[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[infowar.de] zur elektronischen Überwachung von Al Qaeda
"Al Qaeda ist gehackt worden" scheint allerdings doch ein wenig
MARCH 12, 2002
By Alex Salkever
Hacking al Qaeda's Secrets
You read it here first: Al Qaeda has been hacked. That's right.
Hacked. Compromised. Cracked.
Why am I sure of this? No, I don't have any sources divulging
top-secret intelligence. But the string of attacks that police and
intelligence agencies have averted since September 11 tells a
interesting tale. From seizing a bomb-materials cache in Belgium to
uncovering a possible plot to gas the U.S. Embassy in Rome with deadly
cyanide, the success in thwarting threats has been truly breathtaking.
Considering the difficulties in getting agents on the ground inside
small terrorist cells that function within tight-knit militant Islamic
communities, the likely alternative is that al Qaeda has been hacked
Other signs point the same way. First, for all their vaunted
organizational skills, the terrorists appear to be less than
sophisticated in the art of concealing their cells and its members.
Second, the technological intelligence-gathering capabilities of the
National Security Agency and other state-sponsored hackers are
probably better than they get credit for. Third, even small amounts of
information can tell a huge amount about an organization's strategy
After the horror of September 11, pundits couldn't stop talking about
how sophisticated the World Trade Center attack was -- Osama bin Laden
turning jumbo passenger jets into weapons of mass destruction. While
the al Qaeda terrorists pulled off an operation that was more complex
than anyone could have imagined, they've also proven to be anything
but technologically savvy.
BOND WOULD BLANCH. The World Trade Center assailants thought they
were anonymous when they used public Internet terminals. They sent
clear-text messages when most e-mail services, such as Yahoo! and
HotMail, offer free heavy-duty encryption of messages. One of the
alleged terrorist organizers, caught in Milan last April, coughed up
an address book full of cell-phone numbers and e-mail addresses -- not
exactly text-book spycraft.
Bin Laden himself took a very long time to realize that not only are
cell-phone communications easy to track but they're also simple to
crack. "These are the same guys who only stopped using cell phones to
coordinate their activities when CNN outed them on TV. Security
experts these guys are not," says Marcus Ranum, chief technology
officer at Network Flight Recorder, a maker of computer-intrusion
detection systems. Ranum is a computer-security expert who has watched
over networks for the White House.
Then, there's the underestimated technological prowess of spy
organizations. Although it keeps by far the lowest profile of all the
intelligence agencies in the U.S., if not the world, the NSA remains a
potent force. Its key weapon is a system called Echelon, a shadowy
network of so-called "sniffer" devices that sit astride the global
Internet's handful of key choke points. Perhaps as much as 90% of all
Internet traffic passes through these sniffers, some sources with
knowledge of the system think. The devices are connected to computer
systems that look through communications, seeking tip-offs such as
word associations -- bomb and Bush in the same e-mail, for example.
AN IP STAKEOUT. This might sound simplistic. But according to Ranum
and others, the systems are far more potent than commercial programs
that perform similar tasks. In part, that's because they can narrow
down the type of data they're looking for by geography or location. In
response to September 11, Internet security consultancy iDefense
published a listing of all the IP address ranges for 80 countries
around the globe. An IP address is a unique numerical identity -- a
different one is attached to every device on the Internet.
So techno-spies could, theoretically, target IP addresses more likely
associated with terrorists, and then zero in on those areas for
intense snooping. That could mean IP addresses at a specific cybercafe
in a neighborhood where suspected al Qaeda operatives live. Or it
could mean even an entire country, if Internet penetration remains
relatively low. "Pakistan, in the world of the Internet, only has 55
IP address ranges registered to itself. We are talking about an
extremely small pond compared to the ocean of the Internet," explains
Michael Cheek, iDefense's director of intelligence.
Finally, a little information can actually go a long way, thanks to an
exotic intelligence discipline dubbed traffic analysis. This is the
science of deciphering the structure and purpose of an organization
without understanding anything that members of the organization say to
each other. It's an art, really. NFR's Ranum explains that if an
e-mail goes from one address to another and then 50 e-mail messages
subsequently come out from the second e-mail, that means a leader has
likely issued a command to a so-called reflector. Thus, watchers have
ascertained a key piece of information about the organization.
SIMPLE COOPERATION. Of course, traffic analysis is tough to execute
if the organizational network isn't known or all that obvious. But
that's no longer the case with al Qaeda. In the first week in March,
U.S. intelligence officials warned that intercepted e-mail traffic
indicated that al Qaeda was regrouping. Due to the inherent
connectivity of the Net, identifying a single e-mail address belonging
to a group member can quickly reveal large chunks of information about
the terrorist network.
Tracing this information requires nothing more than cooperation from
Internet service providers. At the very least, most ISPs log several
months worth of e-mail traffic (though usually not the content). "The
NSA is the worldwide god of traffic analysis. Just based on the
fan-out of subsequent e-mail, you can make a guess at who is whom,"
I'm not saying that hacking al Qaeda will be a slam dunk. Terrorists
have plenty of ways to confuse authorities. While using strong
encryption might raise a red flag with the NSA, that's not the only
way to evade detection. A cell member in Pakistan might dial out to an
ISP in India over the public phone network, explains Bill Stearns, a
senior research engineer at Dartmouth's Institute for Security
Technology Studies. And in many parts of the world where the U.S.
government is not viewed as a friendly entity, the cooperation of ISPs
and telecom companies isn't a given.
Yes, the war against terrorism may have just begun, even though it's
now six months since the World Trade Center and Pentagon attacks. But
just as on the battlefield, the U.S. government has technological
superiority online, too. Like the attack on al Qaeda holdouts in the
mountains of Afghanistan, the hack is on, and it appears to be making
great strides at lifting the veil on al Qaeda.
Mail an infowar -
- infopeace -
de mit "unsubscribe" im Text.