[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[infowar.de] Hacking al Qaeda's Secrets
Schon etwas älter aber dennoch interessant
MARCH 12, 2002
By Alex Salkever
Hacking al Qaeda's Secrets
The odds are growing that Uncle Sam's cybersnoops are outgunning the terrorist
group online as the military is on the battleground
You read it here first: Al Qaeda has been hacked. That's right. Hacked.
Why am I sure of this? No, I don't have any sources divulging top-secret intelligence.
But the string of attacks that police and intelligence agencies have averted since
September 11 tells a interesting tale. From seizing a bomb-materials cache in
Belgium to uncovering a possible plot to gas the U.S. Embassy in Rome with deadly
cyanide, the success in thwarting threats has been truly breathtaking. Considering the
difficulties in getting agents on the ground inside small terrorist cells that function
within tight-knit militant Islamic communities, the likely alternative is that al Qaeda has
been hacked quite nicely.
Other signs point the same way. First, for all their vaunted organizational skills, the
terrorists appear to be less than sophisticated in the art of concealing their cells and
its members. Second, the technological intelligence-gathering capabilities of the
National Security Agency and other state-sponsored hackers are probably better than
they get credit for. Third, even small amounts of information can tell a huge amount
about an organization's strategy and movements.
After the horror of September 11, pundits couldn't stop talking about how
sophisticated the World Trade Center attack was -- Osama bin Laden turning jumbo
passenger jets into weapons of mass destruction. While the al Qaeda terrorists
pulled off an operation that was more complex than anyone could have imagined,
they've also proven to be anything but technologically savvy.
BOND WOULD BLANCH. The World Trade Center assailants thought they were
anonymous when they used public Internet terminals. They sent clear-text messages
when most e-mail services, such as Yahoo! and HotMail, offer free heavy-duty
encryption of messages. One of the alleged terrorist organizers, caught in Milan last
April, coughed up an address book full of cell-phone numbers and e-mail addresses -
- not exactly text-book spycraft.
Bin Laden himself took a very long time to realize that not only are cell-phone
communications easy to track but they're also simple to crack. "These are the same
guys who only stopped using cell phones to coordinate their activities when CNN
outed them on TV. Security experts these guys are not," says Marcus Ranum, chief
technology officer at Network Flight Recorder, a maker of computer-intrusion
detection systems. Ranum is a computer-security expert who has watched over
networks for the White House.
Then, there's the underestimated technological prowess of spy organizations.
Although it keeps by far the lowest profile of all the intelligence agencies in the U.S., if
not the world, the NSA remains a potent force. Its key weapon is a system called
Echelon, a shadowy network of so-called "sniffer" devices that sit astride the global
Internet's handful of key choke points. Perhaps as much as 90% of all Internet traffic
passes through these sniffers, some sources with knowledge of the system think.
The devices are connected to computer systems that look through communications,
seeking tip-offs such as word associations -- bomb and Bush in the same e-mail, for
AN IP STAKEOUT. This might sound simplistic. But according to Ranum and others,
the systems are far more potent than commercial programs that perform similar
tasks. In part, that's because they can narrow down the type of data they're looking
for by geography or location. In response to September 11, Internet security
consultancy iDefense published a listing of all the IP address ranges for 80 countries
around the globe. An IP address is a unique numerical identity -- a different one is
attached to every device on the Internet.
So techno-spies could, theoretically, target IP addresses more likely associated with
terrorists, and then zero in on those areas for intense snooping. That could mean IP
addresses at a specific cybercafe in a neighborhood where suspected al Qaeda
operatives live. Or it could mean even an entire country, if Internet penetration
remains relatively low. "Pakistan, in the world of the Internet, only has 55 IP address
ranges registered to itself. We are talking about an extremely small pond compared
to the ocean of the Internet," explains Michael Cheek, iDefense's director of
Finally, a little information can actually go a long way, thanks to an exotic intelligence
discipline dubbed traffic analysis. This is the science of deciphering the structure and
purpose of an organization without understanding anything that members of the
organization say to each other. It's an art, really. NFR's Ranum explains that if an e-
mail goes from one address to another and then 50 e-mail messages subsequently
come out from the second e-mail, that means a leader has likely issued a command
to a so-called reflector. Thus, watchers have ascertained a key piece of information
about the organization.
SIMPLE COOPERATION. Of course, traffic analysis is tough to execute if the
organizational network isn't known or all that obvious. But that's no longer the case
with al Qaeda. In the first week in March, U.S. intelligence officials warned that
intercepted e-mail traffic indicated that al Qaeda was regrouping. Due to the inherent
connectivity of the Net, identifying a single e-mail address belonging to a group
member can quickly reveal large chunks of information about the terrorist network.
Tracing this information requires nothing more than cooperation from Internet service
providers. At the very least, most ISPs log several months worth of e-mail traffic
(though usually not the content). "The NSA is the worldwide god of traffic analysis.
Just based on the fan-out of subsequent e-mail, you can make a guess at who is
whom," says Ranum.
I'm not saying that hacking al Qaeda will be a slam dunk. Terrorists have plenty of
ways to confuse authorities. While using strong encryption might raise a red flag with
the NSA, that's not the only way to evade detection. A cell member in Pakistan might
dial out to an ISP in India over the public phone network, explains Bill Stearns, a
senior research engineer at Dartmouth's Institute for Security Technology Studies.
And in many parts of the world where the U.S. government is not viewed as a friendly
entity, the cooperation of ISPs and telecom companies isn't a given.
Yes, the war against terrorism may have just begun, even though it's now six months
since the World Trade Center and Pentagon attacks. But just as on the battlefield, the
U.S. government has technological superiority online, too. Like the attack on al
Qaeda holdouts in the mountains of Afghanistan, the hack is on, and it appears to be
making great strides at lifting the veil on al Qaeda.
European Institute for IT-Security (EURUBITS)
Tel +49 (0)234 - 32 - 261 82
Fax +49 (0)234 - 32 -143 89
Mob +49 (0)175 - 520 605 9
Mail an infowar -
- infopeace -
de mit "unsubscribe" im Text.