Al-Qaida proving elusive on the Net

Shadowy network of Islamic fundamentalists adopt online tactics that mirror offline techniques for evading discovery.

Anne Broache
Anne Broache Staff Writer, CNET News.com
Anne Broache
covers Capitol Hill goings-on and technology policy from Washington, D.C.
7 min read
An American-led military invasion of Afghanistan took just months to uproot al-Qaida from the rocky slopes of Tora Bora and the White Mountains.

But nearly four years later, even the combined might of the United States and its allies has had a far more difficult time scouring the Internet for the shadowy network of Islamic fundamentalists. The British government's announcement in July that it planned to clamp down on people who run Web sites that incite terrorism has had no noticeable results to date.

"For al-Qaida, the survival of the ideology is a lot more important than the survival of any of their physical assets or members, and the Internet is a way to ensure the propagation of that ideology," said Rebecca Givner-Forbes, an analyst for the Terrorism Research Center, which provides research services to the federal government.

Al-Qaida hides online, too

Analysts say that thousands of terrorist-affiliated sites exist on the Web, but unless you understand Arabic, good luck in identifying them. They're also constantly shifting. "Some of the sites are able to kind of hold onto their server space more often than others," said analyst Rebecca Givner-Forbes of the Terrorist Research Center, which provides research services to the federal government. "Others will move around as often as every two weeks or every week. They'll go down for a couple days, they'll pop up somewhere else."

It's most useful to track the sites by their titles, not their ever-shifting addresses, Givner-Forbes said. One such site, called "Al-firdaws" ("Paradise"), appears to be making its home at Alfirdaws.org. A passage from its forums was translated from Arabic to English recently by the Middle East Media Research Institute, which claimed the suspected jihadist site was housing an "Encyclopedia for the Preparation of Nuclear Weapons."

Other al-Qaida-linked sites, Givner-Forbes says, have gone by such names as Al-sas and Al-nosra.

--Anne Broache, CNET News.com

Al-Qaida has adopted online tactics that mirror its offline techniques for evading discovery: reliance on a constantly shifting collection of Internet sites and hostile takeovers of Web servers where propaganda can be posted. Last year, a server operated by the Arkansas highway office was hijacked and used to distribute 70 files including videos featuring Osama bin Laden.

During the past few years, according to terrorism analysts, al-Qaida has embraced the Internet as a new tool for organizing, training and propagandizing. A group believed to be al-Qaida's Web-based propaganda arm recently debuted a weekly state-of-affairs Webcast and is reportedly searching online for recruits to aid with the coverage--meaning that the group will need to find more hijacked computers to distribute the additional content.

What remains unclear is how the U.S. government will respond to the increasing visibility of its far-flung nemesis.

"Obviously, these Web sites, there's more and more of them, and it is a matter of ongoing interest to U.S. intelligence," said an official with the federal government's National Counterterrorism Center, who spoke on condition of anonymity. "They have proliferated...Al-Qaida sees the propaganda value in terms of developing these sites."

That leaves the U.S. government with two obvious choices: attempt to sabotage the Web sites that appear to have the closest ties to al-Qaida's leaders, or monitor them closely to unearth who might be behind their operation. (The National Counterterrorism Center, created by President Bush last year as an offshoot of the CIA, would not comment.)

Most analysts interviewed by CNET News.com believe the federal government has chosen the watch-and-learn approach.

"It is very useful to monitor the content of these sites," Givner-Forbes said. "If you shut down these sites, they would find a way to continue...The community would kind of find a way to continue and would just make it harder for us to access and to eavesdrop on the sites." Some of the Web sites are already protected from the public by usernames and passwords, she said.

If the U.S. government did choose to engage in a limited form of what pundits used to call an "infowar," there may be few legal barriers standing in the way.

Jonathan Zittrain, co-founder of the Berkman Center for Internet and Society at Harvard Law School, said he suspected such a practice could happen legally. Intelligence operatives could classify the deed as a covert operation that would be reported later to Congress, he said.

"If the government chose to conduct an operation overseas to bring

down Web sites bearing messages from al-Qaida," Zittrain said, "I don't think the government would think anything stood in its way from doing it."

An array of options
What's drawn attention of terrorism analysts recently has been a series of weekly "news" Webcasts put out by a group--purportedly tied to al-Qaida--that calls itself the Global Islamic Media Front. Online advertisements plugging the shows--dubbed "The Voice of the Caliphate"--feature Fox News and Al Jazeera icons engorged in flames.

The pilot show, which surfaced in late September, drew wide attention for its belligerent outlook and apparent attempt to discredit reports from Western and mainstream Arab media. According to a translation circulated by the Middle East Media Research Institute, an Israel-based group, a ski-masked anchor announced: "The entire Islamic world overflowed with joy when Hurricane Katrina struck in America, which seemed to reel from the strength of the hurricane and went asking for aid from all the countries of the world."

The U.S. government and its allies would have an array of options if they were to try to sabotage such a broadcast.

One method, known as a denial-of-service attack, clogs the target server with flood of false requests for information, overwhelming the system. Legitimate users can't connect. Denial-of-service attacks became more frequent about five years ago--with Whitehouse.gov and the FBI's Web site being among the targets.

One problem with that technique, from the government's perspective, is that terrorist-sympathetic Web sites are often unknowingly hosted by Internet service providers. A denial-of-service attack would indiscriminately restrict access to all the company's customers.

"The government can't just hack into those ISPs," said Dorothy Denning, a professor of defense analysis at the Naval Postgraduate School in Monterey, Calif. "Companies like that are generally not trying to support terrorists."

More obvious tactics involve destroying files or network equipment, or intruding into a system and misconfiguring settings so that proper routing to the site can't occur. But experts say such measures tend to be considered a last resort.

"Obviously, when you destroy something your opponent knows that their thing has been destroyed," said Richard Harknett, a University of Cincinnati political science professor who specializes in national security. "That's something that you want to do on a very limited basis (only) when you're actually using information warfare in combination with a military operation."

A more subtle approach is the centuries-old military tactic of disinformation. Government operatives could, for example, gain entry to an opponent's server and manipulate information just enough to befuddle its adversaries or the general public.

The tactic of choice
However, surreptitious monitoring may be the government's tactic of choice. The CIA, for instance, has bankrolled research geared toward spying on Internet chatrooms in an effort to "combat terrorism through advanced technology."

"One of the most difficult parts of dealing with terrorism of this sort is the group conducting it is so remote and insular and it's hard to penetrate the group for intelligence purposes," said Harvard's Zittrain. "More likely, it's the kind of thing where they're happy to see the sites stay up."

More recently, a patent obtained by the National Security Agency indicated that the government may be hoping to find additional ways

to trace Internet users to their geographic location. (An NSA spokesman said that the agency could not comment on the topic because the patent concerns an "actual or alleged operational issue.")

But that "geotargeting" tactic--which also been employed by software companies seeking to tailor ad delivery--is not foolproof, thanks to anonymizers, proxies and other services that can mask one's location.

"In general, if someone wishes to hide his location, he can," said Gene Spafford, a Purdue University computer science professor who specializes in security and cybercrime.

Lack of feasible technology isn't the only obstacle to intelligence gathering, said Arnaud de Borchgrave, an analyst at the Center for Strategic and International Studies who has focused on "cyberspace terrorism." Limited availability of translators for languages in which the sites appear curbs the government's ability to track activity in "real time," he said.

Even with additional resources, completely dismantling al-Qaida's Web presence would be an impossible aim, de Borchgrave said: "The number of people that were required to monitor all of this would be stupendous, and clearly they don't have all those resources."

In an unusual twist, some members of the shadowy intelligence community fret that individual vigilantes will try to take down Web sites that appear to be sympathetic toward terrorists or reproduce their materials.

Ben Venzke, the chief executive of IntelCenter, a government contractor in Alexandria, Va., warns would-be hackers not to be tempted.

"Messing around on the Internet just because it's accessible from your living room is no more advisable than packing up your bags for a weekend and flying to Iraq to play soldier," Venzke said. "There is this sense of security, this sense of distance. While a lot of people would be apprehensive flying to Iraq or meandering around the back alleys of Karachi...a lot of people don't have that (sense) for the Internet because it is so readily available at their homes."

Individuals "should do what all of the other professionals in this field do. Apply to the FBI, the military, the intelligence agencies, or work for a contractor that's working for the government in these fields," Venzke said.