Sunday, March 09, 2008

Event Transcript and Related Links: "Meta-Terror: Terrorism and the Virtual World"

The following is a transcript of the event, beginning with introductions of the panelists and continuing through their remarks (edited for grammar and using the panelists' written remarks when available), and including the attendees' questions and the panelists' answers.

Panel Introductions by Andrew Cochran: Good afternoon and welcome to this panel titled, “MetaTerror: Terrorism and the Virtual World.” I am Andrew Cochran, Co-Chairman of the Counterterrorism Foundation and Founder & Site Editor of the Counterterrorism Blog, and I am the moderator for today’s panel. The Counterterrorism Blog (at http://Counterterrorismblog.Org) was the first multi-expert website dedicated solely to terrorism events and counterterrorism policies. I want to thank Rep. Bennie Thompson, Chairman of the House Homeland Security Committee, for allowing us to use this room today, and want to thank his staff, Jake Olcott and Galen Bean, for their assistance. We appreciate the co-sponsorship of the GAGE International consulting firm and the NEFA Foundation.

Now, the standard disclaimer: None of the presentations here today represent the official views of the organizations represented; they are purely the personal views of the individuals making the presentations.

The virtual world is just another battlefield for terrorists. The headlines explode with the results of their successful preparation and exploitation. We chronicle numerous terrorists’ statements and directions on the Counterterrorism Blog, such as transcripts of tapes from Al Qaeda leaders and the propaganda and recruitment materials generated for terrorists worldwide. Our panelists today are among the leading experts in the world on the next generation of the terrorists’ use of the virtual world: Kenneth Silva, Senior Vice President and Chief Technology Officer for VeriSign; Roderick Jones, Vice President of Concentric Solutions International and former member of the UK's Special Branch; and Evan Kohlmann, Senior Investigator for the NEFA Foundation. Roderick and Evan double as Contributing Experts for the Counterterrorism Blog, and Evan is one of our “originals” when we began over three years ago. Each will have 20 minutes to discuss a particular angle, and then we’ll go to questions. I’ll give brief introductions of the panelists.

Ken Silva oversees VeriSign’s infrastructure for protecting billions of interactions every day across the world's voice and data networks. He also oversees the management of two of the world's 13 Internet root servers and coordinates security oversight of the system that protects the majority of secure Web sites on the Internet, including 93 percent of the Fortune 500 sites. He serves on the board of directors for the IT-ISAC, is the Chairman of the Board of the Internet Security Alliance, and advises and participates at the highest levels in a number of national and international committees for organizations.

Roderick Jones works daily at the intersection of technology, security and innovation at Concentric Solutions. Roderick wrote a concept paper on the use of Massive Multi-player Online Role Playing Games (MMPORGs) by terrorists, which I posted on March 1, 2007. That post drew considerable reaction in the broader tech community, which eventually led me to invite him to join us last fall.

Evan Kohlmann is consistently cited as one of the leading experts in the world on terrorists’ use of the Internet, most recently in a new report by the East-West Institute. Evan has spent a decade tracking Al-Qaida and other terrorists, interviewed prominent Al-Qaida spokesmen, and amassed one of the largest databases in the world of terrorist communiqués and multimedia. He has served as a private consultant in terrorism matters for intelligence and law enforcement agencies around the world. He has also testified numerous times as an expert witness in terrorism trials in several countries, including this week in the Abu-jihaad trial in Connecticut, which he will discuss today. It has become almost amusing to read the motions repeatedly filed by defense attorneys to disqualify him from testifying; they all use the same arguments, they always fail, and they keep beating their heads against the wall.

We'll start with Kenneth Silva.

Kenneth Silva:

What I think we’re going to spend a fair amount of time talking about today is not the physical threat of terrorism but the potential side effects and threats we face from having such an interconnected world. Its no doubt we understand how much more connected we are today, how much more connected we are than even a couple years ago. Every device we have today is connected in some form or fashion. If not, we complain about it and wait for the next version to come out. the I-Pod is an interesting example there.

With that becomes a lot of horsepower in the hand, in the home and in the office. We used to measure threats and attacks in cyberspace in the megabits or the tens of megabits and we thought that was a big deal and a big threat. But know this - the threats that took down much of the infrastructure In Estonia were only tens of megabits in size and in fact were only one one-hundredth of the size of the threats that companies like mine face on a daily basis. Tens of gigabits a day is a normal average.

There are a number of weapons available to what we would call a cyber terrorist and there would be a debate over what a cyber terrorist is, because they don’t have to fall in an infrastructure like al Qaeda or Hezbollah.

The internet enables people who otherwise would not become activists or terrorist to become one relatively easily, with some sophisticated weaponry available to them, which is not as difficult to find as something like uranium or dynamite. If any of you in this room wanted to obtain weapons to take down cyber infrastructures in the world, it wouldn’t be that difficult, you would just need a little money and time.

There are an estimated two million machines which are available as bot-networks that are shared or sold as portion of networks to each other.

The infrastructure has recently become an interesting target for attacker, the reason why is because its often times where the least amount of investment is made in corporations. Corporations and big companies and governments tend to put most of their capital investment in the content to their users and not the infrastructure its delivered upon. Even our own federal government computer systems are vulnerable to attack from a variety of sources. And not just direct attacks at the website, but on the infrastructure such as the domain name system.

More recently, we have seen just how fragile this network can be, the reality is that most of the interconnected routers on the internet itself are actually formed based on a bunch of informal agreements, handshakes or virtual handshakes over the level of security used between the two routers.

This is never more evident than the example of Pakistan directing all of you-tubes network to Pakistan.

This was done quite simply, Pakistan wanted to tell all of its constituents that you-tube existed somewhere in Pakistan and they just ground those packets and send them into the ether. But they told the whole world that, and the whole world believed them, including you-tube.

So for about two hours the most heavily used site on the internet - I’m not saying this is a terrorist attack but that by accident things like this happen, and if people wanted to do something like redirect you-tube, which is heavily fortified - because of all of these informal arrangements, people could simply whisper along that this is where You-Tube is and it could propagate along the whole internet, and no one router questioned this.

So this is a very telling take to the state of the infrastructure today, and its not just things you consider to be internet infrastructures, we tend to look at the internet as something that grew up from emails and websites and instant messages. But the reality is that infrastructures that had nothing to do with the internet, and spent the last decades or centuries growing up independent of the internet, are now migrating in mass with millions of users and pieces of infrastructure, like railways, air traffic control, power grid systems and telephony and television systems. So they are bringing with them a more connected world which we consider to be a very good thing, which is a good thing for consumers in terms of our lifestyles, but it also places us at a level of vulnerability that we don’t fully understand. Because of these interconnections you may not be aware of, when disruptions happen on the internet, when you think it may have some disruptions from a convenience standpoint, the reality is it could have a much bigger effect. Twice recently we’ve had some power outages, one a few years ago in NYC and one recently in Florida, where something seemingly small actually caused millions of citizens to be without power. If that can happen in a power grid that is a 100 years old, imagine what can happen to a relatively new infrastructure like the internet. The reality is that underdeveloped nations are actually building better infrastructures in their country than we have here. That’s because they didn’t have one before and they are using the latest technology. If you look back at these Estonia attacks, they weren’t that well organized, but organized enough to target critical infrastructure and create financial disruptions throughout the whole country for telephony systems, power, and most of the citizens weren’t even aware of how connected they were and this isn’t even a developed country by our standards.

These attacks actually had less bandwidth targeting the victim than many users in the US have at their home today. With the bandwidth being used today, Verizon does a great job of this, you can get tens of millions of megabits directed at your house, imagine that much bandwidth directed at our military structure or power infrastructure at the right time of the day, or directed at the financial markets. Imagine the disruption that would cause.

This is not unthinkable, a few years ago Richard Clarke sat in front of congress and spoke about a “cyber pearl harbor.” I don’t think he was that far off base then. Attempts have been made to make that happen a couple of times. The internet root servers that really house the master directory of how you find websites, have been attacked a number of times, last time in October of 2002, which we thought then was the largest attack to ever attack the internet, which was a 4 gigabit attack and at the time we thought it was a pretty big deal. But then in 2006 our servers were attacked with 15 gigabits per second. Couple this with a growth trajectory with a 100% growth every 14 months, with the normal volume you would process. So this is an infrastructure challenge just with the growth of cyberspace itself. The trend isn’t going to go down, once you get on the internet you don’t get off, you stay there. We don’t have a renewal rate problem on the internet.

When you have explosive growth and you see India for example, which has 40 million users but a population of a billion, their penetration is relatively low. In the United States we have a relatively high penetration of users but people come on the internet for a variety of reasons and the next thing you know they are sharing information, and we have been able to watch over the last few years people who have relatively little sophistication, who have become major players in cyber attacks within a few months. They bought the capability, learned how, and then did the attacks.

In 2006 one person was able to successfully launch 1,006 attacks on the internet. One individual did this in six weeks and was never caught. Even organized crime today is realizing it is more profitable and safer to participate in cyber crime such as credit card fraud, ID theft and extortion, simply because it is more difficult to be caught, simpler to execute and far more effective.

I’ll leave you with this. We have few examples we can attribute to actual terrorist activity that were targeting specifically pieces of our nation’s infrastructure, but we do have examples of people with a motivated cause that have caused significant disruption. Estonia is one example; the other example is attacks on significant US websites following the capture of a P-3 in China, and recently a number of Muslims committed attacks because of the characters of Muhammad being shown.

The attack in Estonia, this is the first global case if you will of cyber warfare, which at the time it was believed was carried out by one nation against another. But I can tell you in a lot of the Eastern European and Asian countries it is difficult to carry out significant activities without the knowledge of the government because you can’t consume that much bandwidth without someone noticing it.

Roderick Jones:

I’m breaking one of my most cherished maxims today, which is listening to someone in a suit considered to be an expert …I'll work around that.

(Moderator's Note: You can view Roderick's PowerPoint presentation, "Visualization of Terrorism," as a video at YouTube.)

The first thing is; why am I talking about this subject, why do I care about it? From my experience you didn’t have to speak Arabic in the mid 90’s to know that terrorism had shifted its focus and you don’t have to write code to understand that has changed again. I am interested in the virtualization of terrorism.

I think the best way to define what I am going to talk about is to start by what I am not talking about. I am not discussing the terrorist use of computer games, cyber-attacks or even the Internet. I will be referring to cyberspaces or cyberspace.

Let me pause to define what I mean.

I am going to use the definition arrived at by Lawrence Lessig (the Stanford Law professor) who is probably the best thinker regarding the implications of virtualization. The Internet in Lessig’s definition is a medium of communication where mostly trivial but increasingly important tasks are completed - paying bills, getting the news, using email and IM. These things are important in the sense that they make life easier but they are not important in that they don’t change how people live - they are not a paradigm shift in human society. Cyberspace by contrast is not just about making life easier - it is about making life different and hopefully better. It calls to life a way of interacting that was not possible before. Communities have always existed so that isn’t new it is the difference in degree, which is. The ability to form communities across borders and boundaries, with regulation, only from the code written by the creator of the space. It is the code and how it interacts with these societies that Lessig is interested in as a constitutionalist it is the development of cyber-space extremist and terrorist communities that I am interested in. Therefore, for the purposes of today I am going to present some ideas about how these societies may develop - the key thing being the existence of geographically distributed communities bought together in cyberspace.

So what I briefly intend to do is stop in at the current situation as it relates to the cyberspace examining why, in particular, virtual worlds are potentially appealing to terrorists and then project forward and offer some ideas as to what might happen next.

On a side-note one of the interesting things about the Counterterrorism Blog is that we can now open source out ideas about terrorism and that wasn’t possible in the 90’s. If I prove to be insane you can prove me insane and I’m ok with that.

As you are probably more than aware virtual worlds hit the big-time media wise in 2006 as Second Life was widely reported upon by the mainstream media. Second Life had and has two key features that attracted the hyperbole, you can make real money there and it isn’t about anything - just a virtual life.

Virtual worlds aren’t a new thing they have a lineage going through MUD (Multi User Dungeons) to LambdaMoo to World of Warcraft. They existed with a strong gaming element but Second Life pulls together the other strand of virtual communities represented by the WELL (Whole Earth ‘Lectronic link) this was the creation of Stewart Brand and Larry Brilliant and was a virtual community talking to each other on early message boards.

I personally became interested in Second Life and virtual worlds after reading the economist Edward Castonova’s ‘The Economies of Synthetic Worlds’ which sounds very dry but it probably one of the best works on the subject. In this book he made very brief mention of the potential for terrorists to use virtual worlds. Given my background I thought this interesting to say the least and took a look. I joined the virtual world and after initial skepticism became absorbed - probably a little too much.

It occurred to me that certain key features of the world would be appealing to terrorists and would give them an advantage, Finance, Recruitment, Training, Community/Market Place for ideas.

The training aspect is the one people have most trouble with but e-learning in second life has proven to be very effective -a number of Universities have held classes. Also virtual worlds have been adopted as training vehicles by US government through Forterra Systems. The scenario I considered was of an expert bomb maker conducting a virtual lecture with his students all present and able to ask questions and check their knowledge and virtually manipulate the necessary parts. Recruitment is also a potential development but that relies on there being only one virtual world, which isn’t the case but multi-operability of avatars seems like reasonable future assumption (IBM have talked with Linden Lab to do this).

Finally community: the virtual community is as powerful as the real one and the ability to converse in a secure space with a globally dispersed audience seemed like a compelling use for the technology. It also allows radicals to connect to resources they otherwise would not have access to such as hackers and people managing bot-networks (two resources I discovered).

Let me pause a minute to cover financing.

One of the key features that have draw participants into the current wave of virtual worlds is the ability to conduct in-world transactions in a virtual currency that can then be exchanged for US $ or other regional currencies. The first iteration of this practice was the trading of in-world currencies for real currencies on ebay. This trade in in-world currencies - most prominently World of Warcraft gold - indirectly led to a number of innovations. The ability to calculate an exchange rate for virtual currencies as well as the arrival of a new kind of worker - gold farmers. As virtual worlds developed the desire to have a virtual currency pegged to real-world currencies led to the feature being built into the games. Therefore virtual currencies such as the Linden dollar and Entropia Universe PEDs, and There bucks are now easily translated to real-world currencies. While all these systems are ultimately pegged to some form of supervision (usually via paypal and credit cards) they can function as an Alternative Remittance system, which bypasses regulatory mechanisms for sums under approximately $500 USD.

While the accounts paypal or otherwise are ultimately linked to credit cards or bank accounts in lower regulatory environments these can be fabricated. As of early 2007 Linden Lab was suffering from large-scale credit card abuse to buy currency -- therefore, this is a clear possibility.

A typical example would be an exchange of funds between two avatars. Avatar 1 is resident in a high regulatory banking regime and avatar 2 is resident in a low regulatory regime. Avatar 2 in the low regulatory regime buys $100 of currency and passes it ‘in-game’ to Avatar 1 who removes his money from the game in the high regulatory banking system. Thus bypassing banking controls on the transfer of money.

A second example would involve Avatar 2 buying virtual land or some other valuable commodity using his low-regulatory currency and then giving or trading this commodity to Avatar 2 in the higher-regulatory authority.

Finally, Avatar 2 could but virtual currency using his banking regime and then exchange that currency for another virtual currency using virtual currency traders. This currency could then be given to avatar 1 to withdraw in his regulatory environment. Adding a further layer to the transfer.

In all these examples multiple - anonymous avatars - could be inserted into the process to further muddy the trail.

This system is better suited to smaller amounts of money and therefore, would be more likely of use to terrorists than to large organized crime groups seeking to launder large amounts of cash.

On finance there is a lot of disagreement, a lot of people say this can’t happen because this is always linked back to real world action, taking money out with a credit card or bank. But false credit cards and banks are relatively easy to do.

Those were my thoughts almost two years ago but as with all things in technology things move quickly and it seemed increasingly likely that terrorists wouldn’t adopt a system like second life but develop in different ways. Some of the key features I believe they would look for (and I believe this reflects their adoption of the 2-D web) are; Security, Ease of use and Cultural appropriateness.

So not too dissimilar to what an American teen is looking for when they enter a virtual world.

So it is possible to suggest that terrorist adoption of virtual worlds will mirror the adoption of virtual worlds by the wider community.

(Moderator's Note: See Roderick's concept paper on the use of Massive Multi-player Online Role Playing Games (MMPORGs) by Terrorists, posted on March 1, 2007 on the Counterterrorism Blog. That post drew considerable reaction in the broader tech community, resulting in a follow-up on March 12, 2007.)

So as the space is now moving toward single interest or specific culturally themed worlds so will terrorists. Where we have Barbie World or Red Light Center, they will seek and create jihadiworld and this is where it gets interesting.

There are currently a number of v-world platforms - mostly EU or USA based. However, China is seeking to enter the marker with HiPiHi and I am sure there are other culturally specific v-worlds in development. This of course brings in the issue of jurisdiction. While all the worlds are in friendly jurisdictions then things such as gambling can be removed from the worlds. Or if a national security agency wanted details on an account it could apply to the company to get it. This of course is a wider topic but I highlight it here, as there is the potential for a v-world to spring up in say Russia and this requires a different mind-set to collect intelligence.

If jihadi world were to come about its makers would attempt to place its servers out of legal reach.

I then thought through with Michael Schrage was the layering of a virtual world over a bot-net network. This seemed like the ultimate in v-world security. Putting up a virtual world for 72-hours prior to an attack to rehearse and organize seemed like the ultimate just-in-time solution. We called this jihadi nets.

Finally, if you take this progression to its conclusion you get to the final virtualization of terrorism whereby terrorist groups form in virtual worlds and do not conduct real-life attacks. They form over a ‘virtual issue’ say the imposition of tax systems into virtual worlds and use cyber-resources to disrupt their targets. This is some way off from being a serious threat.

Therefore once you move away from the idea that there will be an electronic trail of evidence you can collect in an Internet monitoring way you have to think of other ways to do it. Once jihadiworlds start being built different collection rules apply.

So what can we do about it? At the moment I don’t have the answer to that. One of the main problems with terrorists becoming virtualized is that they are taking on the properties of the Internet, rapid growth and innovation. One of the ideas I had is that tech companies doing this work should crash test their products for nasty side effects. Not sure how that would work but they could think about it. On the positive side is the open source thinking about these subjects. In Second Life extremists have been chased out of there, when white hate groups joined, people organized to kick them out, so maybe counterterrorism responses will just be in the hands of the people of the virtual worlds world.

I have talked a lot about virtual worlds but the subject was the virtualization of terrorism but this is a wider problem than virtual worlds. There are other tools that can be picked up now - we all know about google earth but it is the themes prevalent in tech now that can be manipulated - mash-ups and layering social networking over the top of other platforms. On e of the best examples of a recent tool which would be no doubt of use to terrorists is - Photosynth. All of these tools and techniques are eventually going to be adopted by terrorists and there-in lies the danger.

Evan Kohlmann:

- Discussion Forums

What do the forums do - Al-Hesbah, Ekhlaas, Al-Boraq, Al-Firdaws

Over the past three years, these extremist forums have not only been used as a cover for Al-Qaida’s propaganda war—but moreover, they have evolved into a disturbing MySpace-like social-networking hub for homegrown extremists around the world intent on becoming the next generation of terrorists, hijackers, and even suicide bombers.

In the same way that traditional terrorist training camps once served as beacons for would-be jihadists, online support forums such as Al-Hesbah and Al-Ekhlaas now operate as black holes in cyberspace, drawing in and indoctrinating sympathetic recruits, teaching them basic military skills, and providing a web of social contacts that bridges directly into the ranks of Al-Qaida. Rather than simply using the web as a weapon to destroy the infrastructure of their enemies, Al-Qaida is using it instead as a logistical tool to revolutionize the process of terrorist enlistment and training.

How do we really know that these discussion forums are significant?

On June 30, 2007, a dark green Jeep Cherokee carrying gas and propane canisters crashed into the main entrance of the Glasgow International Airport. According to eyewitnesses, a man later identified as Dr. Bilal Abdullah climbed out of the wreck and began fighting with police, throwing desperate punches, and repeatedly proclaiming religious slogans. Abdullah and another doctor were also responsible for a failed car bomb attack on central London the day before. Though Abdullah is never conclusively linked to Al-Qaida, he was no stranger to law enforcement. Long before his bizarre performance in Glasgow, he had managed to attract official interest because of his online activities on the At-Tibyan Publications Internet web forum.

At-Tibyan Publications, an online extremist support network based in the United Kingdom, has gradually taken over as the premier source of English-language terrorist propaganda. Rather than merely translating news reports or offering background on particular military operations, At-Tibyan has focused on distributing ideological material designed to convince likeminded individuals to sacrifice their lives in the cause of jihad. In fact, most of the material produced by At-Tibyan offered little in the way of public interest value—it would only be of use to someone with a genuine, deep-rooted interest in participating in violent jihad—such as English-language copies of Youssef al-Ayyiri’s “Islamic Ruling on the Permissibility of Self-Sacrificial Operations.”

During a recent security operation, the SO-15 Counter Terrorism Command in the United Kingdom confiscated saved transcripts of discussions that had taken place the At-Tibyan online discussion forum: “…various members discussing their religion. One, an Ibn El Sheikh talks about being famous when he has gone… long heated discussions between the following users, Abu Dujanah, al-Muwahhid, c4explosive re: killing women and children.”


The already notorious role of Irhaby 007 as a key Al-Qaida media coordinator paled in comparison to his parallel, more covert identity as a virtual “matchmaker”—connecting aspiring homegrown terrorists with official handlers from Abu Musab al-Zarqawi’s network in Iraq. In December 2004, a flurry of messages were exchanged back and forth regarding a Moroccan jihadi recruit known as “Abu Abdullah al-Ansari” who had traveled with a companion to Syria in hopes of crossing the Iraqi border and joining Al-Qaida. Lacking any connection of his own, al-Ansari sent digital messages to Irhaby 007 begging him for assistance in making contact with Al-Qaida: “I want to remind you that we two would like to depart to the land of Jihad. We await your call as though on the hottest of embers.”

After making a series of online inquiries with Al-Qaida, Irhaby 007 was greeted with a quick response: “we were not aware of the arrival of al-Ansari until today, and with Allah’s permission everything will be fine… First, send me his address and how we can get there and how to recognize him. What is the brother’s nationality and the number of the passport he used to get into Damascus, so that I can send someone to fetch him, Allah willing?” Upon learning that a deal had been successfully brokered on his behalf, al-Ansari became ecstatic and declared in a reply to Irhaby 007, “Praise be to Allah, We are going to go in over there at the time when the Sheikh Osama has given the official attestation to the amir ab[u] mouss[ab al-Zarqawi]... Allah be praised… The timing couldn’t be better for us!!!” When al-Ansari grew impatient after failing to hear from his assigned Al-Qaida handlers in Damascus, he again wrote to Irhaby 007, insisting, “it is extremely urgent. the brothers have contacted us here for us to leave and they have asked us to wait for 2 to 3 hours. It’s now 6 hours and we have no news. We tried to call on the telephone but nobody answers. Brother, I fear they have gone back [to Iraq] without taking us. Brother, you must contact them—it is imperative that you contact them and ask them what is going on. By Allah, it is serious, we have taken the bags [and] we can’t go back.”

On August 27, 2007, the Global Islamic Media Front (GIMF) posted a message titled "The Martyrs Keep Marching On," in which it announced that Abu 'Abdallah Al-Maqdisi, the webmaster of the key jihadist web forum Al-Nusra Al-Jihadiya, had been killed in Nahr Al-Bared in Lebanon.

“The GIMF announces to the Islamic nation, and in particular to the youth of the jihadist media, that our brother... Abu 'Abdallah Al-Maqdisi, webmaster of the Al-Nusra Al-Jihadiyya network, has been killed by the Crusader army in the refugee camp of Nahr Al-Bared… In addition to his membership... in the Global Islamic Media Front, and [to his role as] webmaster of the Al-Nusra Al-Jihadiyya network, this martyr ran a jihadi website, participated in numerous forums… and supported the jihad and the jihad fighters. He died at the age of 23 - young in years, but old in deeds… As for you, the enemies of Islam, be prepared for dark days - so dark that they will cause you to forget the [exploits] of Irhabi 007 and others. We swear that from us you will see nothing but harm and actions that will drive you mad.”

This isn’t just a “European problem” - it is an American one too.

Harnessing the power of popular Internet chat forums, Younis Tsouli’s entrepreneurial terrorist network was similarly able to extend into Canada—where it became interlinked with a homegrown cell of aspiring militants that has become referenced in subsequent press accounts as the ‘Toronto 17.’” was initially founded by a 23-year-old resident of Houston, Texas: Pakistani-American Sarfaraz Jamal (known online as “Sasjamal”). In 2006, Jamal was finally forced to shut down and its infamous chat forum when “it grew out of control” and was allegedly used by the “Toronto 17” to help plan their intended wave of terror attacks.

The latter group was allegedly making its own independent preparations for a large-scale terrorist attack in southern Ontario, which was intended to include detonating truck bombs in at least two locations in Canada and firing weapons in a crowded area. Police charges also detail plans by the homegrown Toronto cell to storm various buildings such as the Canadian Broadcasting Center, the Canadian Parliament building, and the headquarters of the Canadian Security Intelligence Service (CSIS) in order to seize hostages. The “Toronto 17” conspirators included a former Canadian soldier who had converted to Islam and at least eight of the men were under the age of 21. While a handful of the suspects had become naturalized citizens after emigrating from abroad, most of them were native Canadian nationals well-known in their local communities.

But the Toronto plotters were not the only would-be terrorists making use of the opportunity provided by Other ClearGuidance users boasted in private conversations of carrying out suicide attacks on their own aimed at “soft targets” in Western countries: “remember 10 of us can take around 200. Numbers don’t mean a thing… what I want to do is cause trouble for kuffar [infidels] by hit and runs, everywhere, cause fear and panic in their countries.”

These ClearGuidance users were intent upon gathering detailed charts and technical data on a long list of potential terror targets.

When was abruptly shuttered in June 2006, Houston resident Sarfaraz Jamal soon reconstituted his ongoing Internet project under a new name, “The Islamic Network.” Despite its innocuous title, the chat forum on was used to republish countless English-language translations of propaganda and instructional documentation originally released by Al-Qaida and other terror groups.

In September 2005, the forum offered the translation of an interview with Saudi Al-Qaida commander Abdelaziz al-Muqrin originally published in Sawt al-Jihad Magazine—wherein al-Muqrin is quoted: “Iraq is a battlefront… and likewise there are other battlefronts for the Muslims. And by the will of Allah, the Americans won’t decide anything as long as we twinkle and as long as we live. We will make them taste disasters… Tandhim ul-Qa’idah is a ‘Jihadi Group’ that is widespread across the globe, an Islamic army, and the Ummah’s hope… it is the army that will demolish the bedfellow of The Crusaders and the Jews in the entire world. It will destroy their castles and towers By the Will of Allah… He lengthens our age so that we can enrage the enemies and slaughter them and to plunge the sword into them.”

Perhaps it is no surprise, then, that the “Islamic Network” forum has recently been labeled by the Houston Chronicle simply as “a Web site frequented by terrorism suspects.”

One of those who helped Jamal to co-found the “Islamic Network” was former Houston-area resident and Islamic convert Daniel Maldonado (a.k.a. Daniel al-Jughaifi).

Even while living abroad in Egypt, Maldonado played an active, day-to-day role in running the website, boasting of his title as “Islamic Network Super mod[erator] and Islamic Network Office Manager.”

In early 2007, after a period of absence in his online activities, Maldonado was suddenly caught by Kenyan army soldiers while fleeing from nearby Somalia. Upon being interviewed by FBI agents, he admitted to fighting alongside the Somali Islamic Courts Union (ICU) and receiving specialized training in assembling improvised explosive devices. According to an FBI affidavit filed in his case, Maldonado further “identified certain members at the [training] camp as being al Qaeda.”

Back on chat forums, remaining website administrators responded openly to Maldonado’s arrest on terrorism charges, making little effort to downplay his role in the “Islamic Network”: “daniel was an amazing brother who worked for us - he made some really beneficial posts for a while (part of his work to bring benefit to the forums), handled info box, etc. - but was so dedicated to IN - he also updated the news, etc. his family was our family and vice versa.”

Another user wrote back, “Subhanallah! Is it just me, or is every mod[erator] and person associated with the forum bein[g] arrested???”

Questions & Answers

Andrew Cochran: My concern and expertise, going back to when I worked on the Hill for the House Financial Services Committee, is the financing aspect. If you saw Dennis Lormel’s post yesterday on the Counterterrorism Blog - Dennis directed the investigation into the financing of the 9/11 attacks for the FBI - he wrote about terrorists using credit cards to gain financing to conduct attacks. He mentioned the case in Indonesia, where Imam Samudra, the mastermind of the Bali bombing, wrote in his autobiography a chapter titled, “Hacking, Why not” He described our computer networks to be vulnerable to hacking, credit card fraud and money laundering. It didn’t focus on specific techniques, but on how to find techniques on the internet and how to connect with people in chat rooms to perfect hacking and carding skills. So I wanted to ask our experts if there is some system available that we could institute that would guarantee that personally identifiable info could be taken out of databases so that a dedicated knowledgeable hacker could not access those. And if that technology exists, why isn’t it feasible to mandate its use for all systems so that person identity information isn’t stored on databases?

Kenneth Silva: There are a lot of technologies out there that offer some level of protection either by tokenizing the data, but the data must exist somewhere, it may not be at the institution that is compromised but it exists somewhere. It’s difficult to get everyone on the same sheet when dealing with personal information. There have been strides made through the credit card companies, which required data to be stored a specific way. There have been issues, states required information to be handled in a specific way. We are moving in the right direction but it’s difficult to get every company to get on the same standard overnight, eventually we’ll get there and some of it may come from compliance or it may come from something horrible happening and someone has to do something about it. For example, stolen laptops have become a big deal, and we keep finding instances where laptops stolen had up to 200 thousand people’s personal information on it. And those regulations to stop things like that only come the day after the theft happens. And not unlike many other things it always takes until something has personally happened to you before you do something about it.

Roderick Jones: Anonymity has been a key feature in gaming. Everyone is anonymous and everyone accepts that. In the early virtual communities they were very specific in people being themselves and being real. But when these two things merged in Second Life, your identity at first had to be verified and they changed that in 2006 and that changed the nature of the virtual world itself. Hackers could open anonymous accounts. Once you have that anonymity you open it to it being misused. How you verify people’s identities is an interesting question, how do you verify people’s identities on screens.

Evan Kohlmann: I would add that it is a very big problem. Identity theft is a lot bigger problem than people would guess. When terrorists can’t get their hands on credit card numbers they will turn to stolen identities. Younis Tsouli was a master at that, and had thousands of stolen credit card numbers which he used to register websites and buy stolen goods and gave them out to others. And it’s interesting he didn’t get all of this info himself, he brokered some of it with people from Russia and traded this info with criminal syndicates. It’s a matter of protecting our data period, because once it gets into the hands of criminal syndicates it can get to terrorists.

Roderick Jones: In the 90’s al Qaeda would just steal a handbag in London to get one credit card to raise funds. Now it’s a huge difference in scale, they will just buy this data online and get thousands of credit card details. The scale aspect of the internet applies to this.

Andrew Cochran: I would note that there is a news article from Princeton that talked about a simple way of getting encrypted data on a hard drive once the laptop is stolen.

Question: Theoretically, a various third party could tell one botnet to attack another country and wind up with a “who-did it?” phenomenon, is that is a possibility at all?

Kenneth Silva: In the virtual world there are no boundaries, there are no borders or metal detectors for your packets to go through, no passports, but to get one country frustrated with another and get their citizens motivated to direct attacks is so easy to do today. A lot of people individually may not even realize the full extent of what they are actually doing. They may just think they are creating an annoyance, but when they are all put together, the attacks generated 50 gigabits of bandwidth at our servers a year ago, each one of the servers used, there were 35 thousand servers used in one of the attacks, but those 35 thousand machines used, each one of them only sent data at 4kb a second, which is less bandwidth than your phone can generate. But now the tools to execute an attack can be executed from literarily, an I-Phone.

Andrew Cochran: When we did stories on the “cartoon jihad” on the Counterterrorism Blog, we suffered periodic outages due to attacks from various countries, and there were a number of sites that had the same problem and were down for a period of time. This is something we deal with every day.

Question: Do you think there is something qualitatively different, about the internet. Could you do the same thing with cell phones?

Roderick Jones: I think there is something different. In a 3-D environment you can get so much more information, scale is an aspect but also just geographic dispersion and the ability to meet online. So there is a huge qualitative difference between phones, email, and the virtual world. Also there is evidence that the virtual world is compelling psychologically to the people in them as well.

Evan Kolhmann: Two aspects stand out in my mind that differentiate phones from online, the first being security. Phones are insecure, you might be recorded and you can’t do much about it if you have a wiretap on your line. With the internet you can use many different techniques that make your communication undecipherable. It’s not because of the actual encryption but the medium itself. First of all, to get the line of communication you have to find it and that’s not so easy. Also, the issue of internet discussion forums rather than email, there is a huge difference between two people talking about an issue and ten people talking about an issue. Group mentality, peer pressure, these things come into play where people feel like they are part of an organization, part of something larger than themselves, part of a virtual project. That sense of affiliation goes a long way to making people feel like what they are doing is important and meaningful.

Kenneth Silva: To add to that - the first is that from a tracking and detection standpoint, phone calls are much, much easier to track. You could even go back to the old days of law enforcement bugging a phone at someone’s house. There are about 2 billion calls made a day in North America and there are 200 billion internet transactions done in North America in the same day. If you ever saw the Disney cartoon of Goofy who got behind the wheel of a car, and how different he was from his normal day-to-day self. This is the same with being online, people feel and act completely different when they are online than face-to-face. They are bolder, braver and in many cases more obnoxious. You talk to people in real life and then you read an email from someone and you think they’re a real jerk.

Roderick Jones: That happens in Second Life, people take the position of the thing they can’t be in the real world.

Question: I wanted to ask the panelist whether this hasn’t been an intelligence bonanza?

Evan Kohlmann: it would be great if this was all being monitored, but there isn’t an effective efficient process to catch it all. Someone asked me if it’s better to leave them up or shut them down? My answer is that if we have a very efficient process, if law enforcement and intelligence is doing its job to monitor these websites then keeping them up is great. My problem is that, and I say generally keep them online, but the caveat is that there has to be an efficient process to monitor what is going on, on these particular forums. There are particular internet sites and places where terrorist gather online which are being watched by the government like hawks. And it has produced demonstrable results. On the other hand there are cases of Irhabi 007, where if I hadn’t provided a lot of the evidence for the case it might not have been prosecuted. The only person who had records for his internet forum, was me. So leave them online and use them, but if it’s going to be a half hearted effort its not good.

Question: Follow up, on training I thought one of the 7/21 people had been at a camp, and I am skeptical that you can make an IED over the internet.

Evan Kohlmann: There is one case of someone who procured over the internet a video of how to build a suicide bomb vest. There’s other instances where people tried and failed miserably. Some people will try to make bombs and end up missing fingers and will regret it. But if you get someone with a general level of technological savvy, there are ways of building bombs which can cause a lot of damage. This is a bad example because it failed, but if you look at Glasgow and London, I’ve seen the actual devices. It was a joke, and the fact that Doctors built that device is sad, and it doesn’t say much about the British medical system. We cannot count though on all of these guys being morons and lunatics.

Question: Maybe they aren’t all morons, maybe it’s not impossible.

Evan Kohlmann: If you take a look at the martyrdom operation vest preparation video, originally produced by Hezbollah, extremely professional, it lays out the exact details not only how to produce the explosives but also how to detonate it to produce the maximum amount of damage. I’m not going to say the next Ramzi Yousef or Khalid Sheikh Mohammed will be homegrown and will be the next bomb maker extraordinaire, but there is enough info for someone who is a little tech savvy with a background in engineering, you can definitely build something, it may not be an a bomb, but if you look at Glasgow you know that all it takes is the intent. Sometimes all it takes is a green jeep loaded with gas and propane canisters and someone willing to set themselves on fire. It wasn’t 9/11, but look at the disruption it caused, five or six weeks later the airport at Glasgow as like a bomb zone.

Andrew Cochran: The Oklahoma City bombers weren’t experts either.

Roderick Jones: The real answer is why not try it, with intelligence agencies in the West they can try it and see if it can be done.

Question: I think the last point you made, which scares me is the increasingly reliance on the internet. Worse than a pipe bomb is a terrorist learning the information that could take down a satellite control infrastructure. How far off is that?

Andrew Cochran: And also, how do you protect the internet from that happening?

Kenneth Silva: If you divide the actors here into three categories, the people who do this for prowess, and they want to brag about it, they’ll hack until they accomplish that trick. Then there are people who want to do harm, the terrorists. Then there are the state sponsors, these people pose a different kind of threat, they don’t like to do noisy stuff because there are consequences with the small stuff and thus they are on their best behavior. But those people are more apt to go after a satellite infrastructure because they know in a real world war that would be critical. I’m not convinced though that a terrorist or activist group would take out a satellite, it might even effect their own communications. They could launch a worm though that deletes those systems.

Those of us that operate this infrastructure, every ISP and DNS provider, we all have to recognize the full scope of the threats we face, big or small, and make the investment. It’s not an easy thing to do, it’s easy to just say we need to do it. I had to go to my CEO and say I need to spend enough money so that I can have 150 times more capacity than we need to do business. You get funny looks when you make requests like that. You start looking at telecom companies and people who have razor small margins, and ask them to make huge increased investments in infrastructure. It’s tough but all of us who operate those pieces, and that includes you as well who operate computers at home. The biggest weakness we have in our system sits between the keyboard and the back of the chair. It is how most of the nefarious software gets in.

Question: You’ve got a lot of complicated technology in this, but I wondered if you could talk about what is the policy side. How is the government, perhaps intelligence communities responding to these challenges? What is the direction, do we see recognition and thus policy direction? What is the status or state of these challenges?

Kenneth Silva: I’m glad you asked that. With respect to, does law enforcement recognize the change in landscape, I think they absolutely do. The problem is that I think we established well enough that the game has changed significantly. The intelligence communities and law enforcement communities are still operating under the same rules and regulations, which are governed by congress or the federal government. They are only allowed to operate within those confines. And sometimes those confines have their hands tied with their ability to gather data.

Question: I guess what I was trying to glean is, is there any leadership to recognize these national policy considerations?

Evan Kohlmann: I was going to say that I’ve dealt with this now very intensely for the last 4 or 5 years with the United States federal government’s response to this. There were a lot of people out there who were very reluctant to accept that internet websites were the next big threat to American national security. When people heard the most important terrorist uses the name Terrorist 007, they thought this can’t be much of a problem. Ironically it happens a lot because of this Terrorist 007 case, it’s been a big wake-up call. A lot of the skeptical faces in government who thought internet terrorism was not at the top of the agenda, are now starting to realize this. It’s partly a generational thing, there are people not used to using this technology. One question that comes up a lot is - how many terrorist websites are out there? Some say there are 10 thousand out there and we can’t deal with it. Anyone who says that, ignore everything they have to say because they have no idea what they are talking about. There may be 10 thousand who support terrorist movements and points of view. In terns of ones that matter though, it’s less than ten. It’s not an unmanageable problem but you have to have people who understand it, and you have to have policy. The government agencies are only as good as the laws they are given by congress. And right now there isn’t a very large groundswell by the government of people who think that this is a problem. People still think the internet is just about dirty pictures. Until we move beyond that you won’t see much of a change.

Roderick Jones: If you think about Islamic terrorism, the key tactical change around 1996-98, the arrival of suicide terrorism, I think it is fair that it has taken ten years for the UK to adopt a response to that, pre-detention times and interdiction way further up the evidence chain. The operational response happens quicker and procedural response happens quicker but I think there will be a time lag before things catch up.

Question: This is very different to what is happening in biometrics, you have someone who moves to Egypt and they say you have to respect my privacy, and you have child pornographers who say you can’t have my password and thus can’t get the data. How are these right-to-privacy issues effecting the crackdown?

Evan Kohlmann: I haven’t verified if this is the truth but I was told by someone at CIA, and they say that a terrorist website is on an American webhost company. The CIA in that instance has legal problems in monitoring that website, because technically they aren’t supposed to monitor Americans. This is the most bizarre thing in the world, this website is run by al Qaeda, not by people in the United States, directly relevant to national security, and the CIA can’t even look at it. This goes back to policy. Most of our national security policy is attuned to an era that doesn’t exist anymore and doesn’t take into account technological advances that completely change how American national security works. This is a big problem at the FBI too with their limitations on monitoring terrorist websites. The thing is that most of what we are talking about is chat rooms that are password protected, and for law enforcement to get into this forum, they need to get a password and a long-on, and to get that they have to have been involved in the forum long beforehand. So now you have issues of the FBI subpoenaing records from ISP’s, and it’s so complicated and the law hasn’t caught up with technology.

Andrew Cochran: Welcome to the FISA debate.

Kenneth Silva: This is what I was talking about earlier. The intelligence community and law enforcement recognizes that their hands are tied in these instances and they have in the past decade, they have tried to get these laws changed and be allowed more flexibility since the internet was privatized more than a decade ago. I think President Bush was speaking on this very issue a couple of days ago about allowing the intelligence community to have more latitude and enlist the help of more people.

Roderick Jones: I think technology companies have the same problem, when does Google give out its own info? What happens when China asks for it? They need to find their own solution to this as well. They need to have clear protocols.

Evan Kohlmann: I was over in the UK a few months ago, and I had some people over there complain bitterly to me that they wanted to approach Microsoft to get records for a criminal terrorist case. They didn’t know how to get these records so they approached the DA, and apparently what the DA said was that Microsoft carries a lot of weight out here and you don’t, so if you want these records you have to get them from some federal authority because Microsoft means a lot more to me than you do. And this is people from the counterterrorism community in the UK. To get this kind of reaction is certainly disheartening, and they were asking me if that is the general policy here and I had to explain that is not the case

Question: What, if anything, would you tell the average American what they can do to help?

Kenneth Silva: I think the biggest thing they can start doing today, is we have to accept the fact that internet security or computer security is a fact of life and you have to do it at home, it’s not just a corporate problem anymore it’s a problem at home. If you don’t do at least a minimum amount of protection of your machine it becomes a weapon that can be used and you put your own self at risk for identity theft.

Andrew Cochran: Especially with broadband, you must, must, must have your own security.

Question: Another thing is more the cultural aspect, when you are looking at websites like this how do you decide if it is legitimate, how to you say we can stop an attack early?

Evan Kohlmann: Usually it’s fairly explicit, we’re not just talking about sitting there long enough that you realize there are al Qaeda members there, but al Qaeda has actually issued communiqués. Al Hizba was attacked by individuals saying that it’s a haven for spies, so al Qaeda and Saudi Arabia said we know al Hizba very well, we trust everyone on there, and if you want info on us go there. When Zawahiri issued a question and answer session, he put four website addresses up to say that this is where you should go. In the propaganda videos they now even have instructions about what forums to go to. You have individuals who say they intend to commit suicide bombings, and its hard to believe that the person you are talking to is becoming the next suicide bomber, and the family you talk to on the phone seems to know exactly why.

Last year, I was on an English language jihadist chat forum, and someone said I think people are after me, and I wrote back sarcastically saying that Mossad was out to get you. And within 24 hours this person was arrested in Spain on terrorist related charges. So someone was after them!

There is ample, in-your-face evidence saying that the people who make and populate these websites are terrorists and the people who read this information are terrorists. I am struck at how often I think people in these rooms are just like me are in these rooms and in actually I’m in the minority.

Roderick Jones: It’s a good question, and it will always be variable and in the hands of the operational commander. There was an instance where the appeals court overturned the decision by the command to arrest people who were about to go to Afghanistan. Their hand was forced and they had to make the arrest.

No comments: