Suche innerhalb des Archivs / Search the Archive All words Any words

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[] Hacking al Qaeda's Secrets,
Schon etwas älter aber dennoch interessant

MARCH 12, 2002 

By Alex Salkever

Hacking al Qaeda's Secrets

The odds are growing that Uncle Sam's cybersnoops are outgunning the terrorist 
group online as the military is on the battleground
You read it here first: Al Qaeda has been hacked. That's right. Hacked. 
Compromised. Cracked.

Why am I sure of this? No, I don't have any sources divulging top-secret intelligence. 
But the string of attacks that police and intelligence agencies have averted since 
September 11 tells a interesting tale. From seizing a bomb-materials cache in 
Belgium to uncovering a possible plot to gas the U.S. Embassy in Rome with deadly 
cyanide, the success in thwarting threats has been truly breathtaking. Considering the 
difficulties in getting agents on the ground inside small terrorist cells that function 
within tight-knit militant Islamic communities, the likely alternative is that al Qaeda has 
been hacked quite nicely.

Other signs point the same way. First, for all their vaunted organizational skills, the 
terrorists appear to be less than sophisticated in the art of concealing their cells and 
its members. Second, the technological intelligence-gathering capabilities of the 
National Security Agency and other state-sponsored hackers are probably better than 
they get credit for. Third, even small amounts of information can tell a huge amount 
about an organization's strategy and movements.

After the horror of September 11, pundits couldn't stop talking about how 
sophisticated the World Trade Center attack was -- Osama bin Laden turning jumbo 
passenger jets into weapons of mass destruction. While the al Qaeda terrorists 
pulled off an operation that was more complex than anyone could have imagined, 
they've also proven to be anything but technologically savvy.

BOND WOULD BLANCH. The World Trade Center assailants thought they were 
anonymous when they used public Internet terminals. They sent clear-text messages 
when most e-mail services, such as Yahoo! and HotMail, offer free heavy-duty 
encryption of messages. One of the alleged terrorist organizers, caught in Milan last 
April, coughed up an address book full of cell-phone numbers and e-mail addresses -
- not exactly text-book spycraft.

Bin Laden himself took a very long time to realize that not only are cell-phone 
communications easy to track but they're also simple to crack. "These are the same 
guys who only stopped using cell phones to coordinate their activities when CNN 
outed them on TV. Security experts these guys are not," says Marcus Ranum, chief 
technology officer at Network Flight Recorder, a maker of computer-intrusion 
detection systems. Ranum is a computer-security expert who has watched over 
networks for the White House.

Then, there's the underestimated technological prowess of spy organizations. 
Although it keeps by far the lowest profile of all the intelligence agencies in the U.S., if 
not the world, the NSA remains a potent force. Its key weapon is a system called 
Echelon, a shadowy network of so-called "sniffer" devices that sit astride the global 
Internet's handful of key choke points. Perhaps as much as 90% of all Internet traffic 
passes through these sniffers, some sources with knowledge of the system think. 
The devices are connected to computer systems that look through communications, 
seeking tip-offs such as word associations -- bomb and Bush in the same e-mail, for 

AN IP STAKEOUT. This might sound simplistic. But according to Ranum and others, 
the systems are far more potent than commercial programs that perform similar 
tasks. In part, that's because they can narrow down the type of data they're looking 
for by geography or location. In response to September 11, Internet security 
consultancy iDefense published a listing of all the IP address ranges for 80 countries 
around the globe. An IP address is a unique numerical identity -- a different one is 
attached to every device on the Internet.

So techno-spies could, theoretically, target IP addresses more likely associated with 
terrorists, and then zero in on those areas for intense snooping. That could mean IP 
addresses at a specific cybercafe in a neighborhood where suspected al Qaeda 
operatives live. Or it could mean even an entire country, if Internet penetration 
remains relatively low. "Pakistan, in the world of the Internet, only has 55 IP address 
ranges registered to itself. We are talking about an extremely small pond compared 
to the ocean of the Internet," explains Michael Cheek, iDefense's director of 

Finally, a little information can actually go a long way, thanks to an exotic intelligence 
discipline dubbed traffic analysis. This is the science of deciphering the structure and 
purpose of an organization without understanding anything that members of the 
organization say to each other. It's an art, really. NFR's Ranum explains that if an e-
mail goes from one address to another and then 50 e-mail messages subsequently 
come out from the second e-mail, that means a leader has likely issued a command 
to a so-called reflector. Thus, watchers have ascertained a key piece of information 
about the organization.

SIMPLE COOPERATION. Of course, traffic analysis is tough to execute if the 
organizational network isn't known or all that obvious. But that's no longer the case 
with al Qaeda. In the first week in March, U.S. intelligence officials warned that 
intercepted e-mail traffic indicated that al Qaeda was regrouping. Due to the inherent 
connectivity of the Net, identifying a single e-mail address belonging to a group 
member can quickly reveal large chunks of information about the terrorist network.

Tracing this information requires nothing more than cooperation from Internet service 
providers. At the very least, most ISPs log several months worth of e-mail traffic 
(though usually not the content). "The NSA is the worldwide god of traffic analysis. 
Just based on the fan-out of subsequent e-mail, you can make a guess at who is 
whom," says Ranum.

I'm not saying that hacking al Qaeda will be a slam dunk. Terrorists have plenty of 
ways to confuse authorities. While using strong encryption might raise a red flag with 
the NSA, that's not the only way to evade detection. A cell member in Pakistan might 
dial out to an ISP in India over the public phone network, explains Bill Stearns, a 
senior research engineer at Dartmouth's Institute for Security Technology Studies. 
And in many parts of the world where the U.S. government is not viewed as a friendly 
entity, the cooperation of ISPs and telecom companies isn't a given.

Yes, the war against terrorism may have just begun, even though it's now six months 
since the World Trade Center and Pentagon attacks. But just as on the battlefield, the 
U.S. government has technological superiority online, too. Like the attack on al 
Qaeda holdouts in the mountains of Afghanistan, the hack is on, and it appears to be 
making great strides at lifting the veil on al Qaeda.

Marcus Heitmann
European Institute for IT-Security (EURUBITS)
Ruhr-University Bochum
IC 4/44
Universitaetsstrasse 150
44780 Bochum

Tel +49 (0)234 - 32 - 261 82
Fax +49 (0)234 - 32 -143 89
Mob +49 (0)175 - 520 605 9


Liste verlassen: 
Mail an infowar -
 de-request -!
- infopeace -
 de mit "unsubscribe" im Text.