Cyberspace Gives Al Qaeda Refuge

R. A. Hettinga rah at
Sun Aug 15 14:24:12 PDT 2004



Cyberspace Gives Al Qaeda Refuge

Sun Aug 15, 7:55 AM ET

By Douglas Frantz, Josh Meyer and Richard B. Schmitt Times Staff Writers

 ISTANBUL, Turkey - In December, Al Qaeda operatives posted a manifesto on
the Internet calling for attacks inside countries allied with the United
States in Iraq (news - web sites). Spain, with elections approaching, was
singled out as a target.

 On March 11, terrorists set off bombs on four commuter trains in Madrid
and killed 191 people. Three days later, Spanish voters replaced the
pro-war government with a party whose leader had promised to withdraw the
country's 1,300 troops from Iraq.

 The posting of the strategy and the timing of the Madrid bombings shocked
even the most hardened Al Qaeda watchers recently when they reviewed the
little-known manifesto.

 "It's quite extraordinary in that you have a group of people 
about influencing a political process and then having it happen," said a
U.S. national security official who analyzed the 54-page posting and spoke
on condition that his name not be used. "Reading through this thing, it is
just mind-blowing."

 Since Osama bin Laden (news - web sites) and his followers were driven
from their bases in Afghanistan (news - web sites), the Al Qaeda terrorist
network has demonstrated an increasing ability to exploit the Internet as
it reconfigures itself as a semi-leaderless global extremist movement far
more elusive than the original incarnation.

 Websites run by Al Qaeda and its backers have become virtual classrooms
for terrorists, offering instructions for activities such as kidnapping and
using cellphones to set off bombs, like the ones used in Madrid.
Independent Al Qaeda cells and the network's loose hierarchy use easily
available encoding programs and simple techniques to exchange virtually
undetectable messages between Internet cafes in Karachi and libraries in

 The Internet's importance to Al Qaeda was highlighted this month by the
disclosure that Pakistani authorities had apprehended Mohammed Naeem Noor
Khan, a suspected Al Qaeda computer engineer, and collected a wealth of
electronic material.

 E-mail and other information from Khan's computers led to the arrests of
13 suspects in Britain and sent investigators scrambling to unravel
electronic links among militants in Pakistan, Europe and the United States,
British, U.S., and Pakistani authorities said. The discovery of files on
financial institutions in New York and Washington among Khan's trove also
played a role in prompting the Bush administration to issue a terrorist

 Although it has long been known that Al Qaeda used the Internet to conduct
reconnaissance on potential U.S. targets, the disks and hard drives taken
from Khan disclose much about the resiliency and adaptability of a
far-flung network hiding in plain sight, said U.S. and foreign intelligence
officials and outside experts interviewed for this report.

 "The Internet allows the organization to become a virtual
self-perpetuating and changing entity in cyberspace that provides
technological guidance and moral inspiration to a new generation," said
Magnus Ranstorp, a counter-terrorism expert at the University of St.
Andrews in Scotland.

 Rather than the computer whizzes often described by government officials
and the press, the Al Qaeda operatives are more often people with everyday
skills who have harnessed the Internet in a campaign against the United
States and its allies. Even Khan, whom senior U.S. officials describe as
extremely computer savvy, used skills available to many people with
computer training.

 Over time, they developed and shared techniques to avoid detection. An Al
Qaeda survival manual warned adherents not to use the same Internet cafe
too many times. Messages should be written on a word processor and pasted
into an e-mail to avoid keeping the computer connected to the Internet for
too long, it said.

 The result is a changing definition not only of Al Qaeda but also of the
threat from what is known as cyber-terrorism. After Sept. 11, the biggest
fear of terrorists using the Internet was their potential to disable air
traffic control systems or disrupt the electric power grid of the United
States. Billions were spent shoring up infrastructure defense.

 Although those concerns remain, authorities said no incident of
cyber-terrorism has been recorded and worries have receded.

 Instead, the discovery of the December manifesto, the arrest in Pakistan
last month and the accumulation of other evidence are leading to
recognition that for now, at least, cyberspace is not a weapon for Al
Qaeda, but a tool - one more difficult to counter than gunmen huddled in
caves and tents.

 James Lewis, director of technology policy at the Center for Strategic and
International Studies in Washington, said one clear advantage for Al Qaeda
is that the Internet gives it a communications system that rivals that of a
superpower without the accompanying risk.

 "There is no central headquarters," he said. "There is no central place
you can knock out."

 U.S. and foreign authorities interviewed in recent days generally agreed
with a report last spring by the U.S. Treasury and Justice departments,
which concluded that the Internet poses tough challenges "because it is
largely anonymous, geographically unbounded, unregulated and decentralized."

 Al Qaeda is not a newcomer to the Internet.

 In 2000, the group hacked into the e-mail and bank accounts of a U.S.
diplomat in Saudi Arabia as part of an effort to track his movements and
plot an assassination attempt, which was later abandoned, Ranstorp and a
security official in the region said.

 In the final stages of planning the Sept. 11 attacks, hijacker Mohamed
Atta sent a coded message over the Internet that said: "The semester begins
in three more weeks. We've obtained 19 confirmations for studies in the
faculty of law, the faculty of urban planning, the faculty of fine arts and
the faculty of engineering."

 After the Sept. 11 attacks on the World Trade Center and Pentagon (news -
web sites), the camps and safe houses in Afghanistan where Atta and his
accomplices had once trained were destroyed in the U.S. air assaults.

 Thousands of Al Qaeda adherents fled to hiding places in the tribal areas
along the Afghan-Pakistani border, to Pakistan and to dozens of other
countries. They left behind computers with files on how to build nuclear
bombs, diagrams of U.S. buildings and software for stealing passwords off
the Internet.

 In the months that followed, key leaders were killed or captured. Bin
Laden has remained so deeply hidden that most intelligence officials think
he no longer exercises much control over the network.

 The U.S. and its allies worked with some success to shut down the flow of
money to Al Qaeda through Saudi charities, wealthy benefactors and other

 Faced with this multi-pronged assault, Al Qaeda reinvented itself, with a
new reliance on the Internet.

 Manuals from the training camps were posted on websites. Praise for the
"holy war" and appeals for money to continue the fight started popping up.
Information was shared among members, and alliances with local and regional
extremist groups were formed through cyberspace.

 More recent Internet postings reflected the adaptations of the new Al
Qaeda, with its independent cells and new, often untrained recruits
scattered throughout the Middle East, Europe and Africa.

 In late May, a website linked to Al Qaeda in Saudi Arabia published
detailed instructions for carrying out a kidnapping. Three weeks later,
U.S. aerospace engineer Paul M. Johnson Jr. was kidnapped in Riyadh, the
Saudi capital, and later beheaded.

 Saudi extremists have proved particularly adept at using the Internet to
communicate with other Al Qaeda groups and to promote their aim to topple
the royal family, security officials in the country said.

 But the posting that called for attacks on U.S. allies in Iraq - and its
chilling effectiveness - has proved the most startling.

 "It shows that they are very strategic in what they are doing," the U.S.
national security official said.

 The document was posted on a website run out of the Middle East. Its
language, religious references and other telltale signs convinced U.S.
experts that an Al Qaeda member wrote it, though they have not identified
the author.

 Titled "Jihad in Iraq: Hopes and Dangers," the posting advocated attacking
countries aligned with the U.S. that were most vulnerable to pressure to
withdraw their troops from Iraq. Italy and Spain were singled out, with a
special mention of Spain's approaching elections.

 "Withdrawal of Spanish or Italian forces would put immense pressure on the
British presence in a way that Tony Blair (news - web sites) might not be
able to bear," it said in one of several paragraphs underlined for
emphasis. "In this way the dominoes will begin to fall quickly."

 At another point, the posting said, "We think that the Spanish government
could not tolerate more than two, maximum three blows, after which it will
have to withdraw as a result of popular pressure."

 The posting was available on one of the hundreds of Arabic-language
websites that cater to extremists and moderates alike. Many of them are
watched by intelligence and law enforcement agencies, but experts say there
are far too many to monitor thoroughly.

 Evan Kohlmann, a Washington-based terrorism analyst who has been a
consultant to the U.S. government, said he was monitoring an Internet chat
room frequented by Islamic extremists last month when someone posted copies
of the complete Windows desktop of a U.S. soldier serving in South Korea
(news - web sites).

 The soldier had apparently installed a program to access his work computer
through another computer and the hacker found a back door and took control
of the machine by using simple techniques, Kohlmann said.

 Simplicity seems to work best. One common method of communicating over the
Internet is essentially an e-mail version of the classic dead drop.

 Members of a cell are all given the same prearranged username and password
for an e-mail account on an Internet service provider, or ISP, such as
Hotmail or Yahoo, according to the recent joint report by the Treasury and
Justice departments.

 One member writes a message, but instead of sending it, he puts it in the
"draft" file and then logs off. Someone else can then sign onto the account
using the same username and password, read the draft and then delete it.

 "Because the draft was never sent, the ISP does not retain a copy of it
and there is no record of it traversing the Internet - it never went
anywhere, its recipients came to it," the report said.

 Secure messages also can be transmitted using widely available encryption

 Slightly more advanced methods allow messages to be embedded in image,
sound or other files transferred over the Internet through a process called
"steganography." The files cannot be distinguished without a decoding tool.

 The difficulty of intercepting and deciphering messages has given rise to
a game of cyber cat and mouse, according to government and independent

 In an effort to gather information on potential recruits and donors, U.S.
law enforcement agencies operate websites that are set up to resemble
extremist Islamic sites. Visitors leave an electronic trail when they enter
the site.

 On the other side, Al Qaeda can transmit false information to determine
whether its members are being monitored by law enforcement.

 The Internet offers stealth to its users, but authorities can get valuable
information if they can get their hands on data stored in computers or on

 U.S. and foreign investigators still are sifting through the material
taken from Khan. By cross-referencing the data with old files on people,
places and methods of attacks, they hope to get a new picture of the
organization's operations and identify its operatives, senior U.S. law
enforcement officials say.

 They also are getting a closer look at the role of the Internet in Al
Qaeda's strategies - and a rare chance to turn the tables on the
organization's computer prowess.

 "Al Qaeda relies on the Internet just like everyone else, and increasingly
more so," a senior Justice Department (news - web sites) official said.
"But that reliance could also come back to bite them."



 Mohammed Naeem Noor Khan

 Mohammed Naeem Noor Khan, right, a suspected Al Qaeda computer expert, was
arrested July 15 in Pakistan.

 Khan reportedly has told his FBI (news - web sites) interrogators that the
terrorist network has monitored top U.S. political officials so closely
that its operatives know where they live and the names of their neighbors.

 Authorities believe Khan may have been a key link among Al Qaeda cells in
Pakistan, Britain and the United States.

 He was arrested while uploading information to several Al Qaeda-affiliated
websites at an Internet cafe in Karachi.

 He reportedly was in the process of sending an e-mail death threat to
President Bush (news - web sites), claiming that it was from Al Qaeda.

 - Los Angeles Times

R. A. Hettinga <mailto: rah at>
The Internet Bearer Underwriting Corporation <>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

More information about the cypherpunks-legacy mailing list