Terrorists Turn to the Web as Base of Operations
In the snow-draped mountains near Jalalabad in November 2001, as the Taliban collapsed and al Qaeda lost its Afghan sanctuary, Osama bin Laden biographer Hamid Mir watched "every second al Qaeda member carrying a laptop computer along with a Kalashnikov" as they prepared to scatter into hiding and exile. On the screens were photographs of Sept. 11 hijacker Mohamed Atta.
Nearly four years later, al Qaeda has become the first guerrilla movement in history to migrate from physical space to cyberspace. With laptops and DVDs, in secret hideouts and at neighborhood Internet cafes, young code-writing jihadists have sought to replicate the training, communication, planning and preaching facilities they lost in Afghanistan with countless new locations on the Internet.
Al Qaeda suicide bombers and ambush units in Iraq routinely depend on the Web for training and tactical support, relying on the Internet's anonymity and flexibility to operate with near impunity in cyberspace. In Qatar, Egypt and Europe, cells affiliated with al Qaeda that have recently carried out or seriously planned bombings have relied heavily on the Internet.
Such cases have led Western intelligence agencies and outside terrorism specialists to conclude that the "global jihad movement," sometimes led by al Qaeda fugitives but increasingly made up of diverse "groups and ad hoc cells," has become a "Web-directed" phenomenon, as a presentation for U.S. government terrorism analysts by longtime State Department expert Dennis Pluchinsky put it. Hampered by the nature of the Internet itself, the government has proven ineffective at blocking or even hindering significantly this vast online presence.
Among other things, al Qaeda and its offshoots are building a massive and dynamic online library of training materials -- some supported by experts who answer questions on message boards or in chat rooms -- covering such varied subjects as how to mix ricin poison, how to make a bomb from commercial chemicals, how to pose as a fisherman and sneak through Syria into Iraq, how to shoot at a U.S. soldier, and how to navigate by the stars while running through a night-shrouded desert. These materials are cascading across the Web in Arabic, Urdu, Pashto and other first languages of jihadist volunteers.
The Saudi Arabian branch of al Qaeda launched an online magazine in 2004 that exhorted potential recruits to use the Internet: "Oh Mujahid brother, in order to join the great training camps you don't have to travel to other lands," declared the inaugural issue of Muaskar al-Battar, or Camp of the Sword. "Alone, in your home or with a group of your brothers, you too can begin to execute the training program."
"Biological Weapons" was the stark title of a 15-page Arabic language document posted two months ago on the Web site of al Qaeda fugitive leader Mustafa Setmariam Nasar, one of the jihadist movement's most important propagandists, often referred to by the nom de guerre Abu Musab Suri. His document described "how the pneumonic plague could be made into a biological weapon," if a small supply of the virus could be acquired, according to a translation by Rebecca Givner-Forbes, an analyst at the Terrorism Research Center, an Arlington firm with U.S. government clients. Nasar's guide drew on U.S. and Japanese biological weapons programs from the World War II era and showed "how to inject carrier animals, like rats, with the virus and how to extract microbes from infected blood . . . and how to dry them so that they can be used with an aerosol delivery system."
Jihadists seek to overcome in cyberspace specific obstacles they face from armies and police forces in the physical world. In planning attacks, radical operatives are often at risk when they congregate at a mosque or cross a border with false documents. They are safer working on the Web. Al Qaeda and its offshoots "have understood that both time and space have in many ways been conquered by the Internet," said John Arquilla, a professor at the Naval Postgraduate School who coined the term "netwar" more than a decade ago.
Al Qaeda's innovation on the Web "erodes the ability of our security services to hit them when they're most vulnerable, when they're moving," said Michael Scheuer, former chief of the CIA unit that tracked bin Laden. "It used to be they had to go to Sudan, they had to go to Yemen, they had to go to Afghanistan to train," he added. Now, even when such travel is necessary, an al Qaeda operative "no longer has to carry anything that's incriminating. He doesn't need his schematics, he doesn't need his blueprints, he doesn't need formulas." Everything is posted on the Web or "can be sent ahead by encrypted Internet, and it gets lost in the billions of messages that are out there."
The number of active jihadist-related Web sites has metastasized since Sept. 11, 2001. When Gabriel Weimann, a professor at the University of Haifa in Israel, began tracking terrorist-related Web sites eight years ago, he found 12; today, he tracks more than 4,500. Hundreds of them celebrate al Qaeda or its ideas, he said.
"They are all linked indirectly through association of belief, belonging to some community. The Internet is the network that connects them all," Weimann said. "You can see the virtual community come alive."
Apart from its ideology and clandestine nature, the jihadist cyberworld is little different in structure from digital communities of role-playing gamers, eBay coin collectors or disease sufferers. Through continuous online contact, such communities bind dispersed individuals with intense beliefs who might never have met one another in the past. Along with radical jihad, the Internet also has enabled the flow of powerful ideas and inspiration in many other directions, such as encouraging democratic movements and creating vast new commercial markets.
Since the U.S. invasion of Iraq more than two years ago, the Web's growth as a jihadist meeting and training ground has accelerated.
But al Qaeda's move into cyberspace is far from total. Physical sanctuaries or unmolested spaces in Sunni Muslim-dominated areas of Iraq, in ungoverned tribal territories of Pakistan, in the southern Philippines, Africa and Europe still play important roles. Most violent al Qaeda-related attacks -- even in the most recent period of heavy jihadist Web use -- appear to involve leaders or volunteers with some traditional training camp or radical mosque backgrounds.
But the Web's growing centrality in al Qaeda-related operations and incitement has led such analysts as former CIA deputy director John E. McLaughlin to describe the movement as primarily driven today by "ideology and the Internet."
The Web's shapeless disregard for national boundaries and ethnic markers fits exactly with bin Laden's original vision for al Qaeda, which he founded to stimulate revolt among the worldwide Muslim ummah , or community of believers. Bin Laden's appeal among some Muslims has long flowed in part from his rare willingness among Arab leaders to surround himself with racially and ethnically diverse followers, to ignore ancient prejudices and national borders. In this sense of utopian ambition, the Web has become a gathering place for a rainbow coalition of jihadists. It offers al Qaeda "a virtual sanctuary" on a global scale, Rand Corp. terrorism specialist Bruce Hoffman said. "The Internet is the ideal medium for terrorism today: anonymous but pervasive."
In Afghanistan, the Taliban banned television and even toothbrushes as forbidden modern innovations. Yet al Qaeda, led by educated and privileged gadget hounds, adapted early and enthusiastically to the technologies of globalization, and its Arab volunteers managed to evade the Taliban's screen-smashing technology police.
Bin Laden used some of the first commercial satellite telephones while hiding out in Afghanistan. He produced propaganda videos with hand-held cameras long before the genre became commonplace. Bin Laden's sons played computer games in their compound in Jalalabad, recalled the journalist Abdel Bari Atwan, who interviewed bin Laden late in 1996.
Today, however, bin Laden and his deputy, Ayman Zawahiri, have fallen well behind their younger followers worldwide. The two still make speeches that must be recorded in a makeshift studio and couriered at considerable risk to al-Jazeera or other satellite stations, as with Zawahiri's message broadcast last week. Their younger adherents have moved on to Web sites and the production of short videos with shock appeal that can be distributed to millions instantly via the Internet.
Many online videos seek to replicate the Afghan training experience. An al Qaeda video library discovered on the Web and obtained by The Washington Post from an experienced researcher showed in a series of high-quality training films shot in Afghanistan how to conduct a roadside assassination, raid a house, shoot a rocket-propelled grenade, blow up a car, attack a village, destroy a bridge and fire an SA-7 surface-to-air missile. During a practice hostage-taking, the filmmakers chuckled as trainees herded men and women into a room, screaming in English, "Move! Move!"
One of al Qaeda's current Internet organizations, the Global Islamic Media Front, is now posting "a lot of training materials that we've been able to verify were used in Afghanistan," said Givner-Forbes, of the Terrorism Research Center. One recent online manual instructed how to extract explosive materials from missiles and land mines. Another offered a country-by-country list of "explosive materials available in Western markets," including France, Germany, Italy, Japan, the former Soviet Union and Britain.
These sites have converted sections of the Web into "an open university for jihad," said Reuven Paz, who heads the Project for the Research of Islamist Movements in Israel. "The main audience are the younger generation in the Arab world" who now can peruse at their own pace "one big madrassa on the Internet."
From One Site to Many
Al Qaeda's main communications vehicle after Sept. 11 was Alneda.com, a clearinghouse for new statements from bin Laden's leadership group as his grip on Afghan territory crumbled. An archive of the site, also obtained by The Post from the researcher, includes a library of pictures from the 2001 Afghan war, along with a collage of news accounts, long theological justifications for jihad, and celebrations of the Sept. 11 hijackers.
The webmaster and chief propagandist of the site has been identified by Western analysts as Yusuf Ayiri, a Saudi cleric and onetime al Qaeda instructor in Afghanistan. In the summer of 2002, U.S. authorities and volunteer campaigners who were trying to shut him down chased him across multiple computer servers. At one point, a pornographer gained control of the Alneda.com domain name, and the site shifted to servers in Malaysia, then Texas, then Michigan. Ayiri died in a gun battle with Saudi security forces in May 2003. His site ultimately disappeared.
Rather than one successor, there were hundreds.
Realizing that fixed Internet sites had become too vulnerable, al Qaeda and its affiliates turned to rapidly proliferating jihadist bulletin boards and Internet sites that offered free upload services where files could be stored. The outside attacks on sites like Alneda.com "forced the evolution of how jihadists are using the Internet to a more anonymous, more protected, more nomadic presence," said Ben N. Venzke, a U.S. government consultant whose firm IntelCenter monitors the sites. "The groups gave up on set sites and posted messages on discussion boards -- the perfect synergy. One of the best-known forums that emerged after Sept. 11 was Qalah, or Fortress. Registered to an address in Abu Dhabi, the United Arab Emirates, the site has been hosted in the U.S. by a Houston Internet provider, Everyone's Internet, that has also hosted a number of sites preaching radical Islam. Researchers who follow the site believe it may be connected to Saad Faqih, a leading Saudi dissident living in exile in Britain. They note that the same contact information is given for his acknowledged Web site and Qalah. Faqih has denied any link.
On Qalah, a potential al Qaeda recruit could find links to the latest in computer hacking techniques (in the discussion group called "electronic jihad"), the most recent beheading video from Iraq, and paeans to the Sept. 11 hijackers and long Koranic justifications of suicide attacks. Sawt al-Jihad, the online magazine of al Qaeda in Saudi Arabia, was available, as were long lists of "martyrs" who had died fighting in Iraq. The forum abruptly shut down on July 7, hours after a posting asserted responsibility for the London transit bombings that day in the name of the previously unknown Secret Organization of al Qaeda in Europe.
Until recently, al Qaeda's use of the Web appeared to be centered on communications: preaching, recruitment, community-building and broad incitement. But there is increasing evidence that al Qaeda and its offshoots are also using the Internet for tactical purposes, especially for training new adherents. "If you want to conduct an attack, you will find what you need on the Internet," said Rita Katz, director of the SITE Institute, a group that monitors and tracks the jihadist Internet sites.
Jarret Brachman, director of research at West Point's Combating Terrorism Center, said he recently found on the Internet a 1,300-page treatise by Nasar, the Spanish- and English-speaking al Qaeda leader who has long trained operatives in poison techniques. The book urged a campaign of media "resistance" waged on the Internet and implored young prospective fighters to study computers along with the Koran.
The Nasar book was posted anonymously on the hijacked server of a U.S. business, a tactic typical of online jihadist propagandists, whose webmasters steal space from vulnerable servers worldwide and hop from Web address to Web address to evade the campaigners against al Qaeda who seek to shut down their sites.
The movement has also innovated with great creativity to protect its most secret communications. Khalid Sheik Mohammed, a key planner of the Sept. 11 attacks later arrested in Pakistan, used what four researchers familiar with the technique called an electronic or virtual "dead drop" on the Web to avoid having his e-mails intercepted by eavesdroppers in the United States or allied governments. Mohammed or his operatives would open an account on a free, public e-mail service such as Hotmail, write a message in draft form, save it as a draft, then transmit the e-mail account name and password during chatter on a relatively secure message board, according to these researchers.
The intended recipient could then open the e-mail account and read the draft -- since no e-mail message was sent, there was a reduced risk of interception, the researchers said.
Matt Devost, president of the Terrorism Research Center, who has done research in the field for a decade, recalled that "silverbullet" was one of the passwords Mohammed reportedly used in this period. Sending fake streams of e-mail spam to disguise a single targeted message is another innovation used by jihadist communicators, specialists said.
Al Qaeda's success with such tactics has underscored the difficulty of gathering intelligence against the movement. Mohammed's e-mails, once discovered, "were the best actionable intelligence in the whole war" against bin Laden and his adherents, said Arquilla, the Naval Postgraduate School professor. But al Qaeda has been keenly aware of its electronic pursuers and has tried to do what it can to stay ahead -- mostly by using encryption.
Building Cells on the Web
In the last two years, a small number of cases have emerged in which jihadist cells appear to have formed among like-minded strangers who met online, according to intelligence officials and terrorism specialists. And there are many other cases in which bonds formed in the physical world have been sustained and nurtured by the Internet, according to specialists in and outside of government.
For example, Royal Canadian Mounted Police officers burst into the Ottawa home of Mohammed Momin Khawaja, a 24-year-old computer programmer, on March 29, 2004, arresting him for alleged complicity in what Canadian and British authorities described as a transatlantic plot to bomb targets in London and Canada. Khawaja, a contractor with Canada's Foreign Ministry, met his alleged British counterparts online and came to the attention of authorities only when he traveled to Britain and walked into a surveillance operation being conducted by British special police, according to two Western sources familiar with the case.
British prosecutors alleged in court that Khawaja met with his online acquaintances in an Internet cafe in London, where he showed them images of explosive devices found on the Web and told them how to detonate bombs using cell phones. The first person jailed under a strict new Canadian anti-terrorism law passed after Sept. 11, Khawaja is not scheduled to have a preliminary hearing on his case until January.
The transit attacks in London may also have an Internet connection, according to several analysts. They appear to be successful examples of "al Qaeda's assiduous effort to cultivate and train professional insurgents and urban warfare specialists via the Internet," wrote Scheuer, the former CIA analyst.
In a posting not long after the London attacks, a member of one of the al Qaeda-linked online forums asked how to take action himself. A cell of two or three people is better, replied another member in an exchange translated by the SITE Institute. Even better than that is a "virtual cell, an agreement between a group of brothers over the Internet." It is "safe," extolled the anonymous poster, and "nobody will know the identity of each other in the beginning." Once "harmony and mutual trust" are established, training conducted and videos watched, then "you can meet in reality and execute some operation in the field."
By Steve Coll and Susan B. Glasser
with contributions from Julie Tate
The Washington Post