[ISN] Qaeda Goes Dark After a U.S. Slip

From: InfoSec News (alerts@private)
Date: Tue Oct 09 2007 - 22:05:24 PDT


http://www.nysun.com/article/64163

By Eli Lake
Staff Reporter of the Sun
October 9, 2007

WASHINGTON -- Al Qaeda's Internet communications system has suddenly 
gone dark to American intelligence after the leak of Osama bin Laden's 
September 11 speech inadvertently disclosed the fact that we had 
penetrated the enemy's system.

The intelligence blunder started with what appeared at the time as an 
American intelligence victory, namely that the federal government had 
intercepted, a full four days before it was to be aired, a video of 
Osama bin Laden's first appearance in three years in a video address 
marking the sixth anniversary of the attacks of September 11, 2001. On 
the morning of September 7, the Web site of ABC News posted excerpts 
from the speech.

But the disclosure from ABC and later other news organizations tipped 
off Qaeda's internal security division that the organization's Internet 
communications system, known among American intelligence analysts as 
Obelisk, was compromised. This network of Web sites serves not only as 
the distribution system for the videos produced by Al Qaeda's production 
company, As-Sahab, but also as the equivalent of a corporate intranet, 
dealing with such mundane matters as expense reporting and clerical 
memos to mid- and lower-level Qaeda operatives throughout the world.

While intranets are usually based on servers in a discrete physical 
location, Obelisk is a series of sites all over the Web, often with fake 
names, in some cases sites that are not even known by their proprietors 
to have been hacked by Al Qaeda.

One intelligence officer who requested anonymity said in an interview 
last week that the intelligence community watched in real time the 
shutdown of the Obelisk system. America's Obelisk watchers even saw the 
order to shut down the system delivered from Qaeda's internal security 
to a team of technical workers in Malaysia. That was the last internal 
message America's intelligence community saw. "We saw the whole thing 
shut down because of this leak," the official said. "We lost an 
important keyhole into the enemy."

By Friday evening, one of the key sets of sites in the Obelisk network, 
the Ekhlaas forum, was back on line. The Ekhlaas forum is a 
password-protected message board used by Qaeda for recruitment, 
propaganda dissemination, and as one of the entrance ways into Obelisk 
for those operatives whose user names are granted permission. Many of 
the other Obelisk sites are now offline and presumably moved to new 
secret locations on the World Wide Web.

The founder of a Web site known as clandestineradio.com, Nick Grace, 
tracked the shutdown of Qaeda's Obelisk system in real time. "It was 
both unprecedented and chilling from the perspective of a Web techie. 
The discipline and coordination to take the entire system down involving 
multiple Web servers, hundreds of user names and passwords, is an 
astounding feat, especially that it was done within minutes," Mr. Grace 
said yesterday.

The head of the SITE Intelligence Group, an organization that monitors 
Jihadi Web sites and provides information to subscribers, Rita Katz, 
said she personally provided the video on September 7 to the deputy 
director of the National Counterterrorism Center, Michael Leiter.

Ms. Katz yesterday said, "We shared a copy of the transcript and the 
video with the U.S. government, to Michael Leiter, with the request 
specifically that it was important to keep the subject secret. Then the 
video was leaked out. An investigation into who downloaded the video 
from our server indicated that several computers with IP addresses were 
registered to government agencies."

Yesterday a spokesman for the National Counterterrorism Center, Carl 
Kropf, denied the accusation that it was responsible for the leak. 
"That's just absolutely wrong. The allegation and the accusation that we 
did that is unfounded," he said. The spokesman for the director of 
national intelligence, Ross Feinstein, yesterday also denied the leak 
allegation. "The intelligence community and the ODNI senior leadership 
did not leak this video to the media," he said.

Ms. Katz said, "The government leak damaged our investigation into Al 
Qaeda's network. Techniques and sources that took years to develop 
became ineffective. As a result of the leak Al Qaeda changed their 
methods." Ms. Katz said she also lost potential revenue.

A former counterterrorism official, Roger Cressey, said, "If any of this 
was leaked for any reasons, especially political, that is just 
unconscionable." Mr. Cressey added that the work that was lost by 
burrowing into Qaeda's Internet system was far more valuable than any 
benefit that was gained by short-circuiting Osama bin Laden's video to 
the public.

While Al Qaeda still uses human couriers to move its most important 
messages between senior leaders and what is known as a Hawala network of 
lenders throughout the world to move interest-free money, more and more 
of the organization's communication happens in cyber space.

"While the traditional courier based networks can offer security and 
anonymity, the same can be had on the Internet. It is clear in recent 
years if you look at their information operations and explosion of Al 
Qaeda related Web sites and Web activities, the Internet has taken a 
primary role in their communications both externally and internally," 
Mr. Grace said.


__________________________________________________________________      
CSI 2007 is the only conference that delivers a business-focused
overview of enterprise security. It will convene 1,500+ delegates,
80 exhibitors and features 100+ sessions/seminars providing a
roadmap for integrating policies and procedures with new tools
and techniques.  Register now for savings on conference fees   
and/or free exhibits admission. - www.csiannual.com



This archive was generated by hypermail 2.1.3 : Tue Oct 09 2007 - 22:22:46 PDT