Counter-Terrorism: Well Shut My Mouth

Archives

July 4, 2011: After years of leaving pro-terrorist web sites alone (so visitors could be monitored), there has been a sudden surge of attacks on these sites. For example, in late June, the main site for distributing pro-terrorist videos, audios and announcements was shut down. The target was the al Shamukh web site, and the attack was complex. Not only was the web site disabled, but also the server it operated from. This sort of attack requires skill, thus a government sponsored operation was suspected, although no one took credit for it. Al Shamukh is the only site al Qaeda trusts enough to communicate directly with. Now the terrorists have no "trusted" site to send their material for further distribution.

A month ago, British intelligence (MI6) hacked into al Qaeda's online magazine ("Inspire") and quietly replaced bomb making instructions with cupcake recipes, and removed or modified other information. While some intelligence officials prefer to hack hard and shut down these sites, outfits like MI6 and the CIA prefer to use sites like Inspire as a source of intelligence. This can be done by monitoring message boards, traffic to the site and other, more technical (but useful) information. The CIA has been suspected of doing what the MI6 did to Inspire, but using more subtle and lethal methods. For example, bomb making instructions can be changed in small ways, to make the bombs very dangerous to those making them. The same with other information on the site, making small changes that will create arguments or confusion among site users. These two techniques are ancient intelligence practices. Al Qaeda is particularly vulnerable to these kinds of attacks because Islamic terrorists have never become a threat via Internet based attacks and, in general, lack much knowledge of how the Internet is built and maintained. These techniques appear to be still used on other pro-terrorist sites.

Meanwhile, over a decade of warning about Islamic terrorists using the Internet to launch attacks has come to nothing. At most, there have been some defacing of web pages, often by hackers driven more by nationalism than religion. The Internet Jihad (struggle) has been mostly smoke, and very little fire.

Attempts by terrorists to recruit hackers have had very poor results. The Moslem world has much lower levels of literacy, education and computer proficiency than the West. Despite that, there are a growing number of programmers and Internet specialists in the Moslem world. But most of them have legitimate jobs in software firms, or maintaining software and Internet services for companies. Some are involved with Internet crime, and a very few are eager about helping carry out Internet based terrorism. Nearly all the Moslem blackhats (criminal hackers) are reluctant to get on a terrorism watch list, or something worse if they join some terrorist outfit. Moreover, Islamic terrorists recruit mainly from the young and clueless (and angry, uneducated and unemployed). Internet penetration in the Islamic world is very low, as is literacy itself. The Islamic cyber threat is largely fiction, because the potential pool of Islamic Internet Jihadis is so tiny.

This is somewhat surprising, as there are Cyber War tools available that even the poorly educated terrorist computer user could operate. For example, there's a software program that online gamers use to launch DDOS (Distributed Denial of Service) attacks on other players they are particularly angry with. DDOS is used to shut down a web site, or individual user's Internet access, with a flood of garbage messages, generated from as few as fifty "zombie PCs" (machines hackers have earlier seized control of). Some bot herders (those who control hundreds, or thousands, of zombies) will rent zombies for these small scale DDOS attacks. The going rate is a few dollars a day per zombie (fifty will usually do to shut down one person's Internet access). Several thousand zombies are needed to shut down a web site, and criminals use that many to blackmail online businesses. This sort of thing happens every day, but it is rarely used by Islamic terrorists.

Counter-terrorism organizations know why there have not been more of these attacks by al Qaeda, or any other self-proclaimed Islamic warriors. The fact is that the Islamic terrorists are not nearly as well organized or skilled as the mass media would lead you to believe. There are many types of attacks, not just those involving the Internet, that terrorists could carry out, but don't. It doesn't happen because the terrorists cannot get it together sufficiently to do it. That should tell you something. The potential is there, and that is scary. But the reality has to be recognized as well, and that's a lot less scary.

One area where the Islamic terror groups are capable is in manipulating the media to their advantage. This the U.S. announced, in late June, that more emphasis was being placed on attacking al Qaeda media operations. The attack on al Shamukh was apparently part of this, and will likely be followed by more Internet based operations, as well as efforts to cripple al Qaeda propaganda in print, TV and radio news outlets.