[ISN] Cyberspace Gives Al Qaeda Refuge

InfoSec News isn at c4i.org
Mon Aug 16 04:19:50 EDT 2004

Forwarded from: William Knowles <wk at c4i.org>


By Douglas Frantz, Josh Meyer and Richard B. Schmitt
Times Staff Writers
August 15, 2004 

ISTANBUL, Turkey - In December, Al Qaeda operatives posted a manifesto
on the Internet calling for attacks inside countries allied with the
United States in Iraq. Spain, with elections approaching, was singled
out as a target.

On March 11, terrorists set off bombs on four commuter trains in
Madrid and killed 191 people. Three days later, Spanish voters
replaced the pro-war government with a party whose leader had promised
to withdraw the country's 1,300 troops from Iraq.

The posting of the strategy and the timing of the Madrid bombings
shocked even the most hardened Al Qaeda watchers recently when they
reviewed the little-known manifesto.

"It's quite extraordinary in that you have a group of people 
about influencing a political process and then having it happen," said
a U.S. national security official who analyzed the 54-page posting and
spoke on condition that his name not be used. "Reading through this
thing, it is just mind-blowing."

Since Osama bin Laden and his followers were driven from their bases
in Afghanistan, the Al Qaeda terrorist network has demonstrated an
increasing ability to exploit the Internet as it reconfigures itself
as a semi-leaderless global extremist movement far more elusive than
the original incarnation.

Websites run by Al Qaeda and its backers have become virtual
classrooms for terrorists, offering instructions for activities such
as kidnapping and using cellphones to set off bombs, like the ones
used in Madrid. Independent Al Qaeda cells and the network's loose
hierarchy use easily available encoding programs and simple techniques
to exchange virtually undetectable messages between Internet cafes in
Karachi and libraries in London.

The Internet's importance to Al Qaeda was highlighted this month by
the disclosure that Pakistani authorities had apprehended Mohammed
Naeem Noor Khan, a suspected Al Qaeda computer engineer, and collected
a wealth of electronic material.

E-mail and other information from Khan's computers led to the arrests
of 13 suspects in Britain and sent investigators scrambling to unravel
electronic links among militants in Pakistan, Europe and the United
States, British, U.S., and Pakistani authorities said. The discovery
of files on financial institutions in New York and Washington among
Khan's trove also played a role in prompting the Bush administration
to issue a terrorist warning.

Although it has long been known that Al Qaeda used the Internet to
conduct reconnaissance on potential U.S. targets, the disks and hard
drives taken from Khan disclose much about the resiliency and
adaptability of a far-flung network hiding in plain sight, said U.S.  
and foreign intelligence officials and outside experts interviewed for
this report.

"The Internet allows the organization to become a virtual
self-perpetuating and changing entity in cyberspace that provides
technological guidance and moral inspiration to a new generation,"  
said Magnus Ranstorp, a counter-terrorism expert at the University of
St. Andrews in Scotland.

Rather than the computer whizzes often described by government
officials and the press, the Al Qaeda operatives are more often people
with everyday skills who have harnessed the Internet in a campaign
against the United States and its allies. Even Khan, whom senior U.S.  
officials describe as extremely computer savvy, used skills available
to many people with computer training.

Over time, they developed and shared techniques to avoid detection. An
Al Qaeda survival manual warned adherents not to use the same Internet
cafe too many times. Messages should be written on a word processor
and pasted into an e-mail to avoid keeping the computer connected to
the Internet for too long, it said.

The result is a changing definition not only of Al Qaeda but also of
the threat from what is known as cyber-terrorism. After Sept. 11, the
biggest fear of terrorists using the Internet was their potential to
disable air traffic control systems or disrupt the electric power grid
of the United States. Billions were spent shoring up infrastructure

Although those concerns remain, authorities said no incident of
cyber-terrorism has been recorded and worries have receded.

Instead, the discovery of the December manifesto, the arrest in
Pakistan last month and the accumulation of other evidence are leading
to recognition that for now, at least, cyberspace is not a weapon for
Al Qaeda, but a tool — one more difficult to counter than gunmen
huddled in caves and tents.

James Lewis, director of technology policy at the Center for Strategic
and International Studies in Washington, said one clear advantage for
Al Qaeda is that the Internet gives it a communications system that
rivals that of a superpower without the accompanying risk.

"There is no central headquarters," he said. "There is no central
place you can knock out."

U.S. and foreign authorities interviewed in recent days generally
agreed with a report last spring by the U.S. Treasury and Justice
departments, which concluded that the Internet poses tough challenges
"because it is largely anonymous, geographically unbounded,
unregulated and decentralized."

Al Qaeda is not a newcomer to the Internet.

In 2000, the group hacked into the e-mail and bank accounts of a U.S.  
diplomat in Saudi Arabia as part of an effort to track his movements
and plot an assassination attempt, which was later abandoned, Ranstorp
and a security official in the region said.

In the final stages of planning the Sept. 11 attacks, hijacker Mohamed
Atta sent a coded message over the Internet that said: "The semester
begins in three more weeks. We've obtained 19 confirmations for
studies in the faculty of law, the faculty of urban planning, the
faculty of fine arts and the faculty of engineering."

After the Sept. 11 attacks on the World Trade Center and Pentagon, the
camps and safe houses in Afghanistan where Atta and his accomplices
had once trained were destroyed in the U.S. air assaults.

Thousands of Al Qaeda adherents fled to hiding places in the tribal
areas along the Afghan-Pakistani border, to Pakistan and to dozens of
other countries. They left behind computers with files on how to build
nuclear bombs, diagrams of U.S. buildings and software for stealing
passwords off the Internet.

In the months that followed, key leaders were killed or captured. Bin
Laden has remained so deeply hidden that most intelligence officials
think he no longer exercises much control over the network.

The U.S. and its allies worked with some success to shut down the flow
of money to Al Qaeda through Saudi charities, wealthy benefactors and
other means.

Faced with this multi-pronged assault, Al Qaeda reinvented itself,
with a new reliance on the Internet.

Manuals from the training camps were posted on websites. Praise for
the "holy war" and appeals for money to continue the fight started
popping up. Information was shared among members, and alliances with
local and regional extremist groups were formed through cyberspace.

More recent Internet postings reflected the adaptations of the new Al
Qaeda, with its independent cells and new, often untrained recruits
scattered throughout the Middle East, Europe and Africa.

In late May, a website linked to Al Qaeda in Saudi Arabia published
detailed instructions for carrying out a kidnapping. Three weeks
later, U.S. aerospace engineer Paul M. Johnson Jr. was kidnapped in
Riyadh, the Saudi capital, and later beheaded.

Saudi extremists have proved particularly adept at using the Internet
to communicate with other Al Qaeda groups and to promote their aim to
topple the royal family, security officials in the country said.

But the posting that called for attacks on U.S. allies in Iraq — and
its chilling effectiveness — has proved the most startling.

"It shows that they are very strategic in what they are doing," the
U.S. national security official said.

The document was posted on a website run out of the Middle East. Its
language, religious references and other telltale signs convinced U.S.  
experts that an Al Qaeda member wrote it, though they have not
identified the author.

Titled "Jihad in Iraq: Hopes and Dangers," the posting advocated
attacking countries aligned with the U.S. that were most vulnerable to
pressure to withdraw their troops from Iraq. Italy and Spain were
singled out, with a special mention of Spain's approaching elections.

"Withdrawal of Spanish or Italian forces would put immense pressure on
the British presence in a way that Tony Blair might not be able to
bear," it said in one of several paragraphs underlined for emphasis.  
"In this way the dominoes will begin to fall quickly."

At another point, the posting said, "We think that the Spanish
government could not tolerate more than two, maximum three blows,
after which it will have to withdraw as a result of popular pressure."

The posting was available on one of the hundreds of Arabic-language
websites that cater to extremists and moderates alike. Many of them
are watched by intelligence and law enforcement agencies, but experts
say there are far too many to monitor thoroughly.

Evan Kohlmann, a Washington-based terrorism analyst who has been a
consultant to the U.S. government, said he was monitoring an Internet
chat room frequented by Islamic extremists last month when someone
posted copies of the complete Windows desktop of a U.S. soldier
serving in South Korea.

The soldier had apparently installed a program to access his work
computer through another computer and the hacker found a back door and
took control of the machine by using simple techniques, Kohlmann said.

Simplicity seems to work best. One common method of communicating over
the Internet is essentially an e-mail version of the classic dead

Members of a cell are all given the same prearranged username and
password for an e-mail account on an Internet service provider, or
ISP, such as Hotmail or Yahoo, according to the recent joint report by
the Treasury and Justice departments.

One member writes a message, but instead of sending it, he puts it in
the "draft" file and then logs off. Someone else can then sign onto
the account using the same username and password, read the draft and
then delete it.

"Because the draft was never sent, the ISP does not retain a copy of
it and there is no record of it traversing the Internet — it never
went anywhere, its recipients came to it," the report said.

Secure messages also can be transmitted using widely available
encryption tools.

Slightly more advanced methods allow messages to be embedded in image,
sound or other files transferred over the Internet through a process
called "steganography." The files cannot be distinguished without a
decoding tool.

The difficulty of intercepting and deciphering messages has given rise
to a game of cyber cat and mouse, according to government and
independent experts.

In an effort to gather information on potential recruits and donors,
U.S. law enforcement agencies operate websites that are set up to
resemble extremist Islamic sites. Visitors leave an electronic trail
when they enter the site.

On the other side, Al Qaeda can transmit false information to
determine whether its members are being monitored by law enforcement.

The Internet offers stealth to its users, but authorities can get
valuable information if they can get their hands on data stored in
computers or on disks.

U.S. and foreign investigators still are sifting through the material
taken from Khan. By cross-referencing the data with old files on
people, places and methods of attacks, they hope to get a new picture
of the organization's operations and identify its operatives, senior
U.S. law enforcement officials say.

They also are getting a closer look at the role of the Internet in Al
Qaeda's strategies — and a rare chance to turn the tables on the
organization's computer prowess.

"Al Qaeda relies on the Internet just like everyone else, and
increasingly more so," a senior Justice Department official said. "But
that reliance could also come back to bite them."

"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
C4I.org - Computer Security, & Intelligence - http://www.c4i.org

More information about the ISN mailing list