Intelligence: March 8, 2004

Archives

You'd have thought that al Qaeda would be wary of using cell phones by now. Well, no, at least not up to early 2003, when al Qaeda suddenly began to chuck their cell phones. Al Qaeda thought they were safe because they were using cell phone models, common in Europe, that use Subscriber Identity Modules (SIM). This are small memory cards (an inch long and 3/5s of an inch wide) that carry the cell phone subscribers ID information and phone book. Slip your SIM into a new cell phone, and you are in business. Or, as al Qaeda was doing, buy a bunch of SIMs (each representing a new account and phone number) and keep changing them so that the police can't track you down. Most attractive was the fact that you could buy SIMs anonymously. It all seemed foolproof. Alas, too many of the al Qaeda members changed cell phones more frequently than they changed SIMs. The terrorists forgot that once they called a number that was being tapped by the police, their SIM could be identified (at least by the location of each call). The Swiss company that sold the most popular SIMs (Swisscom) cooperated with police in tracking the  al Qaeda users. The police were able to identify who used phones being called that were not using SIMs. Bit by bit, a list of al Qaeda members and supporters was built up. In addition,  European police began to collect thousands of phone numbers being stored on al Qaeda SIMs that were captured when the phone owners were arrested. As a result, police were able to round up dozens of al Qaeda members and abort several terrorist attacks. Eventually, al Qaeda members figured out what was going on, and eventually the word reached journalists. At the point, the police realized they had nothing to lose (and some praise to gain), by admitting what they had done (but not all the details of how they had done it). The information collected is still being exploited to watch for al Qaeda supporters who might turn activist, or provide support for new groups of activists.

Al Qaeda is now using internet phone calls (VOIP), email and couriers carrying hand written notes, CDROMs or computer memory devices. These methods are vulnerable to detection as well, and al Qaeda knows that. But al Qaeda has consistently been sloppy with OPSEC (Operational Security.) You'd think that, by now, they would have wised up. But no, and for that the world can be thankful. For without that sloppiness, and the ability of counter-terrorist organizations to exploit it, hundreds more would be dead from terrorist activity. Several of the aborted attacks were in Saudi Arabia, and some were in Iraq.