Language Selection

English French German Italian Portuguese Spanish

Terrorists Turn to the Web as Base of Operations

Filed under
Web

In the snow-draped mountains near Jalalabad in November 2001, as the Taliban collapsed and al Qaeda lost its Afghan sanctuary, Osama bin Laden biographer Hamid Mir watched "every second al Qaeda member carrying a laptop computer along with a Kalashnikov" as they prepared to scatter into hiding and exile. On the screens were photographs of Sept. 11 hijacker Mohamed Atta.

Nearly four years later, al Qaeda has become the first guerrilla movement in history to migrate from physical space to cyberspace. With laptops and DVDs, in secret hideouts and at neighborhood Internet cafes, young code-writing jihadists have sought to replicate the training, communication, planning and preaching facilities they lost in Afghanistan with countless new locations on the Internet.

Al Qaeda suicide bombers and ambush units in Iraq routinely depend on the Web for training and tactical support, relying on the Internet's anonymity and flexibility to operate with near impunity in cyberspace. In Qatar, Egypt and Europe, cells affiliated with al Qaeda that have recently carried out or seriously planned bombings have relied heavily on the Internet.

Such cases have led Western intelligence agencies and outside terrorism specialists to conclude that the "global jihad movement," sometimes led by al Qaeda fugitives but increasingly made up of diverse "groups and ad hoc cells," has become a "Web-directed" phenomenon, as a presentation for U.S. government terrorism analysts by longtime State Department expert Dennis Pluchinsky put it. Hampered by the nature of the Internet itself, the government has proven ineffective at blocking or even hindering significantly this vast online presence.

Among other things, al Qaeda and its offshoots are building a massive and dynamic online library of training materials -- some supported by experts who answer questions on message boards or in chat rooms -- covering such varied subjects as how to mix ricin poison, how to make a bomb from commercial chemicals, how to pose as a fisherman and sneak through Syria into Iraq, how to shoot at a U.S. soldier, and how to navigate by the stars while running through a night-shrouded desert. These materials are cascading across the Web in Arabic, Urdu, Pashto and other first languages of jihadist volunteers.

The Saudi Arabian branch of al Qaeda launched an online magazine in 2004 that exhorted potential recruits to use the Internet: "Oh Mujahid brother, in order to join the great training camps you don't have to travel to other lands," declared the inaugural issue of Muaskar al-Battar, or Camp of the Sword. "Alone, in your home or with a group of your brothers, you too can begin to execute the training program."

"Biological Weapons" was the stark title of a 15-page Arabic language document posted two months ago on the Web site of al Qaeda fugitive leader Mustafa Setmariam Nasar, one of the jihadist movement's most important propagandists, often referred to by the nom de guerre Abu Musab Suri. His document described "how the pneumonic plague could be made into a biological weapon," if a small supply of the virus could be acquired, according to a translation by Rebecca Givner-Forbes, an analyst at the Terrorism Research Center, an Arlington firm with U.S. government clients. Nasar's guide drew on U.S. and Japanese biological weapons programs from the World War II era and showed "how to inject carrier animals, like rats, with the virus and how to extract microbes from infected blood . . . and how to dry them so that they can be used with an aerosol delivery system."

Jihadists seek to overcome in cyberspace specific obstacles they face from armies and police forces in the physical world. In planning attacks, radical operatives are often at risk when they congregate at a mosque or cross a border with false documents. They are safer working on the Web. Al Qaeda and its offshoots "have understood that both time and space have in many ways been conquered by the Internet," said John Arquilla, a professor at the Naval Postgraduate School who coined the term "netwar" more than a decade ago.

Al Qaeda's innovation on the Web "erodes the ability of our security services to hit them when they're most vulnerable, when they're moving," said Michael Scheuer, former chief of the CIA unit that tracked bin Laden. "It used to be they had to go to Sudan, they had to go to Yemen, they had to go to Afghanistan to train," he added. Now, even when such travel is necessary, an al Qaeda operative "no longer has to carry anything that's incriminating. He doesn't need his schematics, he doesn't need his blueprints, he doesn't need formulas." Everything is posted on the Web or "can be sent ahead by encrypted Internet, and it gets lost in the billions of messages that are out there."

The number of active jihadist-related Web sites has metastasized since Sept. 11, 2001. When Gabriel Weimann, a professor at the University of Haifa in Israel, began tracking terrorist-related Web sites eight years ago, he found 12; today, he tracks more than 4,500. Hundreds of them celebrate al Qaeda or its ideas, he said.
"They are all linked indirectly through association of belief, belonging to some community. The Internet is the network that connects them all," Weimann said. "You can see the virtual community come alive."

Apart from its ideology and clandestine nature, the jihadist cyberworld is little different in structure from digital communities of role-playing gamers, eBay coin collectors or disease sufferers. Through continuous online contact, such communities bind dispersed individuals with intense beliefs who might never have met one another in the past. Along with radical jihad, the Internet also has enabled the flow of powerful ideas and inspiration in many other directions, such as encouraging democratic movements and creating vast new commercial markets.

Since the U.S. invasion of Iraq more than two years ago, the Web's growth as a jihadist meeting and training ground has accelerated.

But al Qaeda's move into cyberspace is far from total. Physical sanctuaries or unmolested spaces in Sunni Muslim-dominated areas of Iraq, in ungoverned tribal territories of Pakistan, in the southern Philippines, Africa and Europe still play important roles. Most violent al Qaeda-related attacks -- even in the most recent period of heavy jihadist Web use -- appear to involve leaders or volunteers with some traditional training camp or radical mosque backgrounds.

But the Web's growing centrality in al Qaeda-related operations and incitement has led such analysts as former CIA deputy director John E. McLaughlin to describe the movement as primarily driven today by "ideology and the Internet."

The Web's shapeless disregard for national boundaries and ethnic markers fits exactly with bin Laden's original vision for al Qaeda, which he founded to stimulate revolt among the worldwide Muslim ummah , or community of believers. Bin Laden's appeal among some Muslims has long flowed in part from his rare willingness among Arab leaders to surround himself with racially and ethnically diverse followers, to ignore ancient prejudices and national borders. In this sense of utopian ambition, the Web has become a gathering place for a rainbow coalition of jihadists. It offers al Qaeda "a virtual sanctuary" on a global scale, Rand Corp. terrorism specialist Bruce Hoffman said. "The Internet is the ideal medium for terrorism today: anonymous but pervasive."

In Afghanistan, the Taliban banned television and even toothbrushes as forbidden modern innovations. Yet al Qaeda, led by educated and privileged gadget hounds, adapted early and enthusiastically to the technologies of globalization, and its Arab volunteers managed to evade the Taliban's screen-smashing technology police.

Bin Laden used some of the first commercial satellite telephones while hiding out in Afghanistan. He produced propaganda videos with hand-held cameras long before the genre became commonplace. Bin Laden's sons played computer games in their compound in Jalalabad, recalled the journalist Abdel Bari Atwan, who interviewed bin Laden late in 1996.

Today, however, bin Laden and his deputy, Ayman Zawahiri, have fallen well behind their younger followers worldwide. The two still make speeches that must be recorded in a makeshift studio and couriered at considerable risk to al-Jazeera or other satellite stations, as with Zawahiri's message broadcast last week. Their younger adherents have moved on to Web sites and the production of short videos with shock appeal that can be distributed to millions instantly via the Internet.

Many online videos seek to replicate the Afghan training experience. An al Qaeda video library discovered on the Web and obtained by The Washington Post from an experienced researcher showed in a series of high-quality training films shot in Afghanistan how to conduct a roadside assassination, raid a house, shoot a rocket-propelled grenade, blow up a car, attack a village, destroy a bridge and fire an SA-7 surface-to-air missile. During a practice hostage-taking, the filmmakers chuckled as trainees herded men and women into a room, screaming in English, "Move! Move!"

One of al Qaeda's current Internet organizations, the Global Islamic Media Front, is now posting "a lot of training materials that we've been able to verify were used in Afghanistan," said Givner-Forbes, of the Terrorism Research Center. One recent online manual instructed how to extract explosive materials from missiles and land mines. Another offered a country-by-country list of "explosive materials available in Western markets," including France, Germany, Italy, Japan, the former Soviet Union and Britain.

These sites have converted sections of the Web into "an open university for jihad," said Reuven Paz, who heads the Project for the Research of Islamist Movements in Israel. "The main audience are the younger generation in the Arab world" who now can peruse at their own pace "one big madrassa on the Internet."

From One Site to Many

Al Qaeda's main communications vehicle after Sept. 11 was Alneda.com, a clearinghouse for new statements from bin Laden's leadership group as his grip on Afghan territory crumbled. An archive of the site, also obtained by The Post from the researcher, includes a library of pictures from the 2001 Afghan war, along with a collage of news accounts, long theological justifications for jihad, and celebrations of the Sept. 11 hijackers.

The webmaster and chief propagandist of the site has been identified by Western analysts as Yusuf Ayiri, a Saudi cleric and onetime al Qaeda instructor in Afghanistan. In the summer of 2002, U.S. authorities and volunteer campaigners who were trying to shut him down chased him across multiple computer servers. At one point, a pornographer gained control of the Alneda.com domain name, and the site shifted to servers in Malaysia, then Texas, then Michigan. Ayiri died in a gun battle with Saudi security forces in May 2003. His site ultimately disappeared.

Rather than one successor, there were hundreds.

Realizing that fixed Internet sites had become too vulnerable, al Qaeda and its affiliates turned to rapidly proliferating jihadist bulletin boards and Internet sites that offered free upload services where files could be stored. The outside attacks on sites like Alneda.com "forced the evolution of how jihadists are using the Internet to a more anonymous, more protected, more nomadic presence," said Ben N. Venzke, a U.S. government consultant whose firm IntelCenter monitors the sites. "The groups gave up on set sites and posted messages on discussion boards -- the perfect synergy. One of the best-known forums that emerged after Sept. 11 was Qalah, or Fortress. Registered to an address in Abu Dhabi, the United Arab Emirates, the site has been hosted in the U.S. by a Houston Internet provider, Everyone's Internet, that has also hosted a number of sites preaching radical Islam. Researchers who follow the site believe it may be connected to Saad Faqih, a leading Saudi dissident living in exile in Britain. They note that the same contact information is given for his acknowledged Web site and Qalah. Faqih has denied any link.

On Qalah, a potential al Qaeda recruit could find links to the latest in computer hacking techniques (in the discussion group called "electronic jihad"), the most recent beheading video from Iraq, and paeans to the Sept. 11 hijackers and long Koranic justifications of suicide attacks. Sawt al-Jihad, the online magazine of al Qaeda in Saudi Arabia, was available, as were long lists of "martyrs" who had died fighting in Iraq. The forum abruptly shut down on July 7, hours after a posting asserted responsibility for the London transit bombings that day in the name of the previously unknown Secret Organization of al Qaeda in Europe.

Until recently, al Qaeda's use of the Web appeared to be centered on communications: preaching, recruitment, community-building and broad incitement. But there is increasing evidence that al Qaeda and its offshoots are also using the Internet for tactical purposes, especially for training new adherents. "If you want to conduct an attack, you will find what you need on the Internet," said Rita Katz, director of the SITE Institute, a group that monitors and tracks the jihadist Internet sites.

Jarret Brachman, director of research at West Point's Combating Terrorism Center, said he recently found on the Internet a 1,300-page treatise by Nasar, the Spanish- and English-speaking al Qaeda leader who has long trained operatives in poison techniques. The book urged a campaign of media "resistance" waged on the Internet and implored young prospective fighters to study computers along with the Koran.
The Nasar book was posted anonymously on the hijacked server of a U.S. business, a tactic typical of online jihadist propagandists, whose webmasters steal space from vulnerable servers worldwide and hop from Web address to Web address to evade the campaigners against al Qaeda who seek to shut down their sites.

The movement has also innovated with great creativity to protect its most secret communications. Khalid Sheik Mohammed, a key planner of the Sept. 11 attacks later arrested in Pakistan, used what four researchers familiar with the technique called an electronic or virtual "dead drop" on the Web to avoid having his e-mails intercepted by eavesdroppers in the United States or allied governments. Mohammed or his operatives would open an account on a free, public e-mail service such as Hotmail, write a message in draft form, save it as a draft, then transmit the e-mail account name and password during chatter on a relatively secure message board, according to these researchers.

The intended recipient could then open the e-mail account and read the draft -- since no e-mail message was sent, there was a reduced risk of interception, the researchers said.

Matt Devost, president of the Terrorism Research Center, who has done research in the field for a decade, recalled that "silverbullet" was one of the passwords Mohammed reportedly used in this period. Sending fake streams of e-mail spam to disguise a single targeted message is another innovation used by jihadist communicators, specialists said.

Al Qaeda's success with such tactics has underscored the difficulty of gathering intelligence against the movement. Mohammed's e-mails, once discovered, "were the best actionable intelligence in the whole war" against bin Laden and his adherents, said Arquilla, the Naval Postgraduate School professor. But al Qaeda has been keenly aware of its electronic pursuers and has tried to do what it can to stay ahead -- mostly by using encryption.

Building Cells on the Web

In the last two years, a small number of cases have emerged in which jihadist cells appear to have formed among like-minded strangers who met online, according to intelligence officials and terrorism specialists. And there are many other cases in which bonds formed in the physical world have been sustained and nurtured by the Internet, according to specialists in and outside of government.

For example, Royal Canadian Mounted Police officers burst into the Ottawa home of Mohammed Momin Khawaja, a 24-year-old computer programmer, on March 29, 2004, arresting him for alleged complicity in what Canadian and British authorities described as a transatlantic plot to bomb targets in London and Canada. Khawaja, a contractor with Canada's Foreign Ministry, met his alleged British counterparts online and came to the attention of authorities only when he traveled to Britain and walked into a surveillance operation being conducted by British special police, according to two Western sources familiar with the case.

British prosecutors alleged in court that Khawaja met with his online acquaintances in an Internet cafe in London, where he showed them images of explosive devices found on the Web and told them how to detonate bombs using cell phones. The first person jailed under a strict new Canadian anti-terrorism law passed after Sept. 11, Khawaja is not scheduled to have a preliminary hearing on his case until January.

The transit attacks in London may also have an Internet connection, according to several analysts. They appear to be successful examples of "al Qaeda's assiduous effort to cultivate and train professional insurgents and urban warfare specialists via the Internet," wrote Scheuer, the former CIA analyst.

In a posting not long after the London attacks, a member of one of the al Qaeda-linked online forums asked how to take action himself. A cell of two or three people is better, replied another member in an exchange translated by the SITE Institute. Even better than that is a "virtual cell, an agreement between a group of brothers over the Internet." It is "safe," extolled the anonymous poster, and "nobody will know the identity of each other in the beginning." Once "harmony and mutual trust" are established, training conducted and videos watched, then "you can meet in reality and execute some operation in the field."

By Steve Coll and Susan B. Glasser
with contributions from Julie Tate
The Washington Post

More in Tux Machines

KDE Leftovers

  • Integrate Your Android Device With Ubuntu Using KDE Connect Indicator Fork
    KDE Connect is a tool which allows your Android device to integrate with your Linux desktop. With KDE Connect Indicator, you can use KDE Connect on desktop that support AppIndicators, like Unity, Xfce (Xubuntu), and so on.
  • FirstAid – PDF Help Viewer
    in the recent months, I didn’t find much time to spend on Kate/KTextEditor development. But at least I was now able to spend a bit more time on OpenSource & Qt things even during work time in our company. Normally I am stuck there with low level binary or source analysis work. [...] Therefore, as our GUIs are developed with Qt anyways, we did take a look at libpoppler (and its Qt 5 bindings), which is the base of Okular, too.
  • KBibTeX 0.6.1-rc2 released
    After quite some delay, I finally assembled a second release candidate for KBibTeX 0.6.1. Version 0.6.1 will be the last release in the 0.6.x series.
  • Meet KDE at FOSDEM Next Month
    Next month is FOSDEM, the largest gathering of free software developers anywhere in Europe. FOSDEM 2017 is being held at the ULB Campus Solbosch on Saturday 4th and Sunday 5th of February. Thousands of coders, designers, maintainers and managers from projects as popular as Linux and as obscure as Tcl/Tk will descend on the European capital Brussels to talk, present, show off and drink beer.

Leftovers: OSS

  • D-Wave Unveils Open-Source Software for Quantum Computing
    Canada-based D-Wave Systems has released an open-source software tool designed to help developers program quantum computers, Wired reported Wednesday.
  • D-Wave builds open quantum computing software development ecosystem
    D-Wave Systems has released an open source quantum computing chunk of software. Quantum computing, as we know, moves us on from the world of mere 1’s and 0’s in binary to the new level of ‘superposition’ qubits that can represent many more values and therefore more computing power — read this accessible piece for a simple explanation of quantum computing.
  • FOSS Compositing With Natron
    Anyone who likes to work with graphics will at one time or another find compositing software useful. Luckily, FOSS has several of the best in Blender and Natron.
  • Hadoop Creator Doug Cutting: 5 Ways to Be Successful with Open Source in 2017
    Because of my long-standing association with the Apache Software Foundation, I’m often asked the question, “What’s next for open source technology?” My typical response is variations of “I don’t know” to “the possibilities are endless.” Over the past year, we’ve seen open source technology make strong inroads into the mainstream of enterprise technology. Who would have thought that my work on Hadoop ten years ago would impact so many industries – from manufacturing to telecom to finance. They have all taken hold of the powers of the open source ecosystem not only to improve the customer experience, become more innovative and grow the bottom line, but also to support work toward the greater good of society through genomic research, precision medicine and programs to stop human trafficking, as just a few examples. Below I’ve listed five tips for folks who are curious about how to begin working with open source and what to expect from the ever-changing ecosystem.
  • Radio Free HPC Looks at New Open Source Software for Quantum Computing
    In this podcast, the Radio Free HPC team looks at D-Wave’s new open source software for quantum computing. The software is available on github along with a whitepaper written by Cray Research alums Mike Booth and Steve Reinhardt.
  • Why events matter and how to do them right
    Marina Paych was a newcomer to open source software when she left a non-governmental organization for a new start in the IT sector—on her birthday, no less. But the real surprise turned out to be open source. Fast forward two years and this head of organizational development runs an entire department, complete with a promotional staff that strategically markets her employer's open source web development services on a worldwide scale.
  • Exploring OpenStack's Trove DBaaS Cloud Servic
    You can install databases such as MySQL, PostgreSQL, or even MongoDB very quickly thanks to package management, but the installation is not even half the battle. A functioning database also needs user accounts and several configuration steps for better performance and security. This need for additional configuration poses challenges in cloud environments. You can always manually install a virtual machine in traditional settings, but cloud users want to generate an entire virtual environment from a template. Manual intervention is difficult or sometimes even impossible.
  • Mobile Edge Computing Creates ‘Tiny Data Centers’ at the Edge
    “Usually access networks include all kinds of encryption and tunneling protocols,” says Fite. “It’s not a standard, native-IP environment.” Saguna’s platform creates a bridge between the access network to a small OpenStack cloud, which works in a standard IP environment. It provides APIs about such things as location, registration for services, traffic direction, radio network services, and available bandwidth.

Leftovers: Ubuntu and Debian

  • Debian Creeps Closer To The Next Release
    I’ve been alarmed by the slow progress of Debian towards the next release. They’ve had several weird gyrations in numbers of “release-critical” bugs and still many packages fail to build from source. Last time this stage, they had only a few hundred bugs to go. Now they are over 600. I guess some of that comes from increasing the number of included packages. There are bound to be more bad interactions, like changing the C compiler. I hate that language which seems to be a moving target… Systemd seems to be smoother but it still gives me problems.
  • Mir: 2016 end of year review
    2016 was a good year for Mir – it is being used in more places, it has more and better upstream support and it is easier to use by downstream projects. 2017 will be even better and will see version 1.0 released.
  • Ubuntu Still Planning For Mir 1.0 In 2017
    Alan Griffiths of Canonical today posted a year-in-review for Mir during 2016 and a look ahead to this year.
  • Linux Mint 18.1 “Serena” KDE – BETA Release

GNU Gimp Development

  • Community-supported development of GEGL now live
    Almost every new major feature people have been asking us for, be it high bit depth support, or full CMYK support, or layer effects, would be impossible without having a robust, capable image processing core. Øyvind Kolås picked up GEGL in mid-2000s and has been working on it in his spare time ever since. He is the author of 42% of commits in GEGL and 50% of commits in babl (pixel data conversion library).
  • 2016 in review
    When we released GIMP 2.9.2 in late 2015 and stepped over into 2016, we already knew that we’d be doing mostly polishing. This turned out to be true to a larger extent, and most of the work we did was under-the-hood changes. But quite a few new features slipped in. So, what are the big user-visible changes for GIMP in 2016?