Embed Size (px)
Citation preview
This article was downloaded by: [Mercer University]On: 21 October 2014, At: 14:49Publisher: RoutledgeInforma Ltd Registered in England and Wales Registered Number: 1072954 Registeredoffice: Mortimer House, 37-41 Mortimer Street, London W1T 3JH, UK
Strategic AnalysisPublication details, including instructions for authors andsubscription information:http://www.tandfonline.com/loi/rsan20
Cyber Terrorism: Electronic JihadRoland HeickeröPublished online: 28 Jul 2014.
To cite this article: Roland Heickerö (2014) Cyber Terrorism: Electronic Jihad, Strategic Analysis,38:4, 554-565, DOI: 10.1080/09700161.2014.918435
To link to this article: http://dx.doi.org/10.1080/09700161.2014.918435
PLEASE SCROLL DOWN FOR ARTICLE
Taylor & Francis makes every effort to ensure the accuracy of all the information (the“Content”) contained in the publications on our platform. However, Taylor & Francis,our agents, and our licensors make no representations or warranties whatsoever as tothe accuracy, completeness, or suitability for any purpose of the Content. Any opinionsand views expressed in this publication are the opinions and views of the authors,and are not the views of or endorsed by Taylor & Francis. The accuracy of the Contentshould not be relied upon and should be independently verified with primary sourcesof information. Taylor and Francis shall not be liable for any losses, actions, claims,proceedings, demands, costs, expenses, damages, and other liabilities whatsoever orhowsoever caused arising directly or indirectly in connection with, in relation to or arisingout of the use of the Content.
This article may be used for research, teaching, and private study purposes. Anysubstantial or systematic reproduction, redistribution, reselling, loan, sub-licensing,systematic supply, or distribution in any form to anyone is expressly forbidden. Terms &Conditions of access and use can be found at http://www.tandfonline.com/page/terms-and-conditions
Focus on Cyber Security
Cyber Terrorism: Electronic Jihad
Roland Heickerö
Abstract: Cyber terrorism is a phenomenon that is gaining more and more attention.One reason for this is the concern that modern information and communicationstechnology may be used in order to harm open societies. This concern also involvesactual IT systems and the information generated being targets of advanced attacks.That way functions that are important to society could be affected. The term ‘cyberterrorism’ is complex. This article describes the difference between traditional andcyber terrorism. The main focus is on how the al-Qaeda terrorist network acts incyberspace and how their change in concentration and activities has made them aclever player in an electronic Jihad.
The logic of terrorism is based on the fear of unpredictable attacks taking place atany time, hitting sensitive targets and happening to anyone without discrimina-
tion. Terrorism is about shocking people, making them feel powerless. The aim is forthe common man to start questioning the foundations of society and the state’scapacity to guarantee the safety of its citizens.
For terrorists it is important that the operations are large scale with significanteffects, such as the attacks on September 11, 2001. They also have to be lethal andattain extensive media coverage. The latter is decisive—a condition both to make thepolitical goals of the terrorists known and to demonstrate the strength of theirorganisations. Through advanced and co-ordinated attacks, a terrorist organisationcan strike against a stronger enemy and preferably humiliate him. A successfuloperation can also be a fertile ground for recruitment of individuals and groups whoare willing to sacrifice themselves in the future.
There are few similarities between terrorism and guerrilla warfare.1 Guerrilla warsare by definition asymmetric. One party has more resources in terms of technologicaladvantage than the other, and so on. This forces the weaker party to use unconven-tional tactics and vary his behaviour depending on the situation and conditions. Itshould be noted that asymmetric warfare is not necessarily the same thing as terror-ism. However, terrorism can be used as a tactic by the weaker party in a conflict.
Terrorism in cyberspace
Cyber terrorism is a generic term for various activities in cyberspace; it involves anumber of different organisations, groups and individuals. One of the most well-known researchers on cyber threats, the American professor of information securityDorothy Dennings, defines the terms as illegal, socially or politically determined
Dr. Roland Heickerö is Associate Professor of War Science and Military Operations at the SwedishNational Defence College.
Strategic Analysis, 2014Vol. 38, No. 4, 554–565, http://dx.doi.org/10.1080/09700161.2014.918435
© 2014 Institute for Defence Studies and Analyses
Dow
nloa
ded
by [
Mer
cer
Uni
vers
ity]
at 1
4:49
21
Oct
ober
201
4
assaults or threats of assault against computers, networks and stored information. Foran attack to be regarded as cyber terrorism, the intended effect has to be serioushuman and economic casualties, intense fear and anxiety—terror—among the citi-zens. Whether or not a cyber attack against vital information infrastructure is viewedas an act of terrorism depends on the intent.2
Players in the cyber arena may have the same political, ideological and religiousobjectives as ‘traditional’ terrorist organisations, but they behave differently and workwith different means. Co-ordination may take place within and between organisations.Cyber terrorists are not suicide bombers, nor is media attention an end in itself; on thecontrary, they usually try to hide what they are doing online as far as possible.
In some cases, it is possible to distinguish between ‘pure’ cyber terrorists andterrorists who use the internet for co-ordination and attacks. However, the linebetween the two is becoming increasingly blurred. The ‘pure’ cyber terrorist doesnot manifest himself, but hides his intentions, at least until a full-scale info logicalattack has been performed. For the perpetrator, cyber terrorism is relatively safe,profitable and hard to detect.
Due to the fact that more and more systems are interconnected and dependent oncomputer networks, new vulnerabilities appear that can be exploited by ill-intentionedindividuals and groups. Some people say that the information revolution has inflicteda very risky electronic Achilles heel on society. A popular expression to describe thisnew threat is the risk of an ‘electronic Pearl Harbour’. Probable targets includecommand and control systems in critical infrastructure.
Information about good targets for attacks can be found on the internet. This kindof data decides what sort of methods and cyber weapons are optimal and where thereare vulnerabilities in the computer network. Terrorists can use the internet as a way ofboth co-ordinating and communicating between different parts of the organisation.
The term cyber terrorism has media potential; it is titillating, complex and gives athrilling sense of vulnerability. The Israel-based security policy expert GabrielWeimann says there are a number of reasons why fear of cyber terrorism is increas-ing.3 Apart from the media, this fear has been kindled by political and economicforces. There is also prevalent ignorance among the general public about the actualpossibilities and weaknesses of the technology; all this affects the widespread feelingof vulnerability and (in)security.
In academic discussions on cyber terrorism there are often two disparate views:
(1) The threats are real and considerable, since vulnerabilities multiply when anumber of different systems are increasingly integrated, controlled and run viacomputers. This is primarily the view of governments and security firms.
(2) There is no threat at all or only a very limited one. There are no, or only veryfew, known cases of cyber terrorism. This view is primarily represented byscientists and analysts at universities and research institutes. They claim theconcern is exaggerated; security systems generally work well thanks to theefforts made before the turn of the millennium. Additionally, it is in theinterest of security firms to add to the unease, since there is money to bemade from it. Another argument is that the cost of cyber terrorism is greaterthan traditional terrorism. Cyber terrorism is not economically rational.4 Itis cheaper to hang rucksacks with explosives on a couple of suicide bombers;the media result is also greater.
Strategic Analysis 555
Dow
nloa
ded
by [
Mer
cer
Uni
vers
ity]
at 1
4:49
21
Oct
ober
201
4
It has also been pointed out that the internet is used as a tool for co-ordination byterrorists who are planning operations. It would thus be unwise and counterproductiveto attack a system that benefits them.5
The validity of both parties’ arguments can be argued. The truth is somewhere inbetween and varies depending on the time and place. Not every incident is madepublic. In fact, there are more or less serious cyber attacks every day in the form ofhacking, distribution of viruses, thefts of passwords and so on. A number of compa-nies and governments across the world have been subjected to penetration attempts, insome cases relatively harmless but in other cases much more serious and costly for thevictim.
A number of incidents are known that were probably staged by cyber terrorists, forexample the use in the early 2000s of different kinds of computer viruses, such asNimda, Code Red, Love Bug and later Melissa. In many cases it is still not known whowas behind the operations. The same is true of who the real targets were, and why theattacks were launched. The internet makes anonymity possible, provided the antago-nist is skilled and has sufficient knowledge to cover his digital tracks. The conse-quences of these attacks have so far been limited and they do not follow the usuallogic of terrorism: spectacular effects and high rates of casualties.
So far there has not been a single lethal cyber attack, at least not publicly. On theother hand, it is known that malicious code has caused serious accidents. For instance,in the 2008 crash at Madrid-Bajaras airport, one of Spanair’s central computers wasinfected by Trojans. If an aircraft sent distress signals with at least three technicalproblems, the central computer was supposed to raise the alarm. The airplane thatcrashed had sent this kind of distress signal to the computer, but due to the Trojan thealarm was not raised.6 This had disastrous consequences, causing 154 casualties. It isnot known who was behind the Trojan, or what its purpose was. There is no proof thatit was a terrorist attack. It may have been the result of a number of unfortunatecircumstances that converged in the airline’s failure to secure its central computersfrom external infection of malicious code. Irrespective of the cause, the crash showsthe risks and consequences of cyber antagonism. This kind of event can cause uneaseamong people that vital systems are not always sufficiently protected and reliable.This may in turn influence the general public’s trust in the authorities’ capacity andpreparedness to deal with risks, vulnerabilities and crises, something that may havepolitical implications in the long run.
Cyber terrorism is not limited to organisations and individuals; states are some-times also involved. One example is North Korea. Many nations in the internationalcommunity define North Korea as a terrorist state, primarily referring to it acts againstits own citizens, but also those against its main enemy, South Korea. In the spring of2009 it was revealed that North Korean cyber forces had hacked into the SouthKorean National Institute of Environmental Research (NIER). They allegedly stolemore than 2,000 secret documents, including the names of 700 companies that handletoxic chemicals.7 Information from the intrusion could be used for terrorist attacks.
Terrorists and other players may be developing methods and strategies to conductlarge-scale digital attacks with deadly intent.8 Examples of possible targets includefinancial systems, civilian air traffic, health care, and energy systems such as nuclearpower plants.9 This should be seen with the perspective that the costs of carrying outthese kinds of operations continue to decrease.
A growing problem is intrusion attempts against databases in order to gathersensitive information on different kinds of objects, their data structures and
556 Roland Heickerö
Dow
nloa
ded
by [
Mer
cer
Uni
vers
ity]
at 1
4:49
21
Oct
ober
201
4
information security levels. One may assume that groups like cyber terrorists have aninterest in surveying vital infrastructure and physical targets that can be attacked.Another cause for concern is the risk of someone deliberately planting distortedinformation in sensitive databases, such as command and control systems.
Just as traditional terrorist attacks, cyber operations are carefully planned with aclear idea of aims and effects. Often only a few people need to be involved in suchattacks, but the results may still be devastating. Cyber terrorists mainly focus oncivilian rather than military targets, since they are much more vulnerable. Looking atthe consequences for society, the effect is much greater. Additionally, there willprobably be more media coverage of a civilian target.
A trend since the middle of the first decade of this century is that cyber terroristshave changed targets and modus operandi. The players have moved from generallyquite simple methods to very rational, sophisticated and purposeful behaviour. Oneexample of the professionalisation of cyber terrorism is al-Qaeda and their use ofInformation Technology (IT) in order to achieve their ideological and political goals.
Jihad and al-Qaeda in cyberspace
Al-Qaeda (‘the Base’) is a terrorist network that was founded in 1988 by Saudi multi-millionaire Osama bin Laden. It is a transnational movement that stretches fromAlgeria to the Philippines, with sympathisers in the West. The organisation is respon-sible for a number of spectacular terrorist attacks. September 11, 2001 and the 2004Madrid bombings are the most infamous. Thanks to intelligence collection andincessant attempts by security services all over the world to dissolve the network, ithas lost a great deal of its former capacity and has been forced to transform and adjustits activities. The assassination of Osama bin Laden on May 2, 2011 was anotherserious blow to the organisation.
Today, al-Qaeda can be described as a franchise in the terrorism business. The coreis assumed to consist of a couple of hundred people, scattered across various parts ofthe world. In addition to these, there are a number of loose cells that act autonomouslywithout direct orders from the inner circle and top leaders of the network. Bin Laden’ssympathisers saw him as a charismatic leader and frontman, more of an inspirationand a financier than an organiser or administrator for the ‘cause’.10
Jihad is what constitutes the Islamic political violence that al-Qaeda is a part of.Islam distinguishes between Jihad Akbar (‘the greater holy war’) and Jihad Ashgar(‘the minor holy war’).11 The greater Jihad refers to the individual’s struggle tobecome a good Muslim, characterised by self-preservation and self-control. Theminor Jihad has political and military features and is regulated by a number of ethicaldecrees. It is about protecting Islam and its holy places. One decree says that Muslimscan only enrol in (minor) Jihad when attacked. Modern Jihad is directed against theUnited States, Israel and their allies as well as Muslim states that support them andoppose the establishment of a ‘pure Islamic nation’. The goal for al-Qaeda is toestablish an Islamic caliphate stretching across the Arab world to Southeast Asiaand covering all areas where Muslims live.12
During the years that have passed since September 11, 2001, the intentions andmethods of al-Qaeda and other terrorist organisations have changed. The internet hasbecome an increasingly important channel for communication and recruitment, butalso for information on suitable targets to attack.13 The terms that have been used todescribe this transformation include electronic, digital and cyber Jihad.
Strategic Analysis 557
Dow
nloa
ded
by [
Mer
cer
Uni
vers
ity]
at 1
4:49
21
Oct
ober
201
4
Through the internet it is possible to acquire means and methods to, for example,produce bombs for ‘traditional terrorism’ as well as to develop the capacity fornetwork operations. Since the internet is not regulated and it is possible to spreadinformation at a low cost, even small groups of players can gain a lot of attention. It iseasy to conduct psychological warfare and information campaigns. The internet isused to reach ideological and political goals.
It is important to stress that the internet is not a target in itself for radicalorganisations such as al-Qaeda. However, the infrastructure can be used by playerswith skills and resources to attack control and monitoring functions in systems vital tosociety.
The internet plays a significant role for terrorist organisations such as al-Qaeda.This can be seen in the following quotes, drawn from the website ‘Jihad Online:Islamic Terrorists and the Internet’, which has now been closed:
Thanks to the progress in modern technology, it is simple to spread information, news,articles and other information through the Internet. We express with the greatest convictionthat young Muslims with good internet knowledge should spread information and articles ofJihad. We continue our struggle with the help of Allah.14
In a raid of the Islamic organisation al-Muhajiroun and its leader Omar BakriMuhammad in London in 2005, police found e-mail correspondence between Bakriand other known al-Qaeda sympathisers. One document contained the following text:
Within the foreseeable future you will see attacks directed towards the Exchange. I would notbe surprised if tomorrow I would hear about a major economic collapse because someoneattacked important technical systems in big companies.
Omar Bakri Muhammad claims there are tens of thousands of bin Laden supporterswho are studying computer science in order to work for the holy cause.15
The statement has been confirmed by Hamid Mir, terrorism expert and editor of thePakistani daily newspaper Ausaf. According to Hamid, bin Laden said in an interviewthat
hundreds of young men have turned to him and pledged to die for the cause, and hundreds ofMuslim scientists are with him and they’ll use their knowledge in chemistry, biology andother fields, from computers to electronics, against the infidels.
Bin Laden allegedly also told his sympathisers that it is very ‘important to hit theAmerican economy, on which they base their military strength’. His statements couldbe interpreted both as psychological propaganda and as an expression of the organisa-tion’s intent to carry out operations in new ways with new means, methods andtargets.
Targets of specific interest for computer and network operations include commandand control functions for systems critical to society (Supervisory Control and DataAcquisition [SCADA] systems).16 Conducting successful operations requires a highlevel of skills and great resources, either from the organisation or from a state playerwho wants to participate in an electronic Jihad. It is not clear whether al-Qaedapresently has these kinds of assets and contacts.
According to unconfirmed information, in 2006 US intelligence found a lot ofinformation on laptops in Afghanistan with photos, blueprints and documents
558 Roland Heickerö
Dow
nloa
ded
by [
Mer
cer
Uni
vers
ity]
at 1
4:49
21
Oct
ober
201
4
describing a number of sensitive targets for attack in the US and Europe. Some of theinformation in the documents was based on Google Earth and other open sources onthe internet. It is obvious that Google Earth and similar websites are used in theplanning of terrorist attacks.
A lot of information about vulnerabilities in networks and computers can also beprocured via hacker forums. In Pakistan and other countries in the Middle East, and inthe West, there are people with detailed knowledge of how to penetrate computers andnetworks. There are a number of hacker groups that say they support the Islamiccause, including the Taliban and, presumably, al-Qaeda. Palestinian, Turkish andMoroccan groups, to mention just a few, are very active and have good qualificationsin the field.
The cost of information on how to infect computers through spyware, which canbe used for things like distributed denial of service attacks, is somewhere between1,000 and 5,000 US dollars.17 On a prominent, but now closed, website associatedwith al-Qaeda there was information on how to conduct Distributed Denial-of-Service(DDoS) attacks.18 There are a number of other websites with links to the Islamicmovement that teach hacking and how to handle viruses and Trojans.
Due to its simplicity, structure and global penetration, the internet has become oneof the most important channels for terrorist organisations like al-Qaeda. The technol-ogy makes ‘networking’ possible between the organisation’s different and loosely tiedparts. It is used as a primary tool to collect funding and find new sympathisers andrecruits for Jihad. The global network is also used for psychological operations,disinformation and deception campaigns, as well as for blackmail of opponents.The internet is an effective means of ‘self-radicalisation’ of individuals and groupsall over the world.
According to the Washington-based US Institute of Peace (USIP), the terroristnetwork controlled more than 5,000 websites in 2006. At least 50 of these were inturn connected to a number of other forums.19 Islamism expert Abdel Bari Atwan saysthere are more than 4,500 sites that have helped al-Qaeda to develop into a trulyglobal ideological movement.20 Every year hundreds of new sites are added.21
It is hard to estimate the exact number of websites directly or indirectly associatedwith the terrorist network. They differ in structure and design, the kind of messagethat is presented and to what sort of audience. Some of them are more associated withconvinced ‘Jihadists’, while others are linked to chat rooms and internet forums.
The interest al-Qaeda shows in the internet is in no way new. Their first websitewas www.alneda.com, launched in 1997 on servers in Singapore, Malaysia and Texas,USA. The Arabic word Alneda can be roughly translated as the message. A couple ofmonths after it was launched, the website was discovered by American intelligenceand forced to shut down. Shortly after this it was re-launched, but under a new nameand on different servers. Subsequently, it changed both URLs and names every fivedays to avoid discovery. This cat and mouse game continued for more than six years,before the website finally disappeared from the internet—for good, it was assumed.But in April 2003 a website with links to al-Qaeda sympathisers was discovered(www.faroq.org); it carried the message: ‘Faroq continues to carry the banner ofalneda.com’. Another early website was Maalem jihad [the holy war’s milestones].It was launched on a primary server in China around 2000, with a mirror server inPakistan.22 Another important site, according to American security expert MichaelKnapp, was al Ansar.23
Strategic Analysis 559
Dow
nloa
ded
by [
Mer
cer
Uni
vers
ity]
at 1
4:49
21
Oct
ober
201
4
Constantly moving material around on the internet and launching it under newnames on web hotels at different geographical locations is a strategy that has workedwell. Between January 2002 and April 2003 al Ansar changed its websites approxi-mately every other week. On an English forum, discovered in November 2007, therewere manuals with instructions on how to produce ‘dirty bombs’, both nuclear andbiological versions. One of the manuals contained more than 80 pages of descriptionsand quotes that were said to originate from Osama bin Laden. One of the quotes was:‘The manual should be seen as a gift from the commander to the jihadist fighters’.When the website was discovered it had had more than 57,000 unique visitors.
There are a number of websites on the internet that are more or less closelyconnected to al-Qaeda. They provide advice on how to design bomb belts used insuicide attacks. It is also possible to learn about tactical behaviour and how to useRocket-Propelled Grenades (RPGs) against different targets. This kind of website canbe seen as an information library and part of what is called the Encyclopedia of Jihad.The Taliban’s official unit for media distribution shows detailed descriptions of howto produce and pack explosives. There are also interviews with the leaders of al-Qaedatalking about Jihad. The contents gradually change; new material is constantly added,often related to current events.
Just as new websites are continuously being added on the internet, others are shutdown by operators after pressure from law enforcement agencies. Other reasons whythey disappear include hostile hacking activities by people and organisations opposedto the Islamist struggle and electronic Jihad.
Up until 2007, Internet Haganah, a Zionist organisation based in the US, identifiedand confirmed to internet service providers at least 700 websites with terroristmaterial.24 Shortly after this, the websites were shut down. The organisation hasprobably also hacked these kinds of websites.
There are also a number of fake websites with messages that seem to come fromal-Qaeda and the Islamist movement. These are used as ‘honey pots’ in order tomonitor possible visitors and catch their IP addresses. Through the IP address it ispossible to trace and identify from what server the visitor initiated the session.Alneda’s website has allegedly been repeatedly hoaxed. Who is behind these opera-tions is not known. Generally speaking, with the right will and motivation it is quiteeasy to produce fake websites.
One of the more interesting websites when it comes to form and content is alMuhajiroun.25 The site has the same name as one of the more prominent BritishIslamist movements, led by Sheikh Omar Bakri Muhammad. At the beginning of the21st century it became something of a role model in the art of propaganda andrecruitment on the internet. It is also a source of self-radicalisation. There is informa-tion on the website that emphasises the obligation of the faithful to kill non-Muslims.The website has now been removed from the internet.
According to Islamist expert Abdel Bari Atwan, al Muhajiroun and similarsites often resemble one another.26 They are divided into sections. The most importantand prioritised is the religious one, called fatwas. It lists legitimate targets for attack,according to the views of the Islamists behind the site. These include people andorganisations as well as physical objects such as the banking system and so on. Thereare continuous references to Jihad. Visitors who want to learn more about the strugglecan click on links to get into contact with religious authorities, the sheikhs.
Fresh recruits are very important. In the Jihad section there is often materialdescribing what anyone interested can do in order to become a holy warrior in the
560 Roland Heickerö
Dow
nloa
ded
by [
Mer
cer
Uni
vers
ity]
at 1
4:49
21
Oct
ober
201
4
service of Islam. There is practical advice, for example, on how to get to different warzones in Iraq, Pakistan, Somalia and Syria, and names and locations of mosques indifferent countries that are part of Jihad. There are photos and films describingsuccessful attacks on the infidels by Jihadi warriors, along with stories on heroesand martyrs who fell in battle. Their testimony to their comrades can be read andmeditated upon. There are of course donation links for those who want to give moneyto Islamist causes.
These kinds of websites in turn provide links to other websites and various internetforums where there is more information. An interesting detail is that many of thewebsites have an IT section, where those interested are asked to share their knowledgeof and information on how to develop new methods for electronic Jihad. From amodern marketing perspective this is a new way of getting the ‘customer’ involved inthe movement.
Along with mosques and universities, websites are presently one of the mostimportant channels for propaganda in Western countries. Sheik Omar BakriMuhammad has said that every year an average of 18,000 British-born Muslims arerecruited for military training in countries where Islamist groups are active.27 Thisnumber is probably highly exaggerated, but there are definitely recruitments occur-ring. There are boot camps in Mali, Iraq, Pakistan, Somalia, Yemen, Indonesia and thePhilippines. A number of Europeans have been recruited by Islamist movements inPakistan and Somalia. Several of these Jihadists have been killed in fighting in Africaand the Middle East.
One website that was described by CNN as a propaganda centre for al-Qaeda isthe English-language Inspire.28 It is operated by American citizen Samir Khan, who isof Saudi extraction. Taimour Abdulwahab, who died in the failed terrorist attack inStockholm at Christmas 2010, is reported to have been in contact with Khan viaFacebook.
A well-known website for propaganda and recruitment is the British IslamicAwakening.29 The website is linked to an organisation called Azzam Publications30
which publishes Islamist material of different kinds. The interesting thing aboutIslamic Awakening is that one of the founders, Abdul al-Qari, is a man alleged tobe a former Nazi, who used to go by the English name of David Myatt before heconverted to Islam. This information has not been confirmed, but if it is true it showsthat people with radical beliefs are not necessarily bound to their choice ideology; theimportant thing is the struggle against somebody or something. According to infor-mation on the website, they help to organise resistance cells for Jihad.
There are also websites associated with different hacker groups that are said tosupport al-Qaeda. One of these is OBL Crew (Osama bin Laden Crew). IslamistHackers, also known as Afghan Hackers, are believed to be part of the same group asthe one that leads OBL Crew.
Recruitment is by no way restricted to men; there are sites specifically aimed atwomen. One is named after the female poet al Khansa, who in the 7th century, in theearly stages of Islam, wrote intrinsic complimentary texts to Muslim martyrs killed inthe struggle against the infidels. The site encourages women to support their husbandsin Jihad but also to introduce and prepare their children to continue the legacy. Theylabel this a duty. Naturally there is information on how to become a warrior in theservice of Islam by constructing suicide bomb belts.
One effective way of spreading propaganda is to participate in chat groups andfree internet forums. These forums are open in the sense that it is possible to express
Strategic Analysis 561
Dow
nloa
ded
by [
Mer
cer
Uni
vers
ity]
at 1
4:49
21
Oct
ober
201
4
one’s opinions; the subjects can be more or less anything, legal or illegal: hacking,internet security, drug use, smuggling narcotics, music or fashion. Quite a few of theseforums are excellent tools for propaganda and recruitment of sympathisers, even co-ordinating terrorist activities for Jihadists.
Since the Islamist movement is global and resources vary, bandwidth is notsupposed to be an obstacle for anyone interested. People from areas with poor ITinfrastructure should still be able to download and access information. Accessibility isthus an important part of electronic Jihad. All members assume cover names andaliases, which they use when writing pieces or answering questions. Contacts betweenusers are made via the forums.
Closed user groups are formed in order to avoid discovery by law enforcementagencies. The only way to be invited is through recommendations. When this obstaclehas been passed, peer-to-peer connections are made with the other participants in thechat group. Passwords are exchanged between the parties and communication isenciphered.
Visits on these kinds of forums and chat sites are not free of risk; participation canattract attention from the police and prosecutors. An example of this is Scottishstudent Mohammed Atif Siddique, who was sentenced to a total of eight years inprison by a British court for having provided and distributed terrorist material on theinternet and in different forums.31 Through computer forensics—i.e. criminal inves-tigations of his seized computers and servers—British police could show thatSiddique had hidden material that encouraged terrorism in a Windows folder. In asearch of his apartment, and of properties and shops nearby, police also found morethan 30 computers, 500 CDs and DVDs with compromising material along with 25cell phones and 19 SIM cards. Almost 700 documents could be traced from thecomputers, with more than 1,000 appeals for Jihad.
Naturally, this causes concern within Islamist ranks. There are continuous onlinediscussions as to whether foreign security services have infiltrated the forums andfound compromising material and tips on people and groups preparing for terrorism.Many participants are worried that the security services actively participate in the chatforums, asking questions and providing information in order to get a picture of thesituation. According to Atwan, the Saudi intelligence services, for example, haveallegedly shown an interest in activities on different forums.32
One of the most serious threats when it comes to hostile activities is from insiders,that is, politically and ideologically driven people with computer skills, who havebeen recruited and placed inside an organisation in order to conduct detrimentalactivities. For groups such as al-Qaeda the value of these people is great; so is thedifficulty for police and security services to discover the moles. Below is an exampleof a person who may have been acting as an insider, although this has not beenconfirmed.
On a blog discussing different aspects of terrorism, one case was brought updescribing the security officer responsible for computers and networks at theUniversity of Washington, School of Nursing in Seattle, Majid al-Massari. Hewas arrested in August 2004 accused of preparing for terrorism.33 What he wasactually charged with is not known to this author, but it probably had something todo with his job at the university. Majid al-Massari is allegedly the son of Dr.Mohammed al-Massari, head of the ‘Committee for Defence of Legitimate Rights’(CDLR). Mohammed al-Massari is also the spokesman of al-Qaeda in London and isknown for his extremist views. Among other things, he has hosted websites with
562 Roland Heickerö
Dow
nloa
ded
by [
Mer
cer
Uni
vers
ity]
at 1
4:49
21
Oct
ober
201
4
videos showing decapitations of infidels. Majid’s stepmother, according to the blog,has participated in spreading the message of al-Qaeda in the US.
A 2005 intelligence report by the US Department of Homeland Security (DHS)describes how the criminal group Jamaatul-Fuqura, based in Pakistan, co-operatesclosely with an organisation called Muslims of America. Through its contacts withJamaatul-Fuqura it is believed that Muslims of America gained connections to al-Qaeda. They are also suspected of having provided members of Jamaatul-Fuqura withinformation on hardware and computer networks.
There are also suspicions that associates of bin Laden used sophisticated insiderinformation to speculate on the stock exchange prior to September 11, 2001. In theaftermath it was concluded that prior to the attacks there had been an unusually highlevel of trading in shares in the air transport, energy and insurance sectors. In a similarway, British intelligence, in connection with the subway and bus bombings in Londonin the summer of 2005, identified an increased activity in international computercommunications between the suspects and IP addresses in various Arab countries.
The line between terrorism and ‘ordinary’ criminality is vague. According to a2008 US Congress report, cyber criminals have entered alliances with drug smugglersin Afghanistan and the Middle East.34 The criminals supply the terrorists with stolencredit cards and passwords, and in return they get access to narcotics. These criminalshave good skills in advanced IT. Drug dealers use encryption intensely, in order toprotect their communications over the internet. Through their resources, they can hirecomputer specialists who help them with methods to conceal information, for instancein digital photos sent in seemingly harmless e-mails. The well-developed infrastruc-ture in the West is a good facility for co-ordination of transactions and logistics, butalso for laundering money from criminal activities.
A report by the Drug Enforcement Administration (DEA), quoted in the 2008Congress report, says that 14 of 23 identified terrorist organisations were involved indrug trafficking in 2004. The Islamist organisations were especially active. The annualturnover from narcotics in Afghanistan is estimated to be more than 30 billion USdollars.35 Drug money from the area, together with contributions from sympathisers,has become an important source of revenue for the Taliban and al-Qaeda. This shouldbe seen in the light of the total annual turnover from narcotics, which is assessed to be400 billion US dollars.36
Provided that the information is correct, this would imply that al-Qaeda, theTaliban and various criminal groups have nearly 10 per cent of the world’s totalnarcotics turnover. Good financial assets make it possible for terrorist organisationsand other criminals to hire computer specialists to produce ciphers that are very hardto crack. Discovering these activities thus becomes all the more difficult for lawenforcement agencies.
Many of these specialists are said to come from parts of the former Soviet Unionand the Indian subcontinent.37 Many of them probably do not know that they work forterrorists and/or criminal organisations; they have in all likelihood been given falseinformation by their employers. In other cases they may sympathise with the political-ideological and religious intentions and goals.
Al-Qaeda is well versed in ways of acting anonymously on the internet in order toconceal their operations. In the planning for September 11, they used the internet ande-mails to a high degree. For instance, communications between the terrorist cellsinside and outside the US were based on internet telephone applications.38 KhalidSheikh Mohammed, one of the brains behind the attack on the World Trade Centre
Strategic Analysis 563
Dow
nloa
ded
by [
Mer
cer
Uni
vers
ity]
at 1
4:49
21
Oct
ober
201
4
(WTC), communicated with at least two of the hijackers via special internet chatsoftware. Ramzi Yousef, sentenced in 2003 to life in prison for the first attack on theWTC, enciphered data in order to make it more difficult to discover his activities.Computers found in Afghanistan show that al-Qaeda collects information on targetsvia the internet and sends enciphered messages about this.39
Cyber terrorism can be understood as a development of ‘traditional’ terrorism withdifferent means but similar political and ideological agendas. Terrorists on the internettake advantage of modern societies’ increasing dependence on computer networks andmobile communications.
What kind of conclusions can be drawn from this development? One is that theinternet has become an important tool for terrorist organisations such as al-Qaeda toconduct their attacks. They act both in the physical world, with suicide attacks andvarious kinds of criminal activities, but also in the virtual world, via a large number ofwebsites. Since September 11, 2001 al-Qaeda’s operational capacity on the internethas increased. It involves information collection on sensitive targets, co-ordinationand recruitment. Cyber terrorism and electronic Jihad are a reality today.
One identified risk is that the terrorist network will not limit its activities on theinternet to communications and messages, but increase its ambitions to qualifiedoperations against websites, servers and networks. This could be combined withphysical attacks. Cyber assaults should be viewed as a force multiplier to physicalattacks. It is uncertain whether the movement presently has that capacity.
In connection with the assassination of Osama bin Laden in Abbottabad in thespring of 2011, American intelligence services found a number of computers contain-ing sensitive material. It turns out that the terrorist network planned to attack theAmerican railway system. How far they got in the planning process is not known.
Since al-Qaeda co-operates to a high degree with the Taliban in Afghanistan andPakistan, as well as with al-Shabaab in Somalia, there is a risk that knowledge aboutcyber operations will spread to these organisations too. This could include how tocarry out DDoS attacks, encipher communications or remain concealed on the internetin other ways.
Notes1. C. Giacomello, ‘Bangs for the Buck: A Cost-Benefit Analysis of Cyberterrorism’, Studies in
Conflict & Terrorism, 27(5), 2004, pp. 387–408.2. D. Dennings, ‘Cyberterrorism. Testimony before the Special Oversight Panel on Terrorism
Committee on Armed Services’, US House of Representatives, May 23, 2000.3. G. Weimann, ‘WWW.Terror.Net: How Terrorism Uses the Internet’, United States Institute for
Peace, special report number 116, 2004.4. C. Giacomello, no. 1.5. H. Christiansson and G. Fischer, Terrorismenstid, SNS Förlag, 2003.6. ‘Trojan bakomflygkrasch’, Tidningarnas Telegrambyrå (TT) [Swedish News Agency], August
21, 2010.7. ‘ROK Monthly Claims DPRK Hacks, Steals Military Secrets in March 2009’, ChosunIlbo
Online, October 19, 2009, at http://dlib.eastview.com/browse/doc/20797846.8. B. Collin, ‘The Future of Cyber Terrorism: Where the Physical and Virtual Worlds Converge’,
Paper presented at the 11th Annual International Symposium on Criminal Justice Issues,Chicago, September 23–26, 1997.
9. R. Heickerö, P. Hyberg, G. Olsson, I. Renhorn, T. Jonason and F. Eklöf, ‘Telekrig i en breddadhotbild’, Underlagsrapport, Totalförsvarets Forskningsinstitut (FOI) [The Swedish DefenceResearch Agency], December 2004.
564 Roland Heickerö
Dow
nloa
ded
by [
Mer
cer
Uni
vers
ity]
at 1
4:49
21
Oct
ober
201
4
10. United Nations, Security Council Committee established pursuant to resolution 126781999,September 20, 2002.
11. L. Napoleoni, Oheligt krig. Den moderna terrorismens ekonomiska rötter, Andersson PocketAB, Stockholm, 2004.
12. L. Wright, The looming tower. Al Qaeda and the road to 9/11, Vintagebooks/Random House[Al-Qaida och vägen till 11 september, Albert Bonniers Förlag] 2007.
13. A.B. Atwan, The Secret History of Al-Qaida, Saqi Books, London, 2006.14. The quote was found on the now closed websites www.jehad.net and www.jihadunspun.net.15. A.B. Atwan, no. 13.16. In several reports, for instance the CSR Report for Congress, ‘Botnets, Cyber Crime and
Cyber Terrorism: Vulnerabilities and Policy Issues for Congress’, updated January 29, 2008,and in Dorothy Denning’s works on cyber threats, anxieties are voiced regarding al Qaeda’sand other terrorist groupings’ interest in attacking vital infrastructures.
17. B. Francis, ‘Hackers Sell Their Information Anonymously through Secretive Websites. KnowThy Hacker’, Infoworld, January 28, 2005.
18. L. Greenemeir, ‘Electronic Jihad App Offers Cyber Terrorism for the Masses’, InformationWeek, July 2, 2007.
19. G. Weimann, Terror on the Internet: The New Arena Challenges, US Institute of Peace,Washington, DC, 2006.
20. A.B. Atwan, no. 13.21. G. Weimann, no. 19.22. A.B. Atwan, no. 13.23. Abu-‘Ubayd al Qurashi, ‘The War of the Ether’, on the al Ansar website, November 20, 2002.
The quote is described in PowerPoint slides made by Michael Knapp, ‘The War of the Ether:Al-Qaeda’s PSYOPS Campaign against the Western & Muslim Worlds’, at http://www.oss.net/dynamaster/file_archive/060122/AQ_PSYOPS.ppt.
24. http://internet-haganah.com/haganah/index.html.25. http://www.danielpipes.org/rr/1659.php.26. A.B. Atwan, no. 13.27. D. MacCrory, ‘UK Muslims Volunteer for Kashmir War’, The Times, December 28, 2000.28. P. Cruickshank, ‘US Citizen Believed to Be Writing for al Qaeda Website, Source Says’, CNN
News US, July 18, 2010.29. http://forums.islamicawakening.com/.30. http://www.globalterroralert.com/azzam-mokhtar.pdf.31. J. Lettice, ‘Jailed Terror Student “Hid” Files in the Wrong Windows Folder and Provided
Terror Instruction via Web Links’, The Register, October 23, 2007. The information is basedon an article published in the Scotsman, September 18, 2007, at http://www.scotsman.com/news/scotland/top-stories/terror-scot-may-have-been-planning-attack-in-canada-1-919232.
32. A.B. Atwan, no. 13.33. A. Cochran, ‘Muslim Hackers Assaulting Websites since Cartoon Controversy Began’,
Counterterrorism Blog, February 8, 2006, at http://www.counterterrorismblog.org/2006/02/muslim_hackers_assaulting_webs.php.
34. CSR Report for Congress, no. 16.35. L. Handley, ‘Intel Brief: Afghan Poppies Fear Not’, Centre for Security Studies and Conflict
Research, Swiss Federal Institute of Technology, Zurich, 2007.36. L. Napoleoni, no. 11.37. CSR Report for Congress, no. 16.38. Ibid.39. T. Thomas, ‘Al Qaeda & the Internet: The Dangers of Cyber Planning’, Foreign Military
Studies Office (FMSO), Fort Leavenworth, Kansas, 2003.
Strategic Analysis 565
Dow
nloa
ded
by [
Mer
cer
Uni
vers
ity]
at 1
4:49
21
Oct
ober
201
4
