec News (isn@private)
Date: Mon Mar 27 2006 - 01:18:42 PST


Forwarded from: William Knowles <wk@private>

http://www.washingtonpost.com/wp-dyn/content/article/2006/03/25/AR2006032500020.html

By Rita Katz and Michael Kern
March 26, 2006

For almost two years, intelligence services around the world tried to
uncover the identity of an Internet hacker who had become a key
conduit for al-Qaeda. The savvy, English-speaking, presumably young
webmaster taunted his pursuers, calling himself Irhabi -- Terrorist --
007. He hacked into American university computers, propagandized for
the Iraq insurgents led by Abu Musab al-Zarqawi and taught other
online jihadists how to wield their computers for the cause.

Suddenly last fall, Irhabi 007 disappeared from the message boards.  
The postings ended after Scotland Yard arrested a 22-year-old West
Londoner, Younis Tsouli, suspected of participating in an alleged bomb
plot. In November, British authorities brought a range of charges
against him related to that plot. Only later, according to our sources
familiar with the British probe, was Tsouli's other suspected identity
revealed. British investigators eventually confirmed to us that they
believe he is Irhabi 007.

The unwitting end of the hunt comes at a time when al-Qaeda
sympathizers like Irhabi 007 are making explosive new use of the
Internet. Countless Web sites and password-protected forums -- most of
which have sprung up in the last several years -- now cater to
would-be jihadists like Irhabi 007. The terrorists who congregate in
those cybercommunities are rapidly becoming skilled in hacking,
programming, executing online attacks and mastering digital and media
design -- and Irhabi was a master of all those arts.

But the manner of his arrest demonstrates how challenging it is to
combat such online activities and to prevent others from following
Irhabi's example: After pursuing an investigation into a European
terrorism suspect, British investigators raided Tsouli's house, where
they found stolen credit card information, according to an American
source familiar with the probe. Looking further, they found that the
cards were used to pay American Internet providers on whose servers he
had posted jihadi propaganda. Only then did investigators come to
believe that they had netted the infamous hacker. And that element of
luck is a problem. The Internet has presented investigators with an
extraordinary challenge. But our future security is going to depend
increasingly on identifying and catching the shadowy figures who exist
primarily in the elusive online world.

The short career of Irhabi 007 offers a case study in the evolving
nature of the threat that we at the SITE Institute track every day by
monitoring and then joining the password-protected forums and
communicating with the online jihadi community. Celebrated for his
computer expertise, Irhabi 007 had propelled the jihadists into a
21st-century offensive through his ability to covertly and securely
disseminate manuals of weaponry, videos of insurgent feats such as
beheadings and other inflammatory material. It is by analyzing the
trail of information left by such postings that we are able to
distinguish the patterns of communication used by individual
terrorists.

Irhabi's success stemmed from a combination of skill and timing. In
early 2004, he joined the password-protected message forum known as
Muntada al-Ansar al-Islami (Islam Supporters Forum) and, soon after,
al-Ekhlas (Sincerity) -- two of the password-protected forums with
thousands of members that al-Qaeda had been using for military
instructions, propaganda and recruitment. (These two forums have since
been taken down.) This was around the time that Zarqawi began using
the Internet as his primary means of disseminating propaganda for his
insurgency in Iraq. Zarqawi needed computer-savvy associates, and
Irhabi proved to be a standout among the volunteers, many of whom were
based in Europe.

Irhabi's central role became apparent to outsiders in April of that
year, when Zarqawi's group, later renamed al-Qaeda in Iraq, began
releasing its communiqués through its official spokesman, Abu Maysara
al-Iraqi, on the Ansar forum. In his first posting, al-Iraqi wrote in
Arabic about "the good news" that "a group of proud and brave men"  
intended to "strike the economic interests of the countries of
blasphemy and atheism, that came to raise the banner of the Cross in
the country of the Muslims."

At the time, some doubted that posting's authenticity, but Irhabi, who
was the first to post a response, offered words of support. Before
long, al-Iraqi answered in like fashion, establishing their
relationship -- and Irhabi's central role.

Over the following year and a half, Irhabi established himself as the
top jihadi expert on all things Internet-related. He became a very
active member of many jihadi forums in Arabic and English. He worked
on both defeating and enhancing online security, linking to multimedia
and providing online seminars on the use of the Internet. He seemed to
be online night and day, ready to answer questions about how to post a
video, for example -- and often willing to take over and do the
posting himself. Irhabi focused on hacking into Web sites as well as
educating Internet surfers in the secrets to anonymous browsing.

In one instance, Irhabi posted a 20-page message titled "Seminar on
Hacking Websites," to the Ekhlas forum. It provided detailed
information on the art of hacking, listing dozens of vulnerable Web
sites to which one could upload shared media. Irhabi used this
strategy himself, uploading data to a Web site run by the state of
Arkansas, and then to another run by George Washington University.  
This stunt led many experts to believe -- erroneously -- that Irhabi
was based in the United States.

Irhabi used countless other Web sites as free hosts for material that
the jihadists needed to upload and share. In addition to these sites,
Irhabi provided techniques for discovering server vulnerabilities, in
the event that his suggested sites became secure. In this way,
jihadists could use third-party hosts to disseminate propaganda so
that they did not have to risk using their own web space and, more
importantly, their own money.

As he provided seemingly limitless space captured from vulnerable
servers throughout the Internet, Irhabi was celebrated by his online
followers. A mark of that appreciation was the following memorandum of
praise offered by a member of Ansar in August 2004:

"To Our Brother Irhabi 007. Our brother Irhabi 007, you have shown
very good efforts in serving this message board, as I can see, and in
serving jihad for the sake of God. By God, we do not like to hear what
hurts you, so we ask God to keep you in his care.

You are one of the top people who care about serving your brothers.  
May God add all of that on the side of your good work, and may you go
careful and successful.

We say carry on with God's blessing.

Carry on, may God protect you.

Carry on serving jihad and its supporters.

And I ask the mighty, gracious and merciful God to keep for us
everyone who wants to support his faith.

Amen."

Irhabi's hacking ability was useful not only in the exchange of media,
but also in the distribution of large-scale al-Qaeda productions. In
one instance, a film produced by Zarqawi's al-Qaeda, titled "All Is
for Allah's Religion," was distributed from a page at
www.alaflam.net/wdkl .

The links, uploaded in June 2005, provided numerous outlets where
visitors could find the video. In the event that one of the sites was
disabled, many other sources were available as backups. Several were
based on domains such as www.irhabi007.ca or www.irhabi007.tv ,
indicating a strong involvement by Irhabi himself. The film, a major
release by al-Qaeda in Iraq, showed many of the insurgents' recent
exploits compiled with footage of Osama bin Laden, commentary on the
Abu Ghraib prison, and political statements about the rule of
then-Iraqi Interim Prime Minister Ayad Allawi.

Tsouli has been charged with eight offenses including conspiracy to
murder, conspiracy to cause an explosion, conspiracy to cause a public
nuisance, conspiracy to obtain money by deception and offences
relating to the possession of articles for terrorist purposes and
fundraising. So far there are no charges directly related to his
alleged activities as Irhabi on the Internet, but given the charges
already mounted against him, it will probably be a long time before
the 22-year-old is able to go online again.

But Irhabi's absence from the Internet may not be as noticeable as
many hope. Indeed, the hacker had anticipated his own disappearance.  
In the months beforehand, Irhabi released his will on the Internet. In
it, he provided links to help visitors with their own Internet
security and hacking skills in the event of his absence -- a rubric
for jihadists seeking the means to continue to serve their nefarious
ends. Irhabi may have been caught, but his online legacy may be the
creation of many thousands of 007s.

feedback@private

Rita Katz is the author of "Terrorist Hunter" [1] (HarperCollins) and
the director of the SITE Institute, which is dedicated to the "search
for international terrorist entities." Michael Kern is a senior
analyst with the institute.

[1] http://www.amazon.com/exec/obidos/ASIN/0060528192/c4iorg


 
*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*



_________________________________
InfoSec News v2.0 - Coming Soon! 
http://www.infosecnews.org 



This archive was generated by hypermail 2.1.3 : Mon Mar 27 2006 - 01:28:27 PST