Student's Web site hacked by al-Qaida
It could be any foreign student's nightmare: the FBI wants to talk to you about your connections to al-Qaida.
Such was the case with Conrado Salas Cano, a PSU graduate student in physics and environmental science. Unknown to him his Web site was carrying al-Qaida's claim of responsibility for the Sept. 11 attacks, the suicide-bombing of the USS Cole, the 1998 bombings of two US Embassies in Africa and page after page of terrorist propaganda in Arabic.
This all came as an unpleasant surprise to Cano, who grew up in Northeastern Spain, and has been on a student visa since he started his undergraduate work at the California Institute of Technology. Cano is no terrorist-he first learned about the additions to his Web page in an e-mail.
"I was shocked out of my wits, as you can imagine, when I saw the subject line in the e-mail saying, 'Do you know you're hosting an al-Qaida Web site?'" said Cano, "I just kind of went pale."
Cano hadn't noticed because the hackers left all his personal pages alone.
Instead, they added material and then covered their tracks. For a while, the SITE Institute, a non-profit counter-terrorism research group, listed a subpage of Cano's site as al-Qaida's official Web site.
The added pages weren't linked to Cano's site, so no change was visible to a casual observer. It wasn't until an Internet terrorism watchdog group sent Cano the URL of the al-Qaida propaganda that he got a chance to look at what had been added.
"I don't even speak Arabic," said Cano, "but I didn't need to in order to see what it was all about."
The attack marked the third time that a Web site hosted by Liquid Web has been hijacked by al-Qaida hackers. "It's obvious they've found a backdoor," Josh Devon, an analyst at the SITE Institute, said.
Yet with over 100 servers, and more than 5,000 clients, checking all of Liquid Web's sites would be "virtually impossible," said Jack Flintz, Security Manager at Liquid Web. Flintz said that an FBI investigation is ongoing.
While a spokesman for the Portland FBI will not comment "on anything we may be investigating," the attack on Cano's Web site, first reported by The Oregonian, fits into a pattern of computer break-ins Islamic extremists have been conducting for more than a year. Moreover, the attacks point to a frightening new front on the war on terrorism, where extremist groups take advantage of the Internet, and western freedoms, to spread their message.
"Al-Qaida has shown masterful use of the Internet," Devon said.
According to Devon, the Internet may be the perfect medium for al-Qaida and other extremist groups to reach out to new members.
"We've emailed some of them [the extremist groups], saying 'Hey brother, we like your work,' and they've written back," Devon said. "The guys running the message boards are pretty tuned in to the Jihadist network^; they can hook you up."
How important are Internet communications to fundamentalist groups?
"All the September 11 hijackers had hotmail accounts," said Devon.
In March of 2002, CNN reported that Mohammed Ould Slahi, the Mauritanian brother-in-law of one of Osama bin Laden's lieutenants, hosted a Web site with a guest book that may have allowed the Sept. 11 terrorists to communicate. When a visitor added a note to the guest book, an automatically generated e-mail told Slahi that he had received a note in his guest book. As soon as Slahi received the e-mail, he could check the guest book, which contained the actual message. After he had checked the message, Slahi could erase it.
An independent Swiss investigator looking into the site found that traffic on the guest book increased dramatically in May of 2001, but then fell to "an all-time-low" in September of 2001. While the FBI wouldn't comment, CNN noted that "several coalition intelligence agencies" believed that the Swiss investigator's hunch that the guest book had been used to organize the September attacks was correct.
In contrast to the guest book Slahi used, Cano's hijacked Web site was used for official communications, propagated by "The Center for Islamic Research and Studies," the mouthpiece of al-Qaida.
"When top al-Qaida leadership wants to disseminate new information, it does it at this Web site," said Devon, adding that the site also serves an important recruiting role.
"The Center for Islamic Research and Studies" page used to have a permanent location at www.alneda.com, (al Neda is Arabic for "the Call") until the page was registered by Jon Messner, an American pornographer who re-registered the domain name when it expired. Messner, the self-proclaimed originator of the "housewife-next-door" genre of Internet porn, left the content of the al Neda Web site as it was under al-Qaida once he owned it, and tracked the traffic that passed by, mostly from Saudi Arabia, until the word got out that the site was no longer under al-Qaida control. Although Messner contacted the FBI, by the time they got back to him his ruse had been discovered.
"Obviously, the FBI doesn't want to work with a civilian," said Devon of Messner's efforts.
Since then, the site has popped up on different servers across the Web, appearing once on an Alaskan teenager's page, and again on the official site of a soccer team from the Netherlands. Each time, the site has lasted as long as it takes for the Web hosting company to start receiving complaints, usually several weeks. The site has already shown up elsewhere on the Web, although this information has not been released as an official investigation is pending.
For Cano, however, this is all too much information. "I don't even want to know what's on the site," he said. Instead, he is focusing on work for his dissertation, which looks at the role of methane in global warming.
"I think we've traded too much comfort for security," he said, "As a society we're too willing to rely on computers as oracles, and that may not be a good thing. Computers are fallible, as this whole hacking thing shows."
Cybercrime News Archive