[osint] Technology and Terror: The New Modus Operandi

R.A. Hettinga rah at shipwright.com
Fri Feb 11 15:15:28 PST 2005 

--- begin forwarded text


To: "Bruce Tefft" <btefft at community-research.com>
Thread-Index: AcUQiaDiEfkM6EBiRXa/4exIK6zyqQ==
From: "Bruce Tefft" <btefft at community-research.com>
Mailing-List: list osint at yahoogroups.com; contact osint-owner at yahoogroups.com
Delivered-To: mailing list osint at yahoogroups.com
Date: Fri, 11 Feb 2005 17:32:54 -0500
Subject: [osint] Technology and Terror: The New Modus Operandi
Reply-To: osint at yahoogroups.com


http://www.pbs.org/wgbh/pages/frontline/shows/front/special/tech.html



Technology and Terror: The New Modus Operandi By Andrew Becker
For all the fear that cyber terrorists will turn the Internet into a weapon
of mass disruption, many intelligence experts contend the Web is most
effective (or detrimental) as it was designed to be -- as a way to
communicate and create community. This essay explores how jihadis are using
the Web, plus some of the cyber "tricks" used by terrorists to avoid
detection and how the authorities can respond.



It was all laid out in a polished, 25-minute training video: how to make an
explosive belt to blow yourself up and kill as many people as possible.

This particular video, first posted on a jihadist message board in December
2004, presented the necessary explosives, shrapnel and vest for a suicide
bomber. It demonstrated how to assemble the materials and wear the belt. And
then the video showed a test of the explosive belt, with a simulated
detonation aboard a crowded bus.

As translated on a Web site
<http://siteinstitute.org/bin/articles.cgi?ID=publications13804&Category=pub
lications&Subcategory=0>  that tracks Islamic terrorist organizations, the
producers analyzed the bomb's impact on the mock victims:



We notice that the following 2 seats were not directly hit. This is due to
the fact that, when the person who will be wearing this explosive vest goes
on the bus, and wants to blow himself up, he must be facing the front with
his back towards the back. There is a possibility that the 2 seats on his
right and his left might not be hit with the shrapnel, however, the
explosion will surely kill the passengers in those seats.

Such Web sites and training videos, which are often posted then quickly
removed to avoid detection, have multiplied after Sept. 11. In doing so,
they opened perhaps the widest front in the war on terror: cyberspace.

In essence, the Internet is the perfect communication tool for terrorists,
and it mirrors the framework of their operations: decentralized, anonymous,
and offering fast communication to a potentially large audience. The
Internet is used to plot and claim responsibility for terrorist acts, to
address sympathizers and enemies alike, and to raise money and attract new
recruits. It has created a virtual "umma" -- Arabic for the larger Muslim
community as a whole -- and like the actual umma, the cyber umma encompasses
both moderate Muslims and Islamic fundamentalists.

For all the fear that cyber terrorists will turn the Internet into a weapon
of mass disruption, many intelligence experts contend the Web is most
effective (or detrimental) as it was designed to be -- as a way to
communicate and to create community.

In a keynote speech at a security conference for government agencies in
Washington, retired CIA director George Tenet called for tightening security
of the Internet, which he said was "a potential Achilles' heel." Tenet
acknowledged that it would be "controversial in this age when we still think
the Internet is a free and open society," but "ultimately the Wild West must
give way to governance and control."

But, as Gabriel Weimann writes in the United States Institute of Peace
report "How <http://www.usip.org/pubs/specialreports/sr116.html>  Modern
Terrorism Uses the Internet," the restriction of the Internet under the
guise of counterterrorism measures, particularly by authoritarian
governments, can infringe on privacy, limit freedom of speech, and impede
the free flow of information, in turn placing restrictions on the open
society that makes the Western world strong.

"There's just no question that if the Internet wasn't there, the terrorists
would have loved to invent it," says Jeffrey Simon, a former terrorism
analyst for the RAND Corp., author of The Terrorist Trap and a consultant
who has studied terrorism for 20 years. "It's always a technological battle
with terrorists. The technology is always out there for everyone to take
advantage of."



+ Hosting terror at home

Although a number of extremist sites are located abroad, in many cases,
terrorists take advantage of the technology inside the U.S.

Recently, more jihadist Web sites in Europe have switched to U.S. computer
servers -- mostly because they can, says Rita Katz, director of the
Washington-based Search for International <http://www.siteinstitute.org/>
Terrorist Entities (SITE) Institute. American Web hosting is cheap, easy to
access and U.S. servers are technologically among the best in the world. To
avoid detection, terrorists frequently change Web addresses and often squat
undetected on other Web sites or Internet servers. Katz believes the most
hard-core Al Qaeda and jihadist Web sites are hosted in the U.S. because of
freedom of speech protections.

Katz points to the August 2004 arrest of Babar Ahmad, a British citizen
charged in the U.S. with providing material support to terrorists,
conspiring to kill people in a foreign country, and money laundering,
because Web sites that he ran from the U.K. were hosted by an Internet
service provider in Connecticut. The indictment alleges that through the Web
sites and other means, Ahmad provided "expert advice and assistance,
communications equipment, military items, lodging, training, false
documentation, transportation, funding, personnel and other support designed
to assist the Chechen mujahideen, the Taliban and associated groups."

"The Internet today is really 'command central' for all terrorist
organizations," says Katz, who wrote a memoir The Terrorist Hunter and has
tracked international terrorists since the 1990s. "You don't really need to
be in Afghanistan anymore. It's all on the Internet."

She keeps edited examples of terrorist training manuals, videos, newsletters
and communiquis on the SITE Institute's subscriber-based Web site, including
the suicide bomber instructional video. The information on these Web sites
can vary from how to set up a safehouse to instructions for using
rocket-propelled grenades.

"If you know where to look, [they're] not difficult to find. Not for an
Arabic speaker," she says. The Internet is "something we set up for our use
to make our life better, but terrorists have hijacked the Internet
literally."



+ Increasing sophistication

In the summer of 2004, Lee S. Strickland, director of the Center for
Information Policy at the University of Maryland and a career senior
intelligence officer and computer specialist, oversaw a study that examined
terrorists' use of the Internet.

The study found that the terrorist sites tend to be as sophisticated and
efficacious as many mainstream Western corporate sites. The researchers used
26 variables of highly effective Web sites including design, content and how
often they are updated.

"You're really seeing a growing sophistication of video and the Web,"
Strickland says.

The study examined a number of terrorist linked sites, ranging from Al Qaeda
and Hamas to the Tamil Tigers. When compared with Microsoft.com, Hamas'
site, for instance, shared 23 of these 26 highly valuable design features,
such as search engines, mission statements, a "what's new" section and a
frequently asked questions page. There were even job boards, online
applications for recruitment, testimonials, an online store and chat rooms.
If the sites aren't directly recruiting, many solicit funds.

Strickland says these sites employ an effective array of interactive games,
cartoons, jokes, and even bedtime stories that appeal to children. They
recruit young adults ages 14 to 24 with videos and music: For example, in
early 2004, a Muslim rapper in Great Britain named Sheik Terra released a
video for his song "Dirty Kuffar" (Infidel) in which he carries a copy of
the Quran and a pistol and calls for the death of all non-Muslims.



+ Reconnaissance

With the abundance of information available on the Internet, terrorists also
use the Web for reconnaissance, especially with the availability of public
information on things like electrical grids and other infrastructure -- a
problem highlighted by George Tenet late last year. Terrorists regularly
search the Internet for data mining purposes to facilitate financial
transactions and crime, according to former counterterrorism czar Richard
Clarke.

Clarke says the government should limit what information is available by
first examining the content on government Web sites. If they don't,
reconnaissance of potential targets by terrorists will continue.

"The Pentagon has done this. It's generally a good idea for any company or
government to do," he says. "There's way too much information available."

An Al Qaeda training manual recovered in Afghanistan confirms that the group
researched critical infrastructure online. The manual explained that at
least 80 percent of the information gathered on the enemy was done through
open and legal methods. Whether it's GIS mapping of the electrical and
cyberoptic infrastructure of New York City or major dams, much of the
information is still openly available, according to Strickland.

"You can get information anonymously, store it in a database and apply data
mining tools to it," he says. "And the tools to exploit are commercial
tools!"



+ Avoiding detection

For years intelligence experts and officials have suspected that some Al
Qaeda operatives are technological whizzes who use espionage tools like
encryption or the practice of hiding messages within other messages known as
steganography.

Encryption works by altering letters or numbers with software. It is illegal
to export encryption software to certain countries overseas, but the
programs can be easily downloaded.

Arrests of Al Qaeda members and computers captured in U.S. raids have turned
up evidence of encrypted e-mails dating to the 1990s, including the 1998
bombings of U.S. embassies in East Africa. Wadih
<http://www.pbs.org/wgbh/pages/frontline/shows/binladen/upclose/elhage.html>
El Hage, an associate of Osama bin Laden who was convicted for his role in
the 1998 bombing of U.S. embassies in Kenya and Tanzania, encrypted e-mails
while plotting the attacks. Ramzi Yousef, the mastermind behind the 1993
World Trade Center attack, used encryption from his base in the Philippines
in the mid-1990s when he plotted to blow up 11 U.S. airplanes over the
Pacific.

More recently, U.S. officials believe the Al Qaeda Web site www.alneda.com
used encrypted information to link Al Qaeda members to more secure sites,
according to Weimann's report.

Steganography dates to ancient Greece and was widely used by Allies and the
Axis during World War II. Russ Rogers, a security researcher and CEO of
security services company Security Horizon, Inc., says there are more than
100 tools readily available on the Web that can help hide information inside
documents such as JPEG image files using algorithms to modify the pixels in
a file without altering the visible image. There are even Web sites and
programs that can transform a message to make it look like spam e-mail or a
play script.



+ The virtual politics of violence

The Web's use as a propaganda and political tool may be its biggest asset to
terrorists.

An intelligence aide to a U.S. senator, who spoke on condition of anonymity
says, "The Internet is the poor man's television network. Buy a $300 video
camera and a PC and you're in business. You can communicate in a very
powerful medium almost instantaneously, almost undetectable and free."

One of the more striking examples of terrorists' political use of the
Internet involves a document that argued for an attack against Spanish
forces months before March 11. Written in early December 2003, the document
titled "Jihadi Iraq, Hopes and Dangers" called for attacks in order to
influence the parliamentary elections.

A few weeks after the document was published, Brynjar Lia, senior analyst at
the Norwegian Defense Research Establishment, found the document on a
jihadist Web site while making his usual rounds on the Internet.

"It was interesting to me for two reasons -- the document's sophisticated
strategic analysis and its specific recommendations," Lia says. "Many of the
documents are religious and propagandist in tone and entirely devoted to
providing justifications for jihad. If you've read one or two, you've read
them all."

But this document was different. It mentioned the Spanish elections, which
were four months away, and recommended "painful strikes" in the run-up to
the election in order to influence its outcome. The author lays out the
argument as for why an attack against Spain would be most effective. There
wasn't a specific call for an attack in Europe, Lia says, but rather the
terms called for an attack against Spanish forces. As translated
<http://www.mil.no/felles/ffi/start/article.jhtml?articleID=71589>  by Lia
and his colleague Thomas Hegghammer, the document contends:

We think that the Spanish government could not tolerate more than two,
maximum three blows, after which it will have to withdraw as a result of
popular pressure. If its troops still remain in Iraq after these blows, then
the victory of the Socialist Party is almost secured, and the withdrawal of
the Spanish forces will be on its electoral programme.

"Like everyone else, I assumed all the intelligence agencies in the world
were monitoring these Web sites and checking them out," Lia says. "I didn't
think to alert anyone. It seemed obvious. I thought they must have been
read."



+ Monitoring Web sites

The U.S. government doesn't actively monitor Web sites, according to Richard
Clarke. Some ISPs and Web hosts might, although currently there is no legal
obligation to do so.

"You're treading on dangerous ground when you start limiting content, unless
the site is clearly linked to a violation of the law," he says.

But while First Amendment concerns exist, it is the sheer volume of Web
sites and e-mail traffic that mostly hampers monitoring.

"Unless there is a specific complaint, [Web hosting companies] don't have
the wherewithal to monitor the content or the responsibility," says FBI
agent Mike Rolince, of the Washington, D.C. field office.

The same issue of resources prohibits the Department of Justice from
monitoring Web sites says Department of Justice spokesman Bryan Sierra.

"We don't have the manpower or the desire to sit around and monitor the Web
24-7," Sierra says. "We're not the guys out there trying to determine what
is on the Internet. That's not our goal. Our goal is to determine what is
illegal."

California-based Yahoo! spokeswoman Mary Osako would not comment on how
aggressively Yahoo! monitors the content of the Web sites it hosts, but the
company investigates every complaint it receives. She says that the company
has the "ability across languages" to scrutinize sites but for the most part
Yahoo! relies on its members to report any inappropriate use. Osako would
not disclose how many reports the company has received regarding
terrorist-related material.

In the end, taking down a Web site isn't going to solve the problem. "The
opposition sees that as nothing more than a temporary inconvenience,"
according to Rolince.

Going forward, Dale Watson, former special agent in charge of
counter-terrorism in the Washington bureau of the FBI, expects the bureau to
continue to use the e-mail equivalent of telephone wiretaps as a
surveillance tool.

Since March 2004, the European Union has discussed imposing requirements on
Internet service providers (ISPs) and cell phone companies to keep permanent
records accessible to law enforcement. The European Council will vote on the
matter in June 2005.

For the Department of Justice, the main obstacle and main challenge will be
keeping up with the emerging technologies terrorists use, Sierra says. But
the intelligence aide to the U.S. senator believes that the cyber age and
"all the cool tools" shouldn't dazzle law enforcement.

"There is an increasing need for old-fashioned, shoe-leather spying, human
intelligence and agents who will tell us things about the bad guys," he
says. "It's face-to-face where we can really make strides against
terrorism."



Andrew Becker is a student at the Graduate School of Journalism at
University of California, Berkeley. His articles have appeared in the Boston
Globe, the San Francisco Chronicle, and FRONTLINE.





[Non-text portions of this message have been removed]



------------------------ Yahoo! Groups Sponsor --------------------~-->
DonorsChoose. A simple way to provide underprivileged children resources
often lacking in public schools. Fund a student project in NYC/NC today!
http://us.click.yahoo.com/EHLuJD/.WnJAA/cUmLAA/TySplB/TM
--------------------------------------------------------------------~->

--------------------------
Want to discuss this topic?  Head on over to our discussion list,
discuss-osint at yahoogroups.com.
--------------------------
Brooks Isoldi, editor
bisoldi at intellnet.org

http://www.intellnet.org

  Post message: osint at yahoogroups.com
  Subscribe:    osint-subscribe at yahoogroups.com
  Unsubscribe:  osint-unsubscribe at yahoogroups.com


*** FAIR USE NOTICE. This message contains copyrighted material whose use
has not been specifically authorized by the copyright owner. OSINT, as a
part of The Intelligence Network, is making it available without profit to
OSINT YahooGroups members who have expressed a prior interest in receiving
the included information in their efforts to advance the understanding of
intelligence and law enforcement organizations, their activities, methods,
techniques, human rights, civil liberties, social justice and other
intelligence related issues, for non-profit research and educational
purposes only. We believe that this constitutes a 'fair use' of the
copyrighted material as provided for in section 107 of the U.S. Copyright
Law. If you wish to use this copyrighted material for purposes of your own
that go beyond 'fair use,' you must obtain permission from the copyright
owner.
For more information go to:
http://www.law.cornell.edu/uscode/17/107.shtml
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/osint/

<*> To unsubscribe from this group, send an email to:
    osint-unsubscribe at yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/


--- end forwarded text


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

More information about the cypherpunks-legacy mailing list