Language Selection

English French German Italian Portuguese Spanish

Terrorists Turn to the Web as Base of Operations

Filed under
Web

In the snow-draped mountains near Jalalabad in November 2001, as the Taliban collapsed and al Qaeda lost its Afghan sanctuary, Osama bin Laden biographer Hamid Mir watched "every second al Qaeda member carrying a laptop computer along with a Kalashnikov" as they prepared to scatter into hiding and exile. On the screens were photographs of Sept. 11 hijacker Mohamed Atta.

Nearly four years later, al Qaeda has become the first guerrilla movement in history to migrate from physical space to cyberspace. With laptops and DVDs, in secret hideouts and at neighborhood Internet cafes, young code-writing jihadists have sought to replicate the training, communication, planning and preaching facilities they lost in Afghanistan with countless new locations on the Internet.

Al Qaeda suicide bombers and ambush units in Iraq routinely depend on the Web for training and tactical support, relying on the Internet's anonymity and flexibility to operate with near impunity in cyberspace. In Qatar, Egypt and Europe, cells affiliated with al Qaeda that have recently carried out or seriously planned bombings have relied heavily on the Internet.

Such cases have led Western intelligence agencies and outside terrorism specialists to conclude that the "global jihad movement," sometimes led by al Qaeda fugitives but increasingly made up of diverse "groups and ad hoc cells," has become a "Web-directed" phenomenon, as a presentation for U.S. government terrorism analysts by longtime State Department expert Dennis Pluchinsky put it. Hampered by the nature of the Internet itself, the government has proven ineffective at blocking or even hindering significantly this vast online presence.

Among other things, al Qaeda and its offshoots are building a massive and dynamic online library of training materials -- some supported by experts who answer questions on message boards or in chat rooms -- covering such varied subjects as how to mix ricin poison, how to make a bomb from commercial chemicals, how to pose as a fisherman and sneak through Syria into Iraq, how to shoot at a U.S. soldier, and how to navigate by the stars while running through a night-shrouded desert. These materials are cascading across the Web in Arabic, Urdu, Pashto and other first languages of jihadist volunteers.

The Saudi Arabian branch of al Qaeda launched an online magazine in 2004 that exhorted potential recruits to use the Internet: "Oh Mujahid brother, in order to join the great training camps you don't have to travel to other lands," declared the inaugural issue of Muaskar al-Battar, or Camp of the Sword. "Alone, in your home or with a group of your brothers, you too can begin to execute the training program."

"Biological Weapons" was the stark title of a 15-page Arabic language document posted two months ago on the Web site of al Qaeda fugitive leader Mustafa Setmariam Nasar, one of the jihadist movement's most important propagandists, often referred to by the nom de guerre Abu Musab Suri. His document described "how the pneumonic plague could be made into a biological weapon," if a small supply of the virus could be acquired, according to a translation by Rebecca Givner-Forbes, an analyst at the Terrorism Research Center, an Arlington firm with U.S. government clients. Nasar's guide drew on U.S. and Japanese biological weapons programs from the World War II era and showed "how to inject carrier animals, like rats, with the virus and how to extract microbes from infected blood . . . and how to dry them so that they can be used with an aerosol delivery system."

Jihadists seek to overcome in cyberspace specific obstacles they face from armies and police forces in the physical world. In planning attacks, radical operatives are often at risk when they congregate at a mosque or cross a border with false documents. They are safer working on the Web. Al Qaeda and its offshoots "have understood that both time and space have in many ways been conquered by the Internet," said John Arquilla, a professor at the Naval Postgraduate School who coined the term "netwar" more than a decade ago.

Al Qaeda's innovation on the Web "erodes the ability of our security services to hit them when they're most vulnerable, when they're moving," said Michael Scheuer, former chief of the CIA unit that tracked bin Laden. "It used to be they had to go to Sudan, they had to go to Yemen, they had to go to Afghanistan to train," he added. Now, even when such travel is necessary, an al Qaeda operative "no longer has to carry anything that's incriminating. He doesn't need his schematics, he doesn't need his blueprints, he doesn't need formulas." Everything is posted on the Web or "can be sent ahead by encrypted Internet, and it gets lost in the billions of messages that are out there."

The number of active jihadist-related Web sites has metastasized since Sept. 11, 2001. When Gabriel Weimann, a professor at the University of Haifa in Israel, began tracking terrorist-related Web sites eight years ago, he found 12; today, he tracks more than 4,500. Hundreds of them celebrate al Qaeda or its ideas, he said.
"They are all linked indirectly through association of belief, belonging to some community. The Internet is the network that connects them all," Weimann said. "You can see the virtual community come alive."

Apart from its ideology and clandestine nature, the jihadist cyberworld is little different in structure from digital communities of role-playing gamers, eBay coin collectors or disease sufferers. Through continuous online contact, such communities bind dispersed individuals with intense beliefs who might never have met one another in the past. Along with radical jihad, the Internet also has enabled the flow of powerful ideas and inspiration in many other directions, such as encouraging democratic movements and creating vast new commercial markets.

Since the U.S. invasion of Iraq more than two years ago, the Web's growth as a jihadist meeting and training ground has accelerated.

But al Qaeda's move into cyberspace is far from total. Physical sanctuaries or unmolested spaces in Sunni Muslim-dominated areas of Iraq, in ungoverned tribal territories of Pakistan, in the southern Philippines, Africa and Europe still play important roles. Most violent al Qaeda-related attacks -- even in the most recent period of heavy jihadist Web use -- appear to involve leaders or volunteers with some traditional training camp or radical mosque backgrounds.

But the Web's growing centrality in al Qaeda-related operations and incitement has led such analysts as former CIA deputy director John E. McLaughlin to describe the movement as primarily driven today by "ideology and the Internet."

The Web's shapeless disregard for national boundaries and ethnic markers fits exactly with bin Laden's original vision for al Qaeda, which he founded to stimulate revolt among the worldwide Muslim ummah , or community of believers. Bin Laden's appeal among some Muslims has long flowed in part from his rare willingness among Arab leaders to surround himself with racially and ethnically diverse followers, to ignore ancient prejudices and national borders. In this sense of utopian ambition, the Web has become a gathering place for a rainbow coalition of jihadists. It offers al Qaeda "a virtual sanctuary" on a global scale, Rand Corp. terrorism specialist Bruce Hoffman said. "The Internet is the ideal medium for terrorism today: anonymous but pervasive."

In Afghanistan, the Taliban banned television and even toothbrushes as forbidden modern innovations. Yet al Qaeda, led by educated and privileged gadget hounds, adapted early and enthusiastically to the technologies of globalization, and its Arab volunteers managed to evade the Taliban's screen-smashing technology police.

Bin Laden used some of the first commercial satellite telephones while hiding out in Afghanistan. He produced propaganda videos with hand-held cameras long before the genre became commonplace. Bin Laden's sons played computer games in their compound in Jalalabad, recalled the journalist Abdel Bari Atwan, who interviewed bin Laden late in 1996.

Today, however, bin Laden and his deputy, Ayman Zawahiri, have fallen well behind their younger followers worldwide. The two still make speeches that must be recorded in a makeshift studio and couriered at considerable risk to al-Jazeera or other satellite stations, as with Zawahiri's message broadcast last week. Their younger adherents have moved on to Web sites and the production of short videos with shock appeal that can be distributed to millions instantly via the Internet.

Many online videos seek to replicate the Afghan training experience. An al Qaeda video library discovered on the Web and obtained by The Washington Post from an experienced researcher showed in a series of high-quality training films shot in Afghanistan how to conduct a roadside assassination, raid a house, shoot a rocket-propelled grenade, blow up a car, attack a village, destroy a bridge and fire an SA-7 surface-to-air missile. During a practice hostage-taking, the filmmakers chuckled as trainees herded men and women into a room, screaming in English, "Move! Move!"

One of al Qaeda's current Internet organizations, the Global Islamic Media Front, is now posting "a lot of training materials that we've been able to verify were used in Afghanistan," said Givner-Forbes, of the Terrorism Research Center. One recent online manual instructed how to extract explosive materials from missiles and land mines. Another offered a country-by-country list of "explosive materials available in Western markets," including France, Germany, Italy, Japan, the former Soviet Union and Britain.

These sites have converted sections of the Web into "an open university for jihad," said Reuven Paz, who heads the Project for the Research of Islamist Movements in Israel. "The main audience are the younger generation in the Arab world" who now can peruse at their own pace "one big madrassa on the Internet."

From One Site to Many

Al Qaeda's main communications vehicle after Sept. 11 was Alneda.com, a clearinghouse for new statements from bin Laden's leadership group as his grip on Afghan territory crumbled. An archive of the site, also obtained by The Post from the researcher, includes a library of pictures from the 2001 Afghan war, along with a collage of news accounts, long theological justifications for jihad, and celebrations of the Sept. 11 hijackers.

The webmaster and chief propagandist of the site has been identified by Western analysts as Yusuf Ayiri, a Saudi cleric and onetime al Qaeda instructor in Afghanistan. In the summer of 2002, U.S. authorities and volunteer campaigners who were trying to shut him down chased him across multiple computer servers. At one point, a pornographer gained control of the Alneda.com domain name, and the site shifted to servers in Malaysia, then Texas, then Michigan. Ayiri died in a gun battle with Saudi security forces in May 2003. His site ultimately disappeared.

Rather than one successor, there were hundreds.

Realizing that fixed Internet sites had become too vulnerable, al Qaeda and its affiliates turned to rapidly proliferating jihadist bulletin boards and Internet sites that offered free upload services where files could be stored. The outside attacks on sites like Alneda.com "forced the evolution of how jihadists are using the Internet to a more anonymous, more protected, more nomadic presence," said Ben N. Venzke, a U.S. government consultant whose firm IntelCenter monitors the sites. "The groups gave up on set sites and posted messages on discussion boards -- the perfect synergy. One of the best-known forums that emerged after Sept. 11 was Qalah, or Fortress. Registered to an address in Abu Dhabi, the United Arab Emirates, the site has been hosted in the U.S. by a Houston Internet provider, Everyone's Internet, that has also hosted a number of sites preaching radical Islam. Researchers who follow the site believe it may be connected to Saad Faqih, a leading Saudi dissident living in exile in Britain. They note that the same contact information is given for his acknowledged Web site and Qalah. Faqih has denied any link.

On Qalah, a potential al Qaeda recruit could find links to the latest in computer hacking techniques (in the discussion group called "electronic jihad"), the most recent beheading video from Iraq, and paeans to the Sept. 11 hijackers and long Koranic justifications of suicide attacks. Sawt al-Jihad, the online magazine of al Qaeda in Saudi Arabia, was available, as were long lists of "martyrs" who had died fighting in Iraq. The forum abruptly shut down on July 7, hours after a posting asserted responsibility for the London transit bombings that day in the name of the previously unknown Secret Organization of al Qaeda in Europe.

Until recently, al Qaeda's use of the Web appeared to be centered on communications: preaching, recruitment, community-building and broad incitement. But there is increasing evidence that al Qaeda and its offshoots are also using the Internet for tactical purposes, especially for training new adherents. "If you want to conduct an attack, you will find what you need on the Internet," said Rita Katz, director of the SITE Institute, a group that monitors and tracks the jihadist Internet sites.

Jarret Brachman, director of research at West Point's Combating Terrorism Center, said he recently found on the Internet a 1,300-page treatise by Nasar, the Spanish- and English-speaking al Qaeda leader who has long trained operatives in poison techniques. The book urged a campaign of media "resistance" waged on the Internet and implored young prospective fighters to study computers along with the Koran.
The Nasar book was posted anonymously on the hijacked server of a U.S. business, a tactic typical of online jihadist propagandists, whose webmasters steal space from vulnerable servers worldwide and hop from Web address to Web address to evade the campaigners against al Qaeda who seek to shut down their sites.

The movement has also innovated with great creativity to protect its most secret communications. Khalid Sheik Mohammed, a key planner of the Sept. 11 attacks later arrested in Pakistan, used what four researchers familiar with the technique called an electronic or virtual "dead drop" on the Web to avoid having his e-mails intercepted by eavesdroppers in the United States or allied governments. Mohammed or his operatives would open an account on a free, public e-mail service such as Hotmail, write a message in draft form, save it as a draft, then transmit the e-mail account name and password during chatter on a relatively secure message board, according to these researchers.

The intended recipient could then open the e-mail account and read the draft -- since no e-mail message was sent, there was a reduced risk of interception, the researchers said.

Matt Devost, president of the Terrorism Research Center, who has done research in the field for a decade, recalled that "silverbullet" was one of the passwords Mohammed reportedly used in this period. Sending fake streams of e-mail spam to disguise a single targeted message is another innovation used by jihadist communicators, specialists said.

Al Qaeda's success with such tactics has underscored the difficulty of gathering intelligence against the movement. Mohammed's e-mails, once discovered, "were the best actionable intelligence in the whole war" against bin Laden and his adherents, said Arquilla, the Naval Postgraduate School professor. But al Qaeda has been keenly aware of its electronic pursuers and has tried to do what it can to stay ahead -- mostly by using encryption.

Building Cells on the Web

In the last two years, a small number of cases have emerged in which jihadist cells appear to have formed among like-minded strangers who met online, according to intelligence officials and terrorism specialists. And there are many other cases in which bonds formed in the physical world have been sustained and nurtured by the Internet, according to specialists in and outside of government.

For example, Royal Canadian Mounted Police officers burst into the Ottawa home of Mohammed Momin Khawaja, a 24-year-old computer programmer, on March 29, 2004, arresting him for alleged complicity in what Canadian and British authorities described as a transatlantic plot to bomb targets in London and Canada. Khawaja, a contractor with Canada's Foreign Ministry, met his alleged British counterparts online and came to the attention of authorities only when he traveled to Britain and walked into a surveillance operation being conducted by British special police, according to two Western sources familiar with the case.

British prosecutors alleged in court that Khawaja met with his online acquaintances in an Internet cafe in London, where he showed them images of explosive devices found on the Web and told them how to detonate bombs using cell phones. The first person jailed under a strict new Canadian anti-terrorism law passed after Sept. 11, Khawaja is not scheduled to have a preliminary hearing on his case until January.

The transit attacks in London may also have an Internet connection, according to several analysts. They appear to be successful examples of "al Qaeda's assiduous effort to cultivate and train professional insurgents and urban warfare specialists via the Internet," wrote Scheuer, the former CIA analyst.

In a posting not long after the London attacks, a member of one of the al Qaeda-linked online forums asked how to take action himself. A cell of two or three people is better, replied another member in an exchange translated by the SITE Institute. Even better than that is a "virtual cell, an agreement between a group of brothers over the Internet." It is "safe," extolled the anonymous poster, and "nobody will know the identity of each other in the beginning." Once "harmony and mutual trust" are established, training conducted and videos watched, then "you can meet in reality and execute some operation in the field."

By Steve Coll and Susan B. Glasser
with contributions from Julie Tate
The Washington Post

More in Tux Machines

Android Leftovers

Leftovers: OSS and Sharing

  • Apache Graduates Another Big Data Project to Top Level
    For the past year, we've taken note of the many projects that the Apache Software Foundation has been elevating to Top-Level Status. The organization incubates more than 350 open source projects and initiatives, and has squarely turned its focus to Big Data and developer-focused tools in recent months. As Apache moves Big Data projects to Top-Level Status, they gain valuable community support. Only days ago, the foundation announced that Apache Kudu has graduated from the Apache Incubator to become a Top-Level Project (TLP). Kudu is an open source columnar storage engine built for the Apache Hadoop ecosystem designed to enable flexible, high-performance analytic pipelines. And now, Apache Twill has graduated as well. Twill is an abstraction over Apache Hadoop YARN that reduces the complexity of developing distributed Hadoop applications, allowing developers to focus more on their application logic.
  • Spark 2.0 takes an all-in-one approach to big data
    Apache Spark, the in-memory processing system that's fast become a centerpiece of modern big data frameworks, has officially released its long-awaited version 2.0. Aside from some major usability and performance improvements, Spark 2.0's mission is to become a total solution for streaming and real-time data. This comes as a number of other projects -- including others from the Apache Foundation -- provide their own ways to boost real-time and in-memory processing.
  • Why Uber Engineering Switched from Postgres to MySQL
    The early architecture of Uber consisted of a monolithic backend application written in Python that used Postgres for data persistence. Since that time, the architecture of Uber has changed significantly, to a model of microservices and new data platforms. Specifically, in many of the cases where we previously used Postgres, we now use Schemaless, a novel database sharding layer built on top of MySQL. In this article, we’ll explore some of the drawbacks we found with Postgres and explain the decision to build Schemaless and other backend services on top of MySQL.
  • GNU Hyperbole 6.0.1 for Emacs 24.4 to 25 is released
    GNU Hyperbole (pronounced Ga-new Hi-per-bo-lee), or just Hyperbole, is an amazing programmable hypertextual information management system implemented as a GNU Emacs package. This is the first public release in 2016. Hyperbole has been greatly expanded and modernized for use with the latest Emacs 25 releases; it supports GNU Emacs 24.4 or above. It contains an extensive set of improvements that can greatly boost your day-to-day productivity with Emacs and your ability to manage information stored across many different machines on the internet. People who get used to Hyperbole find it helps them so much that they prefer never to use Emacs without it.
  • Belgium mulls reuse of banking mobile eID app
    The Belgium government wants to reuse ‘Belgian Mobile ID’ a smartphone app for electronic identification, developed by banks and telecom providers in the country. The eID app could be used for eGovernment services, and the federal IT service agency, Fedict, is working on the app’s integration.
  • Water resilience that flows: Open source technologies keep an eye on the water flow
    Communities around the world are familiar with the devastation brought on by floods and droughts. Scientists are concerned that, in light of global climate change, these events will only become more frequent and intense. Water variability, at its worst, can threaten the lives and well-beings of countless people. Sadly, humans cannot control the weather to protect themselves. But according to Silja Hund, a researcher at the University of British Columbia, communities can build resilience to water resource stress. Hund studies the occurrence and behavior of water. In particular, she studies rivers and streams. These have features (like water volume) that can change quickly. According to Hund, it is essential for communities to understand local water systems. Knowledge of water resources is helpful in developing effective water strategies. And one of the best ways to understand dynamic water bodies like rivers is to collect lots of data.

Development News

  • JavaScript keeps its spot atop programming language rankings
    U.K.-based technology analyst firm RedMonk just released the latest version of its biannual rankings of programming languages, and once again JavaScript tops the list, followed by Java and PHP. Those are same three languages that topped RedMonk’s list in January. In fact, the entire top 10 remains the same as it was it was six months ago. Perhaps the biggest surprise in Redmonk’s list—compiling the “performance of programming languages relative to one another on GitHub and Stack Overflow”—is that there are so few surprises, at least in the top 10.
  • Plenty of fish in the C, IEEE finds in language popularity contest
    It's no surprise that C and Java share the top two spots in the IEEE Spectrum's latest Interactive Top Programming Languages survey, but R at number five? That's a surprise. This month's raking from TIOBE put Java at number one and C at number two, while the IEEE reverses those two, and the IEEE doesn't rank assembly as a top-ten language like TIOBE does. It's worth noting however that the IEEE's sources are extremely diverse: the index comprises search results from Google, Twitter, GitHub, StackOverflow, Reddit, Hacker News, CareerBuilder, Dice, and the institute's own eXplore Digital Library. Even then, there are some oddities in the 48 programming environments assessed: several commenters to the index have already remarked that “Arduino” shouldn't be considered a language, because code for the teeny breadboard is written in C or C++.

Security Leftovers