Computer Crime Research Center


Terror Spam and Phishing

Date: August 17, 2006
Source: Computer Crime Research Center
By: Tomer Ben-Ari , Ron Rymon , The Interdisciplinary Center Herzliya, Israel

We claim that mail Spam and Phishing can become an operational tool in the hands of terrorists, to perform more than just simple recruiting and fund raising activities. We show that by using spam methods terrorists can reach the heart of society, and succeed in getting some of its fringes to act on their behalf. This "outsourcing" of terrorist activity to own members of the attacked society may adversely affect law enforcement ability to use profiling in the war against terror. We describe a system that combines standard spamming techniques with standard and adapted security mechanisms, and which provides the functionality needed to target, recruit, and operate terrorist cells and opportunistic accomplices.

1. Introduction
If you are like most Internet users, your mailbox has been routinely flooded with “spam”. Spam are email messages that try to tempt the recipient into buying something, and spammers typically send millions of identical unsolicited messages in order to get only a few buyers – altogether it estimated that spammers send 12 billion messages daily, or more than half of all email messages[Spam Filter Review, 2004].

Whereas today, spam is used primarily by commercial companies who want to increase their sales, we are already seeing cyber criminals who start using spam-based “phishing”.
Phishing is a is a form of criminal activity using social engineering mainly to access private and secret information. Phishing today is mainly beeing used to extract secret codes and other information for fraudulent financial transactions [Phishing report 2004]. According to a recent survey, 43% of US adults have been targeted by phishing attempts [First Data Phishing Survey, 2005].

This Article reveals a new possible method that terrorists can easly take advantage of when carrying out there terror activities, and exposes the absence of current technology from tackling such terroists activity
The article will show how terrorists can use spam and phishing methods not only to recruit members and raise funds, but also to influence other people to carry out attacks on their behalf. We will also show that through the use of spam terror, terrorists can create fear and terrorize the public, even without taking any action.

Clearly, however, the most dangerous prospect is that terror spam can be used to draft agnostic individuals and units, from within the inner parts of the attacked society, who will commit terror attacks on behalf of, and under the guidance of terrorists. When the enemy could be almost anyone and anywhere, law enforcement will find it very difficult to use profiling techniques in its war against terror.

Terrorists are already making substantial use of the Internet to circulate ideas and know-how, and for the very operation of their organizations and secret cells [Weimann, 2004]. In Section 2, we will review current uses of the Internet by terrorist’s organizations and how spam can be used in this “toolbox”. Then, in Section 3, we will discuss various forms of spam, and how spammers use technology to spread their message while evading detection and filtering [Prashanth 2003]. We assume that terrorists shall craft their spam using similar technologies and tricks. In Section 4, we will present various purposes for which terrorists may want to use spam, and how they should go about it to maximize their success. Section 5 discusses target groups and success rates of terror spam. Section 6 will give a detailed Technical implementation of a system that can serve terror organizations when using spam [Adabi, Glew, Horne &Pinkas 2002] [Garfinkel, 2003].
Finally, in Section 7, we will discuss standard and less standard alternatives in the fight against terror spam.
2. Current Use of Cyber Media by Terrorist Groups
The Internet today contains endless information, tools and opportunities. Terrorist use the Internet today to satisfy their own needs. Much has been said about terrorists seeking to enlarge their power and capabilities taking advantage this important tool. Listed down are some of the main ways in which terrorists are using the Internet today.

Mass-Communication Tool
Terrorist groups are already using cyber media as a primary tool for mass-communication, much like regular businesses. Permanent and ad-hoc web sites are routinely used for propaganda, to release "official" information, make demands, etc. [Weimann 2004] Web sites designed to promote their goals and influence public opinion are in fact flourishing [Al Qaeda Hamas and Hezbollah websites]. Some of these web sites are aimed at internal audiences or sympathizers, whereas others target media and "enemy" audiences.

Planning and coordination.
Terrorists often use the Internet for direct communication. According to the [FBI,CIA,…], the 9/11 terrorists used to coordinate the actions and to receive commands from their masters in Afghanistan via the internet. Weimann [Weimann 2004] explains that “when you have a loosely knit network of networks, you need a channel of communication”. Due to the improved capabilities of governments, especially the U.S. and its allies, to tap into cellular networks, many terrorists had turned to internet chat rooms and e-mail to remain connected. Many computers were found at Al Qaeda training camps and hideouts in Afghanistan. Terrorists are also commonly using steganographical methods to hide messages within other messages, images, and video clips. A latest report indicated that Al Qaeda uses prearranged phrases and symbols to direct it’s agents, an icon of AK-47 appears on Osama Bin Laden photo facing different directions and in different colors [Timothy L]

The Internet contains numerous sites that provide knowledge that can assist terrorists in planning and carrying out attacks. There is strong evidence that suggests that the 9/11 planners used data mining, an important and relatively novel use of the internet, to plan much of the 9/11 attacks. Al Qaeda was collecting intelligence on targets in order to determine which planes to hijack based on schedule, fuel capacity, and number of passengers booked. This was done to ensure that the planes would arrive on targets in relative proximity, with a significant amount of fuel on board to maximize damage, and with relatively few passengers on board to minimize potential resistance [Timothy]

Fund raising is commonly done on the Internet, either directly or indirectly. Direct fund raising is done through dedicated websites and intermediary organizations (usually registering as charity organizations). In such sites, contributions can be made directly to the group's bank account or using common payment methods such as credit cards. Some organizations are also using common web marketing techniques, as well as forums and discussion groups that are aimed at convincing supporting individuals to contribute to their cause. An analyst found that Al Qaeda used Islamic humanitarian charities to raise money against the enemies of Islam. [Timothy L]. This activity has become a little more difficult since the US and its allies started to crack down on charities that serve as fronts for terrorist groups, but it still rampant.

In addition to direct fund raising activities, we believe that some terrorist organizations, sometimes in conjunction with local criminals and organized crime organizations, started to use phishing methods to get hold of credit cards, financial accounts and property. [Hinnen]

Recruitment of new members often is done via web, publishing the specified terror group goals and agenda may convince new people to join, also publishing content of building deadly weapons that individuals can act upon and carry out deadly actions. [Weimann, 2004] [Timothy L]

Psychological Warfare
Terrorist have also started to make use of cyber media for psychological warfare, e.g., issuing threats, and attempting to spread fear. Abu Musab Al Zarqawi's videos showing the beheading of captives are known to have created significant pressure on governments to get out of Iraq thereby yielding to the group's demands [Wanger, 2004] . Messages claiming a forthcoming terror act in a specific place may also have social and financial effects. They also use it to disperse publicity and propaganda aimed at specific audiences especially to their own people, or to the audiences that they consider as neutral, for example the European communities.

Cyber Attacks
A distributed denial-of-service (DDoS) attack is one in which a multitude of compromised systems attack a single target, thereby causing denial of service for users of the targeted system. The flood of incoming messages to the target system essentially forces it to shut down, thereby denying service to the system to legitimate users.
[SearchSecurity, 2004] . DDOS attacks have been carried out from terrorist group's web sites like Hamas and Hezbollah. Most attacks targeted U.S and Israeli government web sites. The terror groups use their audience by publishing a link to a specific target (for example the Israeli Prime minister website) and ask the viewers to press the link at a certain time in order to crash the victim site, or to download and install a program that would do so automatically[Prichard &MacDonald, 2004]

Providing Instructions to Potential Attackers
Certain websites actually provide information on how to build bombs, as well as instructions of making dangerous chemical and explosive weapons in texts such asPage 1 2 3 4 5 6 Next

Add comment  Email to a Friend

Copyright © 2001-2024 Computer Crime Research Center
CCRC logo