[IP] Los Angeles Times: Cyberspace Gives Al Qaeda Refuge
http://www.latimes.com/news/nationworld/world/la-fg-
cyberterror15aug15,1,4439590.story?coll=la-home-headlines
THE WORLD
Cyberspace Gives Al Qaeda Refuge
Driven underground, the terrorist network has learned to exploit the
Internet as it recasts itself into a more elusive, self-perpetuating
form.
By Douglas Frantz, Josh Meyer and Richard B. Schmitt
Times Staff Writers
August 15, 2004
ISTANBUL, Turkey — In December, Al Qaeda operatives posted a manifesto
on the Internet calling for attacks inside countries allied with the
United States in Iraq. Spain, with elections approaching, was singled
out as a target.
On March 11, terrorists set off bombs on four commuter trains in Madrid
and killed 191 people. Three days later, Spanish voters replaced the
pro-war government with a party whose leader had promised to withdraw
the country's 1,300 troops from Iraq.
The posting of the strategy and the timing of the Madrid bombings
shocked even the most hardened Al Qaeda watchers recently when they
reviewed the little-known manifesto.
"It's quite extraordinary in that you have a group of people … talking
about influencing a political process and then having it happen," said
a U.S. national security official who analyzed the 54-page posting and
spoke on condition that his name not be used. "Reading through this
thing, it is just mind-blowing."
Since Osama bin Laden and his followers were driven from their bases in
Afghanistan, the Al Qaeda terrorist network has demonstrated an
increasing ability to exploit the Internet as it reconfigures itself as
a semi-leaderless global extremist movement far more elusive than the
original incarnation.
Websites run by Al Qaeda and its backers have become virtual classrooms
for terrorists, offering instructions for activities such as kidnapping
and using cellphones to set off bombs, like the ones used in Madrid.
Independent Al Qaeda cells and the network's loose hierarchy use easily
available encoding programs and simple techniques to exchange virtually
undetectable messages between Internet cafes in Karachi and libraries
in London.
The Internet's importance to Al Qaeda was highlighted this month by the
disclosure that Pakistani authorities had apprehended Mohammed Naeem
Noor Khan, a suspected Al Qaeda computer engineer, and collected a
wealth of electronic material.
E-mail and other information from Khan's computers led to the arrests
of 13 suspects in Britain and sent investigators scrambling to unravel
electronic links among militants in Pakistan, Europe and the United
States, British, U.S., and Pakistani authorities said. The discovery of
files on financial institutions in New York and Washington among Khan's
trove also played a role in prompting the Bush administration to issue
a terrorist warning.
Although it has long been known that Al Qaeda used the Internet to
conduct reconnaissance on potential U.S. targets, the disks and hard
drives taken from Khan disclose much about the resiliency and
adaptability of a far-flung network hiding in plain sight, said U.S.
and foreign intelligence officials and outside experts interviewed for
this report.
"The Internet allows the organization to become a virtual
self-perpetuating and changing entity in cyberspace that provides
technological guidance and moral inspiration to a new generation," said
Magnus Ranstorp, a counter-terrorism expert at the University of St.
Andrews in Scotland.
Rather than the computer whizzes often described by government
officials and the press, the Al Qaeda operatives are more often people
with everyday skills who have harnessed the Internet in a campaign
against the United States and its allies. Even Khan, whom senior U.S.
officials describe as extremely computer savvy, used skills available
to many people with computer training.
Over time, they developed and shared techniques to avoid detection. An
Al Qaeda survival manual warned adherents not to use the same Internet
cafe too many times. Messages should be written on a word processor and
pasted into an e-mail to avoid keeping the computer connected to the
Internet for too long, it said.
The result is a changing definition not only of Al Qaeda but also of
the threat from what is known as cyber-terrorism. After Sept. 11, the
biggest fear of terrorists using the Internet was their potential to
disable air traffic control systems or disrupt the electric power grid
of the United States. Billions were spent shoring up infrastructure
defense.
Although those concerns remain, authorities said no incident of
cyber-terrorism has been recorded and worries have receded.
Instead, the discovery of the December manifesto, the arrest in
Pakistan last month and the accumulation of other evidence are leading
to recognition that for now, at least, cyberspace is not a weapon for
Al Qaeda, but a tool — one more difficult to counter than gunmen
huddled in caves and tents.
James Lewis, director of technology policy at the Center for Strategic
and International Studies in Washington, said one clear advantage for
Al Qaeda is that the Internet gives it a communications system that
rivals that of a superpower without the accompanying risk.
"There is no central headquarters," he said. "There is no central place
you can knock out."
U.S. and foreign authorities interviewed in recent days generally
agreed with a report last spring by the U.S. Treasury and Justice
departments, which concluded that the Internet poses tough challenges
"because it is largely anonymous, geographically unbounded, unregulated
and decentralized."
Al Qaeda is not a newcomer to the Internet.
In 2000, the group hacked into the e-mail and bank accounts of a U.S.
diplomat in Saudi Arabia as part of an effort to track his movements
and plot an assassination attempt, which was later abandoned, Ranstorp
and a security official in the region said.
In the final stages of planning the Sept. 11 attacks, hijacker Mohamed
Atta sent a coded message over the Internet that said: "The semester
begins in three more weeks. We've obtained 19 confirmations for studies
in the faculty of law, the faculty of urban planning, the faculty of
fine arts and the faculty of engineering."
After the Sept. 11 attacks on the World Trade Center and Pentagon, the
camps and safe houses in Afghanistan where Atta and his accomplices had
once trained were destroyed in the U.S. air assaults.
Thousands of Al Qaeda adherents fled to hiding places in the tribal
areas along the Afghan-Pakistani border, to Pakistan and to dozens of
other countries. They left behind computers with files on how to build
nuclear bombs, diagrams of U.S. buildings and software for stealing
passwords off the Internet.
In the months that followed, key leaders were killed or captured. Bin
Laden has remained so deeply hidden that most intelligence officials
think he no longer exercises much control over the network.
The U.S. and its allies worked with some success to shut down the flow
of money to Al Qaeda through Saudi charities, wealthy benefactors and
other means.
Faced with this multi-pronged assault, Al Qaeda reinvented itself, with
a new reliance on the Internet.
Manuals from the training camps were posted on websites. Praise for the
"holy war" and appeals for money to continue the fight started popping
up. Information was shared among members, and alliances with local and
regional extremist groups were formed through cyberspace.
More recent Internet postings reflected the adaptations of the new Al
Qaeda, with its independent cells and new, often untrained recruits
scattered throughout the Middle East, Europe and Africa.
In late May, a website linked to Al Qaeda in Saudi Arabia published
detailed instructions for carrying out a kidnapping. Three weeks later,
U.S. aerospace engineer Paul M. Johnson Jr. was kidnapped in Riyadh,
the Saudi capital, and later beheaded.
Saudi extremists have proved particularly adept at using the Internet
to communicate with other Al Qaeda groups and to promote their aim to
topple the royal family, security officials in the country said.
But the posting that called for attacks on U.S. allies in Iraq — and
its chilling effectiveness — has proved the most startling.
"It shows that they are very strategic in what they are doing," the
U.S. national security official said.
The document was posted on a website run out of the Middle East. Its
language, religious references and other telltale signs convinced U.S.
experts that an Al Qaeda member wrote it, though they have not
identified the author.
Titled "Jihad in Iraq: Hopes and Dangers," the posting advocated
attacking countries aligned with the U.S. that were most vulnerable to
pressure to withdraw their troops from Iraq. Italy and Spain were
singled out, with a special mention of Spain's approaching elections.
"Withdrawal of Spanish or Italian forces would put immense pressure on
the British presence in a way that Tony Blair might not be able to
bear," it said in one of several paragraphs underlined for emphasis.
"In this way the dominoes will begin to fall quickly."
At another point, the posting said, "We think that the Spanish
government could not tolerate more than two, maximum three blows, after
which it will have to withdraw as a result of popular pressure."
The posting was available on one of the hundreds of Arabic-language
websites that cater to extremists and moderates alike. Many of them are
watched by intelligence and law enforcement agencies, but experts say
there are far too many to monitor thoroughly.
Evan Kohlmann, a Washington-based terrorism analyst who has been a
consultant to the U.S. government, said he was monitoring an Internet
chat room frequented by Islamic extremists last month when someone
posted copies of the complete Windows desktop of a U.S. soldier serving
in South Korea.
The soldier had apparently installed a program to access his work
computer through another computer and the hacker found a back door and
took control of the machine by using simple techniques, Kohlmann said.
Simplicity seems to work best. One common method of communicating over
the Internet is essentially an e-mail version of the classic dead drop.
Members of a cell are all given the same prearranged username and
password for an e-mail account on an Internet service provider, or ISP,
such as Hotmail or Yahoo, according to the recent joint report by the
Treasury and Justice departments.
One member writes a message, but instead of sending it, he puts it in
the "draft" file and then logs off. Someone else can then sign onto the
account using the same username and password, read the draft and then
delete it.
"Because the draft was never sent, the ISP does not retain a copy of it
and there is no record of it traversing the Internet — it never went
anywhere, its recipients came to it," the report said.
Secure messages also can be transmitted using widely available
encryption tools.
Slightly more advanced methods allow messages to be embedded in image,
sound or other files transferred over the Internet through a process
called "steganography." The files cannot be distinguished without a
decoding tool.
The difficulty of intercepting and deciphering messages has given rise
to a game of cyber cat and mouse, according to government and
independent experts.
In an effort to gather information on potential recruits and donors,
U.S. law enforcement agencies operate websites that are set up to
resemble extremist Islamic sites. Visitors leave an electronic trail
when they enter the site.
On the other side, Al Qaeda can transmit false information to determine
whether its members are being monitored by law enforcement.
The Internet offers stealth to its users, but authorities can get
valuable information if they can get their hands on data stored in
computers or on disks.
U.S. and foreign investigators still are sifting through the material
taken from Khan. By cross-referencing the data with old files on
people, places and methods of attacks, they hope to get a new picture
of the organization's operations and identify its operatives, senior
U.S. law enforcement officials say.
They also are getting a closer look at the role of the Internet in Al
Qaeda's strategies — and a rare chance to turn the tables on the
organization's computer prowess.
"Al Qaeda relies on the Internet just like everyone else, and
increasingly more so," a senior Justice Department official said. "But
that reliance could also come back to bite them."
*
(BEGIN TEXT OF INFOBOX)
Background:
Mohammed Naeem Noor Khan
Mohammed Naeem Noor Khan, right, a suspected Al Qaeda computer expert,
was arrested July 15 in Pakistan.
Khan reportedly has told his FBI interrogators that the terrorist
network has monitored top U.S. political officials so closely that its
operatives know where they live and the names of their neighbors.
Authorities believe Khan may have been a key link among Al Qaeda cells
in Pakistan, Britain and the United States.
He was arrested while uploading information to several Al
Qaeda-affiliated websites at an Internet cafe in Karachi.
He reportedly was in the process of sending an e-mail death threat to
President Bush, claiming that it was from Al Qaeda.
— Los Angeles Times
*
Frantz reported from Istanbul and Meyer and Schmitt from Washington.
If you want other stories on this topic, search the Archives at
latimes.com/archives.
Article licensing and reprint options
Copyright 2004 Los Angeles Times
<http://www.latimes.com/news/nationworld/world/la-fg-
cyberterror15aug15,1,4393685,print.story?coll=la-home-headlines>
-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/