What about Cyber Counterterrorism?
“It seems that someone is using my account and is somehow sending messages with my name... The dangerous thing in the matter is that they [those replying to what they thought was a genuine e-mail] say that I had sent them a message including a link for download, which they downloaded.”
We can all empathize with this fellow. Many of us have received similar warnings from friends or family that someone has hacked their account and to beware of suspicious messages. The difference is that the individual complaining about being hacked in this case was “Yaman Mukhadab,” a prominent poster inside Shumukh, a supposedly elite, password-protected forum for radicals. Before he sent out his warning to the forum, the group’s agenda had included assembling a “wish list” of American security industry leaders, defense officials, and other public figures for terrorists to target and kill.
Mukhadab’s cyber hardships illustrate that technology is a double-edged sword, even in the cyber realm that otherwise seems to be perfect for terrorists. Consider how much better and faster the Internet is today for terrorists wanting to communicate versus the experience of their 1800s forebears, who had to use snail mail to plan bombings. Yet, just as the mail of the past proved a liability for nineteenth-century anarchists once police learned to track them down by searching their correspondence, so too can today’s terrorists’ online activities shift from an advantage to a vulnerability.
A new debate has emerged in recent years, with some arguing that in lieu of playing a never-ending game of whack-a-mole, trying to track and then shut down all terrorist use of the Internet, it might be better to let the groups stay. “You can learn a lot from the enemy by watching them chat online,” said Martin Libicki, a senior policy analyst at the RAND Corporation, a nonprofit research organization.
The point is that the advantages of cyberspace for terrorism can be equally useful for counterterrorism. The Web has aided terrorist groups by acting as both a Rolodex and playbook. But those on the other side of the fight have access to the same Rolodex and playbooks.
The networking effects of cyberspace, for instance, allow terrorists to link as never before, but they also allow intelligence analysts to map out social networks in unprecedented ways, providing clues about the leadership and structure of terrorist groups that would otherwise be impossible to gain. The world learned just how powerful some of these tools can be from documents leaked by NSA contractor Edward Snowden in 2013, detailing how US intelligence agencies and their allies engaged in online surveillance of an unprecedented scale. The approach was to monitor as much Internet traffic as possible, with a particular goal of collecting what is known as “metadata.”
Essentially data about the data itself, metadata is information that describes the nature of communication, rather than the content. In traditional telephone surveillance, for example, this would simply be a record of what phone number called another phone number at what time, as opposed to what was said on the call. In the cyber era, metadata is far more complicated and thus far more useful. It includes information about geographic location, time, e-mail addresses, and other technical details about the data being created or sent. When this data is gathered together from sources around the world, sophisticated algorithms can be used to connect dots and reveal new patterns, as well as track individual devices, even when the user is trying to hide her identity. The effort was designed to help find links between terrorists. But the NSA programs controversially entailed collecting such information on the online activities of millions of non-terrorists. Think of it as trying to find a needle in a haystack, by collecting the entire haystack. Online efforts can even be used as a means to pinpoint those not yet linked into terror networks, such as those pondering joining extremist groups or engaging in the sort of “lone wolf” attacks that have become more prominent in recent years. For instance, in 2008 and 2009 US intelligence agencies reportedly tried to attack and shut down the top terrorist propaganda websites on the anniversary of 9/11, in order to delay the release of an Osama bin Laden video celebrating the attacks. In 2010, however, they took a different tack. As Wired magazine reported, “The user account for al-Qaida’s al-Fajr media distribution network was hacked and used to encourage forum members to sign up for Ekhlaas, a forum which had closed a year before and mysteriously resurfaced.” The new forum turned out to be a fake, an online spiderweb entangling would-be terrorists and their fans. Similarly, while the Internet might spread potential terrorist tactics, defenders can also gain crucial insight into which tactics are taking hold and need to be defended against. And, of course, one doesn’t have to just watch but can also engage in cyberattacks against the terrorists. One known example (we only want to talk about the cases the terrorists already know about!) is using the terrorists’ own computers to spy on them. This is what happened to Yaman Mukhadab and to the Global Islamic Media Front (GIMF), a network for producing and distributing radical propaganda online. In 2011, it had to warn its members that the group’s own encryption program, “Mujahideen Secrets 2.0,” actually shouldn’t be downloaded because it had been compromised. Just as cyberattacks don’t always just seek to breach a network to gain information, cyber counterterrorism can change information inside a terrorist’s networks. This might include playing a cheeky game of propaganda. In 2010, the terror group Al-Qaeda in the Arabian Peninsula (AQAP) issued “Inspire,” an English-language online magazine designed to draw in recruits and spread terror tactics. Their first issue was reportedly hacked by British intelligence agencies, who replaced the terrorist “how to” pages with a cupcake recipe. Or the corruption of information might flip the idea of cyber-terrorism on its very head. In one case, online bomb-making instructions were changed so that the attacker would instead blow himself up during the construction of the device. What’s notable about these online counterterror efforts is that, as with the rest of cybersecurity, governments are not the only players. Nonstate “hacktivism” has even played an important role in policing the Web. Jon Messner, for instance, is a private citizen from Maryland, who took down al-Neda, an al-Qaeda site. Fighting terrorism online is a hobby for Messner, though. His day job is running an Internet pornography business, being perhaps best known for originating the “housewife next-door” genre. It’s yet another illustration of how the Internet isn’t ungoverned, but rather is self-governed in strange and fascinating ways.
CYBERSECURITY AND CYBERWAR WHAT EVERYONE NEEDS TO KNOW®
P. W. SINGER AND ALLAN FRIEDMAN
This text is just for future references and the source is mentioned above.