Blinky, etc.: [osint] Terrorists' Tricks and Counter-Measures

R.A. Hettinga rah at
Fri Feb 11 14:47:46 PST 2005

--- begin forwarded text

To: "Bruce Tefft" <btefft at>
Thread-Index: AcUQicQJIaX+jMBUTx2fNeBGtdezfw==
From: "Bruce Tefft" <btefft at>
Mailing-List: list osint at; contact osint-owner at
Delivered-To: mailing list osint at
Date: Fri, 11 Feb 2005 17:33:53 -0500
Subject: [osint] Terrorists' Tricks and Counter-Measures
Reply-To: osint at

The Terrorist's Tricks and Counter-Measures

+ Tricks

+  Two terrorists on opposite sides of the globe might agree to open 30
anonymous web-based e-mail accounts with 30 different passwords. On the
first of the month the first account is used, on the second of the month the
second account is used and so on, until each account is used once.

"It's very difficult to catch, because there is no pattern of use," former
U.S. counter-terrorism czar Richard Clarke says. "One-time anonymous
accounts are extremely difficult to monitor."

+  One terrorist drafts a Web-based e-mail and instead of sending it, saves
it to the draft folder, accessible online from anywhere in the world. The
other terrorist can open the same account, read the message, and delete it.
The e-mail has never been sent, and cannot be tracked.

+  Many e-mails are sent on public computers, for example in libraries or
cyber cafis, making them even more difficult to trace.

+  The language in the e-mails can also be cloaked, says Dale Watson, a
24-year veteran of the FBI who served as the first executive assistant
director for counterterrorism. In preparing for the Sept. 11 attacks,
suspected hijacker and pilot Mohamed Atta and alleged 9/11 conspirator Ramzi
bin al-Shibh pretended to be students as they exchanged e-mails, talking
about "architecture" (the World Trade Center), "arts" (the Pentagon), "law"
(the Capitol) and "politics" (the White House).

+ Counter-Measures

+  If a jihadist site hosted in another country is not taken down by the
government in that country, the U.S. needs to hack the site and bring it
down, Clarke says.

+  The U.S. can use active and passive attacks to disrupt terrorists'
electronic networks. Active attacks include using computer viruses to infect
enemy computers. Passive attacks monitor e-mails and transferred data, and
watch traffic patterns.

+  The viruses used in active attacks wouldn't do damage or send mass
mailings, but rather selectively collect data and discreetly send the e-mail
back to U.S. intelligence. That could include getting address books, or
collecting the "cookies" written to the computer's hard drive when the
terrorist visits certain Web sites. There are also ways to monitor
keystrokes, even if a terrorist uses encryption. Counterfeit e-mails can
also used to confuse or subvert communications.

"They certainly can be very effective," the University of Maryland's Lee
Strickland says of active attacks. "To escape, [terrorists] have to be lucky
every day. We only have to be lucky once."

+  Passive attacks aim to monitor the terrorists' information network, not
overtly disrupt it. That includes watching electronic banking transactions,
for example, and following e-mail traffic patterns and other data exchanges.
Doing so may arouse suspicion and force terrorists to use less efficient
modes of communication. "The goal is not only to acquire information in the
terrorists' possession, but also to force them to use other forms of
communication -- perhaps slower and less effective, or perhaps someone that
may be easier to intercept or that may provide more information upon
intercept," Strickland wrote in a 2002 report called "Fighting Terrorism
with Information."

[Non-text portions of this message have been removed]

------------------------ Yahoo! Groups Sponsor --------------------~-->
Give underprivileged students the materials they need to learn.
Bring education to life by funding a specific classroom project.

Want to discuss this topic?  Head on over to our discussion list,
discuss-osint at
Brooks Isoldi, editor
bisoldi at

  Post message: osint at
  Subscribe:    osint-subscribe at
  Unsubscribe:  osint-unsubscribe at

*** FAIR USE NOTICE. This message contains copyrighted material whose use
has not been specifically authorized by the copyright owner. OSINT, as a
part of The Intelligence Network, is making it available without profit to
OSINT YahooGroups members who have expressed a prior interest in receiving
the included information in their efforts to advance the understanding of
intelligence and law enforcement organizations, their activities, methods,
techniques, human rights, civil liberties, social justice and other
intelligence related issues, for non-profit research and educational
purposes only. We believe that this constitutes a 'fair use' of the
copyrighted material as provided for in section 107 of the U.S. Copyright
Law. If you wish to use this copyrighted material for purposes of your own
that go beyond 'fair use,' you must obtain permission from the copyright
For more information go to:
Yahoo! Groups Links

<*> To visit your group on the web, go to:

<*> To unsubscribe from this group, send an email to:
    osint-unsubscribe at

<*> Your use of Yahoo! Groups is subject to:

--- end forwarded text

R. A. Hettinga <mailto: rah at>
The Internet Bearer Underwriting Corporation <>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

More information about the cypherpunks-legacy mailing list