Computer Crime Research Center


Terrorists Turn to the Web as Base of Operations

Date: August 09, 2005
Source: Washington Post
By: Steve Coll, Susan B. Glasser and Julie Tate

... Italy, Japan, the former Soviet Union and Britain.

These sites have converted sections of the Web into "an open university for jihad," said Reuven Paz, who heads the Project for the Research of Islamist Movements in Israel. "The main audience are the younger generation in the Arab world" who now can peruse at their own pace "one big madrassa on the Internet."

From One Site to Many

Al Qaeda's main communications vehicle after Sept. 11 was, a clearinghouse for new statements from bin Laden's leadership group as his grip on Afghan territory crumbled. An archive of the site, also obtained by The Post from the researcher, includes a library of pictures from the 2001 Afghan war, along with a collage of news accounts, long theological justifications for jihad, and celebrations of the Sept. 11 hijackers.

The webmaster and chief propagandist of the site has been identified by Western analysts as Yusuf Ayiri, a Saudi cleric and onetime al Qaeda instructor in Afghanistan. In the summer of 2002, U.S. authorities and volunteer campaigners who were trying to shut him down chased him across multiple computer servers. At one point, a pornographer gained control of the domain name, and the site shifted to servers in Malaysia, then Texas, then Michigan. Ayiri died in a gun battle with Saudi security forces in May 2003. His site ultimately disappeared.

Rather than one successor, there were hundreds.

Realizing that fixed Internet sites had become too vulnerable, al Qaeda and its affiliates turned to rapidly proliferating jihadist bulletin boards and Internet sites that offered free upload services where files could be stored. The outside attacks on sites like "forced the evolution of how jihadists are using the Internet to a more anonymous, more protected, more nomadic presence," said Ben N. Venzke, a U.S. government consultant whose firm IntelCenter monitors the sites. "The groups gave up on set sites and posted messages on discussion boards -- the perfect synergy. One of the best-known forums that emerged after Sept. 11 was Qalah, or Fortress. Registered to an address in Abu Dhabi, the United Arab Emirates, the site has been hosted in the U.S. by a Houston Internet provider, Everyone's Internet, that has also hosted a number of sites preaching radical Islam. Researchers who follow the site believe it may be connected to Saad Faqih, a leading Saudi dissident living in exile in Britain. They note that the same contact information is given for his acknowledged Web site and Qalah. Faqih has denied any link.

On Qalah, a potential al Qaeda recruit could find links to the latest in computer hacking techniques (in the discussion group called "electronic jihad"), the most recent beheading video from Iraq, and paeans to the Sept. 11 hijackers and long Koranic justifications of suicide attacks. Sawt al-Jihad, the online magazine of al Qaeda in Saudi Arabia, was available, as were long lists of "martyrs" who had died fighting in Iraq. The forum abruptly shut down on July 7, hours after a posting asserted responsibility for the London transit bombings that day in the name of the previously unknown Secret Organization of al Qaeda in Europe.

Until recently, al Qaeda's use of the Web appeared to be centered on communications: preaching, recruitment, community-building and broad incitement. But there is increasing evidence that al Qaeda and its offshoots are also using the Internet for tactical purposes, especially for training new adherents. "If you want to conduct an attack, you will find what you need on the Internet," said Rita Katz, director of the SITE Institute, a group that monitors and tracks the jihadist Internet sites.

Jarret Brachman, director of research at West Point's Combating Terrorism Center, said he recently found on the Internet a 1,300-page treatise by Nasar, the Spanish- and English-speaking al Qaeda leader who has long trained operatives in poison techniques. The book urged a campaign of media "resistance" waged on the Internet and implored young prospective fighters to study computers along with the Koran.

The Nasar book was posted anonymously on the hijacked server of a U.S. business, a tactic typical of online jihadist propagandists, whose webmasters steal space from vulnerable servers worldwide and hop from Web address to Web address to evade the campaigners against al Qaeda who seek to shut down their sites.

The movement has also innovated with great creativity to protect its most secret communications. Khalid Sheik Mohammed, a key planner of the Sept. 11 attacks later arrested in Pakistan, used what four researchers familiar with the technique called an electronic or virtual "dead drop" on the Web to avoid having his e-mails intercepted by eavesdroppers in the United States or allied governments. Mohammed or his operatives would open an account on a free, public e-mail service such as Hotmail, write a message in draft form, save it as a draft, then transmit the e-mail account name and password during chatter on a relatively secure message board, according to these researchers.

The intended recipient could then open the e-mail account and read the draft -- since no e-mail message was sent, there was a reduced risk of interception, the researchers said.

Matt Devost, president of the Terrorism Research Center, who has done research in the field for a decade, recalled that "silverbullet" was one of the passwords Mohammed reportedly used in this period. Sending fake streams of e-mail spam to disguise a single targeted message is another innovation used by jihadist communicators, specialists said.

Al Qaeda's success with such tactics has underscored the difficulty of gathering intelligence against the movement. Mohammed's e-mails, once discovered, "were the best actionable intelligence in the whole war" against bin Laden and his adherents, said Arquilla, the Naval Postgraduate School professor. But al Qaeda has been keenly aware of its electronic pursuers and has tried to do what it can to stay ahead -- mostly by using encryption.

Building Cells on the Web

In the last two years, a small number of cases have emerged in which jihadist cells appear to have formed among like-minded strangers who met online, according to intelligence officials and terrorism specialists. And there are many other cases in which bonds formed in the physical world have been sustained and nurtured by the Internet, according to specialists in and outside of government.

For example, Royal Canadian Mounted Police officers burst into the Ottawa home of Mohammed Momin Khawaja, a 24-year-old computer programmer, on March 29, 2004, arresting him for alleged complicity in what Canadian and British authorities described as a transatlantic plot to bomb targets in London and Canada. Khawaja, a contractor with Canada's Foreign Ministry, met his alleged British counterparts online and came to the attention of authorities only when he traveled to Britain and walked into a surveillance operation being conducted by British special police, according to two Western sources familiar with the case.

British prosecutors alleged in court that Khawaja met with his online acquaintances in an Internet cafe in London, where he showed them images of explosive devices found on the Web and told them how to detonate bombs using cell phones. The first person jailed under a strict new Canadian anti-terrorism law passed after Sept. 11, Khawaja is not scheduled to have a preliminary hearing on his case until January.

The transit attacks in London may also have an Internet connection, according to several analysts. They appear to be successful examples of "al Qaeda's assiduous effort to cultivate and train professional insurgents and urban warfare specialists via the Internet," wrote Scheuer, the former CIA analyst.

In a posting not long after the London attacks, a member of one of the al Qaeda-linked online forums asked how to take action himself. A cell of two or three people is better, replied another member in an exchange translated by the SITE Institute. Even better than that is a "virtual cell, an agreement between a group of brothers over the Internet." It is "safe," extolled the anonymous poster, and "nobody will know the identity of each other in the beginning." Once "harmony and mutual trust" are established, training conducted and videos watched, then "you can meet in reality and execute some operation in the field."
Original article

Add comment  Email to a Friend

Discussion is closed - view comments archieve
2005-09-29 14:55:33 - The information technology is a double... Praveen Dalal
Total 1 comments
Copyright © 2001-2013 Computer Crime Research Center
CCRC logo