Security News > 2004 > July > Al Qaeda Messages Posted on U.S. Server
http://www.washingtonpost.com/wp-dyn/articles/A47681-2004Jul13.html By David McGuire washingtonpost.com Staff Writer July 13, 2004 An Internet computer server operated by an Arkansas government agency was transformed last weekend into the online home of dozens of videos featuring Osama bin Laden, Islamic jihadist anthems and terrorist speeches. State government officials removed the files from a computer operated by the Arkansas Highway and Transportation Department shortly after they were discovered, a government spokesman said. The case highlights an increasing trend of hackers hijacking vulnerable Web servers for the purpose of advocating radical political and terrorist ideologies. Links to the files were posted to a message board of a group called al Ansar. The Web site features photos of bin Laden, leader of the al Qaeda terrorist network, and the Sept. 11, 2001, hijackers, as well as basic facts about the tenets of Islam and links to chatrooms and other Islamic Web sites. The person who posted the links identified himself as "Irhabi 007"-- or "Terrorist 007" -- said Laura Mansfield, who tracks pro-al Qaeda Web sites for Northeast Intelligence Network, an Erie, Pa.-based private group of analysts that monitors the Internet for terrorist activity. Arkansas Transportation Department spokesman Randy Ort confirmed that approximately 70 unauthorized files were posted on Sunday to a "File Transfer Protocol" (FTP) site that the agency operates for contractors. FTP sites are widely used throughout the Internet as a way to transfer large files quickly. Ort would not describe the files, except to say that they were labeled "in a foreign language." He said the department shut the site down on Monday morning after a CNN reporter called to ask what the materials were doing there. Ort said that the FBI has confiscated the server where the files were located. FBI spokesman Joe Parris confirmed that the agency took the computers, but would not say whether it was investigating the incident. Mansfield said hijacking unsecured FTP sites is standard procedure for al Qaeda sympathizers, but it was unusual for them to take over a government site. "Basically, what they do is they go out, they find a Web site, and they borrow the bandwidth until they get caught and somebody kicks them off," Mansfield said. "Companies and organizations would do well to shut down their anonymous FTP servers nowadays, because they are being misused." According to a 23-year CIA veteran who has anonymously criticized U.S. counterterrorism policy in a recently published book, "Al Qaeda's most important growth since the 11 September attacks has not been physical but has been, rather, its expansion into the Internet." In his book, "Imperial Hubris: Why the West is Losing the War on Terror," [1] the author says the United States and its allies have staged "information warfare attacks" on some Internet sites, "thereby forcing them off-line and making their producers hunt for new host servers." However, it was not clear whether the person who hijacked the Arkansas server was an actual al Qaeda terrorist or someone with other motivations. Ken Dunham, malicious code manager for iDefense Inc., an Internet security firm based in Reston, said a growing number of computer crimes are being committed in the name of political causes, with some hackers seeking to identify themselves with terrorism in a bid to boost their importance in the hacker subculture. Mansfield, who said she speaks fluent Arabic and has tracked Terrorist 007's activities since February, said the poster admitted online that he does not speak Arabic. His postings in Arabic bear signs of being run though an electronic translator, she said. She said the person has posted at least 900 items on the al Ansar Web site. In a statement posted on the Northeast Intelligence Network's Web site yesterday, Mansfield described the poster as "a self-proclaimed U.S.-based terrorist." In addition to the links to the Arkansas computer server, the al Ansar site featured downloadable copies of video depicting the beheading of American businessman Nicholas Berg, an al Qaeda-produced video called "Wills of Martyrs" and video of a deadly car bomb attack on a housing complex in Riyadh, the Saudi Arabian capital, Mansfield said. The al Ansar site is a popular destination for al Qaeda sympathizers and is often one of the first places where videos of terrorist attacks and ultimatums are posted, Mansfield said. James Lewis, a senior fellow at the Center for Strategic and International Studies, said that sites run by al Qaeda and its sympathizers change addresses often and rely on word of mouth for publicity. He added that the practice of taking advantage of unsecured computer space to host information is a common tactic of al Qaeda backers. Terrorist 007 apparently moved the same material to other locations on the Internet, Mansfield said. Earlier this year, a person identifying himself as Terrorist 007 posted similar material to an FTP server run by The George Washington University in Washington, D.C., Mansfield said. University spokesman Matt Nehmer said security officials at the university had no knowledge of any such intrusion, and had not been contacted by law enforcement officials. [1] http://www.amazon.com/exec/obidos/ASIN/1574888498/c4iorg *==============================================================* "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen Alfred. M. Gray, USMC ---------------------------------------------------------------- C4I.org - Computer Security, & Intelligence - http://www.c4i.org ================================================================ Help C4I.org with a donation: http://www.c4i.org/donation.html *==============================================================* _________________________________________ Help InfoSec News with a donation: http://www.c4i.org/donation.html
News URL
http://www.washingtonpost.com/wp-dyn/articles/A47681-2004Jul13.html