Playing With Fire in Ukraine
The Underappreciated Risks of Catastrophic Escalation
WORLD OF WARCRAFT
The United States is gradually losing the online war against terrorists. Rather than aggressively pursuing its enemies, the U.S. government has adopted a largely defensive strategy, the centerpiece of which is an electronic Maginot Line that supposedly protects critical infrastructure (for example, the computer systems run by agencies such as the Department of Defense and the Federal Aviation Administration) against online attacks. In the meantime, terrorists and their sympathizers, unhindered by bureaucratic inertia and unchallenged by Western governments, have reorganized their operations to take advantage of the Internet's more prosaic properties.
The U.S. government is mishandling the growing threat because it misunderstands terrorists. For more than a decade, a host of pundits and supposed experts have traded in doom-and-gloom predictions that cyberterrorists would wreak havoc on the Internet -- or, worse, use computer networks to do damage in the offline world (for instance, by hijacking systems that control the water and power utilities of major metropolitan areas). Such warnings were bolstered by the occasional acts of terrorist groups such as the Pakistani-based Lashkar-e-Taiba, which has staged dramatic but ineffectual cyberattacks, such as its hacking into the Indian army's Web site in 2000. Although such incidents had only symbolic impact, they scared technophobic Western policymakers. Fearful of a digital Pearl Harbor, governments embarked on a frantic campaign aimed at "locking doors." As the former White House counterterrorism czar Richard Clarke explained, Washington's strategy has been simple: keep terrorists from breaching sensitive government networks.
In truth, although catastrophic computer attacks are not entirely inconceivable, the prospect that militants will be able to execute them anytime soon has been overblown. Fears of such science-fiction scenarios, moreover, have led policymakers to overlook the fact that terrorists currently use the Internet as a cheap and efficient way of communicating and organizing. These militants are now dedicated to waging an innovative, low-intensity military campaign against the United States. Jihadists are typically organized in small, widely dispersed units and coordinate their activities online, obviating the need for a central command. Al Qaeda and similar groups rely on the Internet to contact potential recruits and donors, sway public opinion, instruct would-be terrorists, pool tactics and knowledge, and organize attacks. The RAND Corporation's David Ronfeldt and John Arquilla have called this phenomenon "netwar," which they define as a form of conflict marked by the use of "network forms of organization and related doctrines, strategies, and technologies." In many ways, such groups use the Internet in the same way that peaceful political organizations do; what makes terrorists' activity threatening is their intent.
To counter terrorists, the U.S. government must learn how to monitor their activity online, in the same way that it keeps tabs on terrorists in the real world. Doing so will require a realignment of U.S. intelligence and law enforcement agencies, which lag behind terrorist organizations in adopting information technologies. At present, unfortunately, senior counterterrorism officials refuse even to pay lip service to the need for such reforms. That must change -- and fast.
V FOR VIDEO
One of the most important ways in which terrorists use the Internet is as a medium for propaganda. Films trumpeting the successes of Islamist fighters, such as those that emerge regularly from the Sunni Triangle region of Iraq, are nothing new. For years, disturbing videos of executions, ambushes, and roadside bombings have emerged from jihadist battlegrounds such as Bosnia and Afghanistan. What is new is how these films are distributed.
Until a few years ago, the videos were warehoused by various clearing-houses (often based in London) and mailed to customers around the world. Such expensive and visible bricks-and-mortar operations left lengthy paper trails, which made it fairly easy to identify and prosecute the operators of the clearing-houses. Today, however, terrorists exploit the ready availability of high-speed Internet access, pirated video-editing software, and free file-upload Web sites (such as www.yousendit.com) to reach their audiences cheaply and nearly anonymously. By distributing material over the Internet rather than using European middlemen, jihadists make themselves virtually impossible to track.
Al Qaeda in Iraq, established by the late Jordanian Abu Musab al-Zarqawi, was one of the first movements to use the Internet in such a fashion. In the spring of 2004, communiqués signed by a mysterious individual known as Abu Maysara al-Iraqi began to appear on extremist Arabic-language message forums. Any doubts among jihadists and their fellow travelers as to the authenticity of these statements faded that May, after Abu Maysara (now known to be Zarqawi's media chief) posted insurgent videos online, including one showing Zarqawi and his top advisers beheading the American businessman Nicholas Berg.
Such films have helped the jihadists attract new followers. On one occasion, in mid-2004, Italian police managed to eavesdrop on the Egyptian terrorist recruiter Rabei Osman Sayed Ahmed as he played the Berg video for a suicide-bomber-in-training. He excitedly crowed, "This is the policy we need to follow, the policy of the sword. Come and see our brother Abu Musab [al-Zarqawi]. ... This is the policy." Other terrorist movements have since sought to emulate Zarqawi's gruesome triumph, and dozens of new anonymous Arabic-language message boards carrying the latest news of the mujahideen have sprung up online. Most attempts to hunt down the original source of terrorist messages and videos have been fruitless. Even when a particular Internet forum is shut down, others take its place, guaranteeing that there is always a way for terrorists to find an audience.
Terrorists also use the Internet to make more practical films available. In December 2004, for example, Sunni Muslim extremists recycled a 26-minute instructional film (originally produced in Lebanon by Hezbollah) detailing the step-by-step fabrication of explosive-filled vests for suicide bombers. The person who posted the video explained that he hoped its release on the Internet would "help the brothers" in the Iraqi cities of Fallujah, Ramadi, and Mosul avenge the alleged humiliation of Iraqi women at Abu Ghraib prison. Terrorist groups also regularly distribute videos online explaining how to make rockets, improvised explosive devices, and even crude chemical weapons.
LICENSE TO SHILL
The case of Irhabi 007 (Terrorist 007) sheds light on what terrorist groups seek from their online activities and how quickly they have become sophisticated in their use of the Internet. Although Irhabi 007's pseudonym was facetious, there was nothing lighthearted about his activities. Over two years, from 2003 to 2005, Irhabi 007 -- in real life, allegedly Younis Tsouli, a 22-year-old Muslim of Moroccan origin who until recently lived in West London -- became the Internet jack-of-all-trades for many terrorists, including Zarqawi and Abu Maysara. The demands of Zarqawi's online operations required substantial Internet resources, even more than al Qaeda's own vaunted media wing could provide. In July 2004, Abu Maysara was forced to serialize the Internet release of Zarqawi's first full-length propaganda film, Wings of Victory, because al Qaeda did not have the resources to distribute the 90-megabyte file in one piece. Either at the behest of Zarqawi's organization or on his own initiative, Irhabi 007 quickly stepped forward and provided Zarqawi's group with space on hacked servers (including one owned by the Arkansas State Highway and Transportation Department) to disseminate the film. Zarqawi and his group welcomed Irhabi 007's expertise, and the normally taciturn Abu Maysara publicly praised him for helping al Qaeda: "Bless the terrorist, Irhabi 007," he wrote on the chat forum of Muntada al-Ansar, an organization with ties to al Qaeda. "In the name of Allah I am pleased with your presence, my beloved brother. May Allah protect you."
The relationship between Abu Maysara and Irhabi 007 grew closer. In a rare misstep, in April 2005 Irhabi 007 accidentally left one of his Internet servers unprotected, revealing a partially finished official Web site that he was building on Zarqawi's behalf. The site was located on a server leased to Irhabi 007 by TenaMax, a Delaware-based hosting company. For weeks, the TenaMax server also hosted dozens of newly released videos from Zarqawi, including films depicting attacks on coalition and Iraqi government forces using improvised explosive devices, the beheadings of Western hostages, suicide-bombing missions, and other jihadist military operations inside Iraq.
Even Osama bin Laden's own media outlet, the infamous Pakistani-based as Sahaab (the Clouds) Foundation, apparently relied on Irhabi 007. It seems hard to believe that as Sahaab would need Irhabi 007's assistance. The group's slick films (which include The State of the Ummah, featuring footage of the former al Farooq terrorist training camp in eastern Afghanistan, and The Nineteen Martyrs, the martyrdom wills of several 9/11 hijackers) are professionally produced and sometimes even feature English narrations. Before 2005, however, as Sahaab lacked a significant Internet presence. In November of that year, as Sahaab launched its new Web site (the now-defunct www.as-sahaab.com), principally in order to distribute a single full-length video: the martyrdom will of Mohammad Sidique Khan, one of the suicide bombers involved in the July 7, 2005, attacks in London. Unsurprisingly, there were striking similarities between as Sahaab's new online home and Irhabi 007's other work, a resemblance quickly noted by posters on radical Islamist message boards. One online participant commented, "As for brother Irhabi 007, I have not heard from him since the end of September but I am certain that I see his fingerprints on numerous projects, such as the videos of the as Sahaab Foundation."
In addition to working for Zarqawi and as Sahaab, Irhabi 007 keenly monitored those who took an interest in him, as I learned to my dismay after participating in a videotaped discussion about cyberterrorism that was broadcast on The Washington Post's Web site in August 2005. Within days, Irhabi 007 posted my interview on one of the most extremist of the Internet chat forums used by al Qaedalinked terrorist groups. Concerned but curious, I wrote him an open letter explaining that if he had comments to make, he could speak to me directly. Minutes later he replied by e-mail: "Dear Evan, I don't do interviews. If you wish to discuss anything, then the forum is a good platform. We even have an English section!"
In late 2005, British police finally caught up with Irhabi 007. They arrested him, charging him with conspiracy to murder and to cause an explosion. At the time of his arrest, he was found to be in possession of "video slides film on a computer hard drive showing how to make a car bomb ... [and] video slides film showing a number of places in Washington DC," according to the BBC. Tsouli is currently awaiting trial in the United Kingdom.
Irhabi 007's Internet savvy is no longer unique. Today, even small, independent Iraqi insurgent groups are quickly developing their own Internet presence. For a long time, the Islamic Army in Iraq (IAI) -- one of the first native Iraqi militant organizations with an established presence on the Internet -- used Yahoo's free online newsgroups to distribute their communiqués and videos to supporters. An official IAI statement explained, "The enemies of Allah will continuously [try to close down] our website. ... We ask you to register for our mailing list so that you continue to receive the latest news of the Islamic Army in Iraq." In May 2005, an examination of the digital routing information contained in IAI messages indicated that the files were being posted on Yahoo using a California-based satellite Internet access provider. Ironically, the satellite utilized by the IAI was intended specifically "for U.S. military operations in Iraq," according to a press release from the satellite service provider. It is unclear how the IAI beamed its propaganda out of Iraq via technology intended for the exclusive use of the Pentagon.
Some terrorists have even begun to take direct actions against Web sites they dislike, although these efforts have been limited in both their scope and their importance. For example, last winter, when Scandinavian media outlets began republishing cartoons of the Prophet Muhammad that many conservative Muslims deemed blasphemous, a wide variety of would-be cyberterrorists swore to carry out a "revenge battle on Danish newspapers," as one contributor on an extremist Internet forum wrote. Knowledgeable users on forums frequented by members of known terrorist organizations passed along detailed instructions about how to launch basic denial-of-service attacks (assaults on computer servers that block other users by overloading the resources of the victim systems) against the Web site of Politiken, a prominent newspaper in Denmark that has helped expose the activities of local Muslim fanatics. Other messages posted online celebrated the purported sabotage of other "apostate" Danish media Web sites by budding cyberterrorists based in Saudi Arabia. Yet another group of hackers released a video documenting their own successful attack on the Web site of Jyllands-Posten, the Danish newspaper that was the original source of the controversial cartoons.
For those interested in going beyond virtual attacks, the Internet also provides the means for would-be jihadists to contact other terrorists. When Ismail Royer, an American convert to Islam, sought to enroll in combat training at a Lashkar-e-Taiba camp in Pakistan in May 2000, he simply looked up the group's contact information on its English-language Web site. Even today, one can fairly easily locate online telephone numbers, e-mail addresses, and bank accounts that lead directly to proscribed foreign terrorist organizations. A fundraising brochure posted online by Lashkar-e-Taiba's political wing tells supporters how to make donations to the group, urging them, "Don't forget Mujahideen and refugees of Kashmir & Afghanistan during your Eid delights. The Lashker-e-Taiba Mujahideen [are] fighting against the tyrannical forces occupying the Islamic world. ... The Holy Prophet (peace be unto him) said he who provided gear to a Ghazi [warrior] in the way of Allah is like as he himself took part in the Jihad."
In some cases, the line between terrorist activities online and terrorist activities on the battlefield is so blurred that it is virtually impossible to distinguish them. Such was the case for the Army of the Victorious Sect (AVS), a Sunni insurgent group in central Iraq. In early November 2005, the AVS announced an open competition for the design of the organization's new official Web site. The creator of the winning entry, as determined by the leaders of the AVS military and media divisions, would receive an unusual prize: "The winner will fire three long-range rockets from any location in the world at an American military base in Iraq by pressing a button [on his computer] with his own blessed hand, using technology developed by the jihad fighters, Allah willing." Within days of the announcement, the AVS indicated that it had received such an overwhelming response that it had decided to extend the deadline for submissions. (The contest was abandoned in January 2006 when the AVS merged with Zarqawi's group.)
Ironically, terrorists' online activities have enabled them to develop skills that may make policymakers' fears of large-scale cyberattacks more realistic. In July 2004, an extremist supporter of Zarqawi announced on several chat forums that he had successfully hacked into a U.S. Army computer system based in South Korea. The unidentified militant claimed to have seized control of the computer for over a month and said he had sought not to destroy the system but to spy on the United States. To prove the veracity of his claims, the hacker produced a screenshot of the hijacked computer's Windows desktop, along with several files allegedly downloaded from the system -- including video recordings of coalition patrols in Iraq and high-resolution photos of U.S. Army personnel serving in Iraq.
Terrorist groups' mastery of the Internet is an example of a powerful law of human affairs: just a bit of ingenuity is far more effective than a misguided and wasteful bureaucracy. Bound by institutional restraints and largely unaware of terrorists' online activities, U.S. law enforcement and intelligence agencies have fallen far behind their terrorist adversaries in terms of Internet skills. Some of the most important U.S. government agencies tasked with tracking and intercepting the members and activities of al Qaeda have placed little or no emphasis on building their cultural and technological know-how, knowledge that is critical to fighting contemporary terrorists.
Indeed, the public statements of senior U.S. counterterrorism officials display an almost arrogant disregard for such knowledge. In testimony delivered in a recent civil lawsuit, FBI Director Robert Mueller dismissed the notion that such training is necessary for agents tasked with protecting U.S. national security. According to Mueller, knowledge of Islam, Arabic, and the Middle East is "helpful, not essential. ... Often you can pick up the subject matter if you've got leadership skills." And in 2004, then Congressman (and later CIA Director) Porter Goss admitted that he was profoundly ignorant of the Internet: "I certainly don't have the technical skills, as my children remind me every day: 'Dad, you got to get better on your computer.' So, the things that you need to have [to be in the CIA], I don't have." Such attitudes have blocked attempts at reforming the intelligence community in order to better deal with the new threat.
Meanwhile, frontline agents in the U.S. war on terrorism lack the tools they need. Intelligence analysts in major U.S. counterterrorism agencies use decades-old information technology, and many lack high-speed Internet access or even writable CD-ROM drives. It is difficult, to say the least, to use a dial-up modem to download from the Internet broadcast-quality propaganda videos, the size of which can run to hundreds of megabytes -- and impossible to share them using floppy disks.
A workable strategy for the U.S. government -- and the governments of other countries threatened by jihadists -- would need to combine a more active approach to Internet surveillance with reforms to intelligence and law enforcement agencies. Today, the structure of the Internet permits malicious activity to flourish and the perpetrators to remain anonymous. If the United States wishes to prevent the Internet from being used as a staging ground for terrorism, it cannot rely solely on the National Security Agency's automated surveillance systems, such as Echelon and Carnivore. It must also field knowledgeable agents who can investigate -- and preempt -- terrorists by monitoring their online activities. The very resilience of terrorists' propaganda networks can be turned in Washington's favor. Since it would be nearly impossible to identify and disable every jihadist news forum on the Internet given the substantial legal and technical hurdles involved, it would make more sense to leave those Web sites online but watch them carefully. These sites may work as online recruiting stations, but they also offer Western governments unprecedented insight into terrorists' ideology and motivations.
Deciphering these Web sites will require not just Internet savvy but also the ability to read Arabic and understand the jihadists' cultural backgrounds -- skills most U.S. counterterrorism agents currently lack. No matter what the focus of today's counterterrorism operatives, Washington must ensure that they are familiar with both foreign cultures and how terrorists operate online. Technological sophistication is no longer a luxury. It is now a basic survival skill.