[Mb-civic] CYBERWARFARE: Terrorist 007, Exposed - Rita Katz and Michael Kern - Washington Post Sunday Outlook

[William Swiggard]

Terrorist 007, Exposed
<>
By Rita Katz and Michael Kern
The Washington Post - Sunday Outlook
Sunday, March 26, 2006; B01

For almost two years, intelligence services around the world tried to 
uncover the identity of an Internet hacker who had become a key conduit 
for al-Qaeda. The savvy, English-speaking, presumably young webmaster 
taunted his pursuers, calling himself Irhabi -- Terrorist -- 007. He 
hacked into American university computers, propagandized for the Iraq 
insurgents led by Abu Musab al-Zarqawi and taught other online jihadists 
how to wield their computers for the cause.

Suddenly last fall, Irhabi 007 disappeared from the message boards. The 
postings ended after Scotland Yard arrested a 22-year-old West Londoner, 
Younis Tsouli, suspected of participating in an alleged bomb plot. In 
November, British authorities brought a range of charges against him 
related to that plot. Only later, according to our sources familiar with 
the British probe, was Tsouli's other suspected identity revealed. 
British investigators eventually confirmed to us that they believe he is 
Irhabi 007.

The unwitting end of the hunt comes at a time when al-Qaeda sympathizers 
like Irhabi 007 are making explosive new use of the Internet. Countless 
Web sites and password-protected forums -- most of which have sprung up 
in the last several years -- now cater to would-be jihadists like Irhabi 
007. The terrorists who congregate in those cybercommunities are rapidly 
becoming skilled in hacking, programming, executing online attacks and 
mastering digital and media design -- and Irhabi was a master of all 
those arts.

But the manner of his arrest demonstrates how challenging it is to 
combat such online activities and to prevent others from following 
Irhabi's example: After pursuing an investigation into a European 
terrorism suspect, British investigators raided Tsouli's house, where 
they found stolen credit card information, according to an American 
source familiar with the probe. Looking further, they found that the 
cards were used to pay American Internet providers on whose servers he 
had posted jihadi propaganda. Only then did investigators come to 
believe that they had netted the infamous hacker. And that element of 
luck is a problem. The Internet has presented investigators with an 
extraordinary challenge. But our future security is going to depend 
increasingly on identifying and catching the shadowy figures who exist 
primarily in the elusive online world.

The short career of Irhabi 007 offers a case study in the evolving 
nature of the threat that we at the SITE Institute track every day by 
monitoring and then joining the password-protected forums and 
communicating with the online jihadi community. Celebrated for his 
computer expertise, Irhabi 007 had propelled the jihadists into a 
21st-century offensive through his ability to covertly and securely 
disseminate manuals of weaponry, videos of insurgent feats such as 
beheadings and other inflammatory material. It is by analyzing the trail 
of information left by such postings that we are able to distinguish the 
patterns of communication used by individual terrorists.

Irhabi's success stemmed from a combination of skill and timing. In 
early 2004, he joined the password-protected message forum known as 
Muntada al-Ansar al-Islami (Islam Supporters Forum) and, soon after, 
al-Ekhlas (Sincerity) -- two of the password-protected forums with 
thousands of members that al-Qaeda had been using for military 
instructions, propaganda and recruitment. (These two forums have since 
been taken down.) This was around the time that Zarqawi began using the 
Internet as his primary means of disseminating propaganda for his 
insurgency in Iraq. Zarqawi needed computer-savvy associates, and Irhabi 
proved to be a standout among the volunteers, many of whom were based in 
Europe.

Irhabi's central role became apparent to outsiders in April of that 
year, when Zarqawi's group, later renamed al-Qaeda in Iraq, began 
releasing its communiqués through its official spokesman, Abu Maysara 
al-Iraqi, on the Ansar forum. In his first posting, al-Iraqi wrote in 
Arabic about "the good news" that "a group of proud and brave men" 
intended to "strike the economic interests of the countries of blasphemy 
and atheism, that came to raise the banner of the Cross in the country 
of the Muslims."

At the time, some doubted that posting's authenticity, but Irhabi, who 
was the first to post a response, offered words of support. Before long, 
al-Iraqi answered in like fashion, establishing their relationship -- 
and Irhabi's central role.

Over the following year and a half, Irhabi established himself as the 
top jihadi expert on all things Internet-related. He became a very 
active member of many jihadi forums in Arabic and English. He worked on 
both defeating and enhancing online security, linking to multimedia and 
providing online seminars on the use of the Internet. He seemed to be 
online night and day, ready to answer questions about how to post a 
video, for example -- and often willing to take over and do the posting 
himself. Irhabi focused on hacking into Web sites as well as educating 
Internet surfers in the secrets to anonymous browsing.

In one instance, Irhabi posted a 20-page message titled "Seminar on 
Hacking Websites," to the Ekhlas forum. It provided detailed information 
on the art of hacking, listing dozens of vulnerable Web sites to which 
one could upload shared media. Irhabi used this strategy himself, 
uploading data to a Web site run by the state of Arkansas, and then to 
another run by George Washington University. This stunt led many experts 
to believe -- erroneously -- that Irhabi was based in the United States.

Irhabi used countless other Web sites as free hosts for material that 
the jihadists needed to upload and share. In addition to these sites, 
Irhabi provided techniques for discovering server vulnerabilities, in 
the event that his suggested sites became secure. In this way, jihadists 
could use third-party hosts to disseminate propaganda so that they did 
not have to risk using their own web space and, more importantly, their 
own money.

As he provided seemingly limitless space captured from vulnerable 
servers throughout the Internet, Irhabi was celebrated by his online 
followers. A mark of that appreciation was the following memorandum of 
praise offered by a member of Ansar in August 2004:

"To Our Brother Irhabi 007. Our brother Irhabi 007, you have shown very 
good efforts in serving this message board, as I can see, and in serving 
jihad for the sake of God. By God, we do not like to hear what hurts 
you, so we ask God to keep you in his care.

You are one of the top people who care about serving your brothers. May 
God add all of that on the side of your good work, and may you go 
careful and successful.

We say carry on with God's blessing.

Carry on, may God protect you.

Carry on serving jihad and its supporters.

And I ask the mighty, gracious and merciful God to keep for us everyone 
who wants to support his faith.

Amen."

Irhabi's hacking ability was useful not only in the exchange of media, 
but also in the distribution of large-scale al-Qaeda productions. In one 
instance, a film produced by Zarqawi's al-Qaeda, titled "All Is for 
Allah's Religion," was distributed from a page at www.alaflam.net/wdkl .

The links, uploaded in June 2005, provided numerous outlets where 
visitors could find the video. In the event that one of the sites was 
disabled, many other sources were available as backups. Several were 
based on domains such as www.irhabi007.ca or www.irhabi007.tv , 
indicating a strong involvement by Irhabi himself. The film, a major 
release by al-Qaeda in Iraq, showed many of the insurgents' recent 
exploits compiled with footage of Osama bin Laden, commentary on the Abu 
Ghraib prison, and political statements about the rule of then-Iraqi 
Interim Prime Minister Ayad Allawi.

Tsouli has been charged with eight offenses including conspiracy to 
murder, conspiracy to cause an explosion, conspiracy to cause a public 
nuisance, conspiracy to obtain money by deception and offences relating 
to the possession of articles for terrorist purposes and fundraising. So 
far there are no charges directly related to his alleged activities as 
Irhabi on the Internet, but given the charges already mounted against 
him, it will probably be a long time before the 22-year-old is able to 
go online again.

But Irhabi's absence from the Internet may not be as noticeable as many 
hope. Indeed, the hacker had anticipated his own disappearance. In the 
months beforehand, Irhabi released his will on the Internet. In it, he 
provided links to help visitors with their own Internet security and 
hacking skills in the event of his absence -- a rubric for jihadists 
seeking the means to continue to serve their nefarious ends. Irhabi may 
have been caught, but his online legacy may be the creation of many 
thousands of 007s.

feedback at siteinstitute.org <mailto:feedback at siteinstitute.org>

Rita Katz is the author of "Terrorist Hunter" (HarperCollins) and the 
director of the SITE Institute, which is dedicated to the "search for 
international terrorist entities." Michael Kern is a senior analyst with 
the institute.

http://www.washingtonpost.com/wp-dyn/content/article/2006/03/25/AR2006032500020.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.islandlists.com/pipermail/mb-civic/attachments/20060326/59051349/attachment.htm