Jerusalem Post May 6, 2004
How serious is cyber-terror's threat, and what is the free world doing about it?
By Alan D. Abbey
Islamic terrorists are winning the on-line war against Western interests because of their virtually unchecked ability to use the Internet to plan, promote, and propagate both physical and cyber attacks.
Efforts to monitor, predict, and counter such attacks are only in the earliest stages. Technical, legal, privacy, and even political challenges are slowing down what could be called cyber counterterrorism in Israel and the US. Private groups have done much of what little successful monitoring has been done so far, as government efforts, particularly in the US, have been hampered by civil liberties concerns.
While no major terror attacks have yet been carried out on or through the Internet, the sophistication of attacks is increasing and test runs for major disruptions have occurred.
Rabbi Abraham Cooper, deputy director of the Simon Wiesenthal Center in Los Angeles, says terrorists are deeply involved in the Internet.
"The truth is, the terrorist groups, al-Qaida and those affiliated with it, use every available part of the Internet to promote their agenda," he says. "That includes command and control - sending encrypted messages thousands of miles to their operatives."
Experts agree there are three key aspects to cyber-terrorism: Attacks on electronic networks, sabotage of physical infrastructures, and abuse of the Internet for recruitment and propaganda.
TWO YEARS ago an attack was waged on the database of the America-Israel Public Affairs Committee, the pro-Israel lobbying group in Washington, which included the theft of donors' credit-card numbers.
A new Wiesenthal Center report documents efforts by Hamas and al-Qaida to get 100,000 on-line activists to attack Israeli government Web sites in coordinated efforts.
The BBC reported last year the number of attacks on Web sites leapt after the US-led invasion of Iraq last year. The BBC said more than 1,000 sites were hacked in direct relation to the Iraq conflict, including some of the US Navy's sites. Many of the hacker attacks contained anti-war slogans; some had direct anti-US slogans, the BBC said.
ACCORDING TO the database of mi2g Ltd., a computer security firm based in London, the number of digital attacks in the last two and a half years reached into the thousands, with the majority targeting Turkey. The company's database identifies Morocco, Pakistan, Indonesia, Malaysia, and Saudi Arabia as the leading sources. Mi2g says the primary targets are computers owned by American, German, British, Italian, Australian, and Canadian interests. A recent mi2g report speculates that French and Russian targets are absent from the list because they took different views regarding the US invasion.
Mi2g executive chairman D.K. Matai, perhaps the most widely quoted expert on cyber-terror and anti-Western hacking from Islamic sources, says the Islamic hacking groups his company studies are increasingly mounting transnational joint attacks against US-allied economic targets. Even as the overall number of attacks has declined, he says, their sophistication has been rising.
"They are increasingly going underground," Matai says. "It is only a matter of time before serious damage to Western critical economic infrastructure is inflicted."
Matai says hackers have targeted companies listed on various stock exchanges and have stolen credit-card numbers to sell on the black market, brought services down, or caused a business interruption, which means loss of revenue. He says they also grab hold of personnel data and use them to carry out other kinds of criminal activity. Often, he says, this is done with organized criminal syndicates.
"Extremism requires cash and funding," Matai says. "In order to fund extremist activity in a tight global financial regime that makes it difficult to move money through the legitimate financial system, working with organized crime syndicates is becoming more appealing [to terrorists]."
Some experts discount Matai's claims, and say the only traceable activity so far has been "proof of concept" attacks, that is, attacks designed to show that something serious can be done.
The Washington Post reported recently on a major hacker attack on US university computers that disrupted TeraGrid, a National Science Foundation-funded computer network that forecasts weather and works on genome sequencing, and Argonne National Laboratory, a US Energy Department site. The Post said as many as 20 institutions were targeted. Pete Beckman, Argonne's engineering director, told the Post the attackers tried to do little more than see how much access they could get.
Steven Goldsby, president of Integrated Computer Solutions Inc. in Montgomery, Alabama, says attacks such as those, along with numerous recent Internet "worms" and viruses, are tests to see if a certain disruptive activity can be conducted on-line. Worms could take over and create "zombie" host computers that could perpetrate a major attack, he says.
"We've gotten new defenses across the Internet, but as you've seen with worms, there is still a lot of threat out there," Goldsby says. "These proofs of concept have caused no real damage but are a harbinger of things to come. We haven't seen the attack yet. The scary thing is we haven't even seen the tip of the iceberg."
SO-CALLED "denial of service" attacks designed to slow, clog, or shut down electronic communications systems were launched on Israeli Web sites and Internet providers in the early days of the Palestinian uprising in 2000. Most of the systems attacked have been "hardened" since, and many experts designate such "hacktivism" as little more than a nuisance.
In fact, some activists claim the entire dialogue surrounding the issue of cyber-terror has been hyped out of proportion to the real threat, as a way to erode civil liberties, particularly in the United States.
George Smith, a Village Voice writer and analyst at Global Security.org, a Washington defense and technology think tank, has been one of the leading critics of cyber-terror talk.
"The old-fashioned violence of September 11, delivering death by fire and desolation, suddenly made the idea of stealing Saddam Hussein's e-mail or drowning his regime in spam seem silly, indeed," Smith has written. "The endless flood of spam in behalf of Viagra, penis enlargement and breast enhancement can make you want to kill somebody, but spam is only potted scam, after all."
Smith was a major critic of retired US general Richard Clarke, who was president Bill Clinton's anti-cyber-terror director.
Clarke "bequeathed the nation a haystack of quotes leading idiots to believe terrorists were going to devastate us through computer networks," Smith wrote.
Gary R. Bunt, author of Islam in the Digital Age: E-Jihad, Online Fatwas and Cyber Islamic Environments, says he is cautious about scare stories associated with the Internet.
"That doesn't mean to say that a major disruptive event could not be undertaken by Islamic platforms," says Bunt, a lecturer in the Theology, Religious Studies and Islamic Studies Department at the University of Wales. "I would not be surprised if hackers [Muslim and other] are not testing networks of these interests, for a variety of motives. There has been the suggestion that al-Qaida operatives have been extensively trained in hacking/cracking activities, which go beyond simple disruption."
US President George W. Bush has proposed funding the Department of Homeland Security's National Cyber Security Division with an $80 million budget.
"Cyberspace security is a key element of infrastructure protection, because the Internet and other computer systems link many infrastructure sectors," says a White House analysis released with the fiscal 2005 US budget proposal. "The consequences of a cyber attack could cascade across the economy, imperiling public safety and national security."
THE PROBLEM is being recognized worldwide. Adam Cobb, a former Australian Defense Department strategist, has said his country's information infrastructure is vulnerable to cyber attack. South Korea's state intelligence agency recently set up an anti-cyber terror center to address concerns about possible terrorist attacks on communication networks.
Israel is certainly aware of cyber-terrorism. The country is home to more than half of the world's major commercial computer security companies and technologies, according to Nissim Bar-El, chairman of Comsec Group Ltd. of Petah Tikva, a computer security consulting firm.
"We have more enemies. We are more exposed," he says. "The threat is there. The vulnerability is quite there. I do not see any obstacle to a group of scientists in Teheran University getting money to attack Israel. There is no obstacle for al-Qaida or some others to find the right people."
Matai says Islamic hackers try to attack Israeli targets all the time. But he says domestic security measures are working.
"The number of attempts is at an all-time high, but the number of such penetrations, whether overt or covert, is at an all-time low," he says.
Matai says his company is in direct contact with hackers by tracing their work, and even posing as hackers on hacker computer bulletin boards. That's how he says his firm has identified the hackers' goals.
The biggest common complaint from hackers is the double standard surrounding Israel's nuclear deterrent and that it is not called a rogue state, while it is seen as improper for Islamic countries to have weapons of mass destruction, he says. Matai says such groups also are seeking to vandalize government sites belonging to Saudi Arabia and Morocco, because they are aligned with American foreign-policy interests.
Israel's response, beyond individual corporate or government agency efforts to improve their cyber defenses, has been to create a government commission to study cyber-security and defense. Bar-El says the government must work with private industry to protect the country's information infrastructure.
A SECOND area of cyber-terror is the attempt to do damage to the physical infrastructure by getting into computer systems. Such attacks could be aimed at shutting down the system that controls Tel Aviv traffic lights, Hoover Dam in the US, or a nuclear power plant. Despite scare stories of such possibilities, there is little documented evidence of such attacks having occurred. Experts say such an attack could also be coupled with a physical attack, so as to hinder rescue or counterattack efforts.
The Washington Post reported in 2002 that US intelligence services had monitored al-Qaida terrorists snooping around in the computer systems of dams, power plants, and other facilities.
Three recent power outages within a week at Los Angeles International Airport have raised some concerns. One of the power outages affected 100 flights and caused two planes to fly within six kilometers of each other, closer than US regulations allow. Two of the outages were attributed to birds landing on power lines, and a malfunctioning transformer apparently caused the third.
Dr. Abe Wagner of System Research & Development Corp., a US government-funded entity, says terrorists have "infinite access" to a great deal of information on the Internet. "The advantage is going to terrorists," he told an audience at a recent conference at Tel Aviv University on combating cyber-terror. "The 9/11 terrorists looked at information on their targets on-line. There is very little government and security agencies can do."
THE AREA perhaps causing the most concern is the use terrorists make of the Internet itself to spread propaganda, recruit supporters and other terrorists, learn about selected targets, transmit information, such as how to manufacture bombs, and to communicate with each other about upcoming and planned terror attacks.
A Saudi graduate student at the University of Idaho working on his doctorate in computer science went on trial in a US federal court in April after being accused of setting up Web sites to help Islamic militants recruit followers, Associated Press reported. Sami Omar Al-Hussayen was charged with three counts of aiding terrorism, visa fraud, and making false statements. He allegedly helped run Web sites that supported Hamas and other terror groups, and maintained bank accounts to funnel cash to another group with terrorist connections, AP reported.
Yael Shahar, who tracks cyber-terror at the International Policy Institute for Counter-Terrorism at the Interdisciplinary Center of Herzliya, says terrorists are outgrowing the need for state sponsors.
"The Internet allows them to be spread out geographically and maintain a coherent ideology," she says. "It becomes a leaderless resistance where you don't need hierarchy, and infiltrating a group without a hierarchy is more difficult."
Shahar says al-Qaida puts its ideology on a Web site to recruit new members, and also posts instructions on how to conduct an attack. Similarly, she says, terrorists keep in touch by using Internet cafes, where contact is anonymous, and posting information on Web forums.
Al-Qaida claims car bombs are being smuggled into Iraq from Syria in used cars, she says. "They are talking freely about it in Arabic on Web sites. But you have to be a member of a group affiliated with it for a while to get in. They change their IP addresses frequently, and have been known to hijack other people's sites - take their sites offline and put an al-Qaida site in its place."
An extremist Islamic group took over last year, according to AP, an Internet bulletin board run by an Alaska high-school student and used it to call for attacks on the US. More than 1,000 people used the portal before the group fled to another server. The Islamic group had been moving its Wedsite regularly for at least a year.
SECURITY EXPERTS say the US government has been hampered in its efforts to monitor and track terror conversations and data transfers on the Internet by privacy concerns. Last year, the US Senate pulled funding from the Pentagon's anti-terror data-mining project, which was first labeled the Total Information Awareness project and then renamed Terrorism Information Awareness. The matter came to widespread public awareness after a column by William Safire in The New York Times.
The project was intended to "mine data" by searching everything from credit cards and medical records, to travel information, e-mail, bank deposits, and even magazine subscriptions, to uncover suspected terrorists. The fact that the program was run by Admiral John Poindexter, a key figure in the 1980s Iran-contra affair, who had moved to the Pentagon's Defense Advanced Research Projects Agency, didn't help.
Recently, two Democratic senators introduced a bill to require all federal agencies to report to Congress about their use of data-mining technology.
"The American people deserve to know what kind of information is gathered about them and how federal agencies intend to store and use it," the senators wrote in a letter seeking support for their effort.
A new effort at tracking terrorists' use of US air travel, an updated version of Washington's Computer Assisted Passenger Prescreening System, is also under attack from civil libertarians. The program, announced last year, would create a new passenger-screening database that would be able to check every domestic US traveler's credit history, arrest record, and property-tax data.
If such privacy concerns are resolved, it may be nerdy mathematicians and computer scientists who have as much to do with victory in the War on Terror as conventional warriors. Perhaps in response to the shutdown of Terror Information Awareness, the US is quietly funding research in Israel designed to detect terrorist use of the Internet.
Mark Last of Ben-Gurion University of the Negev told the recent Tel Aviv cyber-terror conference that research is under way to predict future activities and targets by searching Web pages, e-mails and other on-line data. The challenge is the vast amount of unstructured data on the Internet, he says.
"What is needed is real-time detection of on-line activities," Last says.
Among other programs under way, Menahem Friedman of the Nuclear Research Center of the Negev is developing at Ben-Gurion mathematical models to locate specific terrorists doing their terrorist activities. The National Institute for Systems Test and Productivity, a US government-funded research institute, operated by the University of South Florida, is financing the research.
"The research should enable us to detect any document downloaded from the Internet and at the same time, evaluate whether the document could be a terrorist's with 100 percent accuracy," Friedman says. "We have discovered that at certain computers, 80 percent of the documents downloaded were terrorist documents."
He says defining a terrorist document is based on a complex combination of artificial intelligence, pattern recognition, and numerical analysis. But the project is not yet complete, and can currently only detect downloads, not e-mails or other forms of on-line communications.
Until more sophisticated tools are invented, it seems terrorists will continue to have free rein on the Internet. "There is a whole subculture on-line," says Cooper. "It's anarchists in the 21st century."
Two can play this game
Anti-Israel hacking groups are not the only ones on the offensive, says Yael Shahar, who tracks cyber-terror at the International Policy Institute for Counter-Terrorism at The Interdisciplinary Center of Herzliya.
"You could even say we started it," Shahar says.
She says she received e-mails on the day before three IDF soldiers were kidnapped on the Lebanese border in 2000 instructing people on how to take down Hizbullah's Web site with a "denial of service" attack, which requires a lot of people to go to a site and launch DOS tools.
"And that happened before major attacks on our systems," she says. "I can't say that started attacks, but Israeli attacks on the Hizbullah site preceded others. We didn't cause it, but the phenomenon goes both ways."
Hackers blocked attempts by Arab television station al-Jazeera to start an English-language Web site for months last year.
Associated Press reported in February that a Palestinian terrorist group accused American and Israeli groups of hacking its Web site. Islamic Jihad said the unidentified groups had destroyed the site to shut down Palestinian points of view.
AP reported that a statement faxed to its Beirut office said: "In an attempt aimed at silencing the Palestinian voice - which speaks for the resistance and defends the Palestinian people's right - hostile and malevolent Zionist and American quarters have struck the official Web site of Al Quds Brigades, the military wing of the Islamic Jihad movement."
The statement said the February hacker attack was not the first time its site had been attacked.
The encoded message
One technology that terrorists have appropriated is known as "steganography," the art of embedding coded information in anything from photographs to MP3 sound files.
These digital files, which can then be transmitted openly over the Internet, can be "read" by someone at the receiving end using the same program that created them. There is only a limited ability to crack such files.
"It's the kind of spy craft terrorists would have learned from state sponsors," says Yael Shahar, who tracks cyber-terror at the International Policy Institute for Counter-Terrorism at The Interdisciplinary Center of Herzliya. "But they don't need that now."
Steganography works by replacing bits of useless or unused data in regular computer files (such as graphics, sound, text, HTML, or even floppy disks) with bits of different, invisible information, according to the Web site webopedia. Such hidden information can be text, encoded text, or even images.
Steganography cannot easily be detected, webopedia says. Therefore, it often may be used when encryption is not possible. According to webopedia, an encrypted file may hide information using steganography, so the hidden message cannot be found even if the encrypted file is deciphered.
It is easy to find steganography software on the Internet. Free software is available at many download sites. Software designed to crack messages hidden through steganography also proliferates online.
According to numerous sources, steganography, which means "covered writing," dates back to ancient Greece. Practices then included etching messages in wooden tablets and covering them with wax, or tattooing a message on a messenger's shaved head, letting his hair grow back, then shaving it again when he arrived at his contact point. The method is known in classical thriller fiction as the "purloined letter."
According to a 2002 report in Foreign Policy magazine, terrorists who had planned to blow up the US Embassy in Paris reportedly used steganography. At latest count, 140 easy-to-use steganography tools were available on the Internet.
Wired magazine reported in February 2001, before the 9/11 attacks, that federal investigators were worried about Osama Bin Laden's use of steganography to encode messages to followers.
© Copyright 2004, The Jerusalem Post