[ISN] Police blotter: Alleged al-Qaida hacker goes to court

From: InfoSec News (alerts@private)
Date: Sun Sep 24 2006 - 22:45:18 PDT


http://news.com.com/Police+blotter+Alleged+al-Qaida+hacker+goes+to+court/2100-7348_3-6118378.html

By Declan McCullagh
Staff Writer, CNET News.com
September 22, 2006

"Police blotter" is a weekly CNET News.com report on the intersection of 
technology and the law.

What: Man designated by President Bush as "enemy combatant" who 
allegedly entered the United States to disrupt computer networks fights 
charges.

When: U.S. District Judge Henry Floyd in South Carolina rules on Aug. 8.

Outcome: Court rejects defendant's request.

What happened, according to court documents: Ali Saleh Kahlah al-Marri 
is a Qatari national who earned a bachelor's degree in business 
administration from Bradley University in Peoria, Ill., in the 1990s. On 
Sept. 10, 2001, he legally returned to the United States with his wife 
and children, saying he was going to obtain a master's degree from 
Bradley in computer science.

Three months later, the FBI arrested al-Marri in Peoria and held him as 
a "material witness" until he was indicted on Feb. 6, 2002, and again on 
Jan. 22, 2003. The charges include making false statements to the FBI, 
making false statements in a bank account application and using a fake 
ID for a bank account. Al-Marri has pleaded not guilty.

On June 23, 2003, President Bush designated al-Marri an "enemy 
combatant" and ordered that he be held in a military detention facility. 
Al-Marri was transported to the Naval Consolidated Brig in Charleston, 
S.C., and apparently is still being held in solitary confinement there 
today.

In July 2004, al-Marri's attorney filed a legal request for a "writ of 
habeas corpus," which would direct the military to produce its prisoner 
in open court. The Bush administration opposed the motion and submitted 
a declaration classified "secret" prepared by Jeffrey Rapp, the director 
of the Joint Intelligence Task Force for Combating Terrorism at the 
Defense Intelligence Agency. Rapp's remarkable 16-page declaration 
(PDF), which is partially redacted, is what makes this case relevant to 
Police Blotter.

Rapp's declaration says al-Marri "met personally" with Osama bin Laden 
and was dispatched to the United States to "explore computer-hacking 
methods to disrupt bank records and the U.S. financial system." In 
addition, Rapp claims, "al-Marri was trained by al-Qaida in the use of 
poisons and had detailed information concerning poisonous chemicals 
stored on his laptop computer."

"Al-Qaida instructed al-Marri to explore possibilities for hacking into 
the mainframe computers of banks with the objective of wreaking havoc on 
U.S. banking records," Rapp said. The FBI reported that a probe of 
al-Marri's laptop showed bookmarks to Web pages describing how to make 
potassium cynanide, hydrogen cyanide and other poisons.

Finally, the declaration claimed, al-Marri's laptop had "numerous 
computer programs typically utilized by computer hackers; 'proxy' 
computer software which can be utilized to hide a user's origin or 
identity when connected to the Internet; and bookmarked lists of 
favorite Web sites apparently devoted to computer hacking." The FBI also 
reported finding a list of 36 stolen credit card numbers on the laptop.

Normally, that kind of written someone-told-me declaration would be 
considered "hearsay" and not directly admissible in a criminal 
proceeding. But U.S. District Judge Henry Floyd ruled that in the Hamdi 
v. Rumsfeld case, the Supreme Court said proceedings against alleged 
enemy combatants can be reworked to permit hearsay evidence.

Floyd ruled that the test would be this: Whether al-Marri's lawyers had 
"more persuasive evidence" than that presented by the Department of 
Justice, a reversal of the normal burden of proof that says defendants 
are innocent until proven guilty.

For their part, al-Marri's attorneys objected to this (PDF), saying 
"Rapp has no personal knowledge of any asserted facts" and that their 
client has the right to call witnesses on his behalf. (Rapp's 
declaration said only that the information in it was "derived from 
specific intelligence sources" that are "highly classified.")

In a normal criminal proceeding, al-Marri's lawyers would have had a 
good argument. There's not much difference between computer hacking and 
computer security research, after all, and plenty of graduate students 
in computer science are intellectually curious about these topics. 
What's more, the names of Web sites al-Marri allegedly had bookmarked 
weren't even divulged in the declaration, nor did his attorneys have a 
chance to review the laptop for themselves.

In the end, Floyd sided with the Bush administration. He ruled that 
al-Marri "has received notice of the factual basis supporting his 
detention and has been afforded a meaningful opportunity to rebut that 
evidence," and he denied the writ of habeas corpus.

Excerpt from Judge Floyd's opinion: Hamdi, then, clearly permits the 
introduction of the Rapp declaration by respondent at this initial stage 
of the enemy combatant proceeding...Having determined that Hamdi 
authorizes the consideration of hearsay evidence at the initial stage of 
this enemy combatant proceeding, the court need go no further. Whether 
the Rapp declaration would be admissible during the later phases of such 
a proceeding is not a question before the court today.

Hamdi provides that once the government has offered evidence in support 
of its continued detention of an alleged enemy combatant, the detainee 
must be permitted "to present his own factual case to rebut the 
government's return." In so doing, the detainee must present "more 
persuasive evidence" to overcome the facts offered by the government.

As summarized by the magistrate judge, the petitioner asserts: A. He is 
a civilian who came to the United States lawfully to pursue a graduate 
degree at Bradley University. B. He denies he came to the United States 
as an al-Qaida "sleeper agent" or he was otherwise a member of, or 
affiliated with, al-Qaida. C. He generally denies the allegations 
contained in the Rapp declaration as well as his designation as an 
"enemy combatant." D. He denies he entered the United States to commit 
"hostile or warlike acts," including acts of terrorism, or he is 
otherwise a member of, or affiliated with, al-Qaida.

Despite being given numerous opportunities to come forward with evidence 
supporting this general denial, petitioner has refused to do so. 
Instead, he stated, "petitioner respectfully declines at this time the 
Court's invitation to assume the burden of proving his own innocence, a 
burden that is unconstitutional, unlawful, and un-American."

As the magistrate judge noted, this stance by petitioner ignores his 
responsibility to prosecute this habeas action...Petitioner also 
neglects his burden of persuasion on this habeas petition. Most 
importantly--and most critically for petitioner--petitioner's refusal to 
participate at this stage renders the government's assertions 
uncontested. This leaves the court with "nothing specific...to dispute 
even the simplest of assertions (by the government), which (petitioner) 
could easily" refute, were they inaccurate. This puts petitioner in an 
untenable position.

Copyright ©1995-2006 CNET Networks, Inc. All rights reserved.



_________________________________
Visit the InfoSec News store!
http://www.shopinfosecnews.org 



This archive was generated by hypermail 2.1.3 : Sun Sep 24 2006 - 22:55:53 PDT