Security News > 2006 > March > Terrorist 007, Exposed
Forwarded from: William Knowles http://www.washingtonpost.com/wp-dyn/content/article/2006/03/25/AR2006032500020.html By Rita Katz and Michael Kern March 26, 2006 For almost two years, intelligence services around the world tried to uncover the identity of an Internet hacker who had become a key conduit for al-Qaeda. The savvy, English-speaking, presumably young webmaster taunted his pursuers, calling himself Irhabi -- Terrorist -- 007. He hacked into American university computers, propagandized for the Iraq insurgents led by Abu Musab al-Zarqawi and taught other online jihadists how to wield their computers for the cause. Suddenly last fall, Irhabi 007 disappeared from the message boards. The postings ended after Scotland Yard arrested a 22-year-old West Londoner, Younis Tsouli, suspected of participating in an alleged bomb plot. In November, British authorities brought a range of charges against him related to that plot. Only later, according to our sources familiar with the British probe, was Tsouli's other suspected identity revealed. British investigators eventually confirmed to us that they believe he is Irhabi 007. The unwitting end of the hunt comes at a time when al-Qaeda sympathizers like Irhabi 007 are making explosive new use of the Internet. Countless Web sites and password-protected forums -- most of which have sprung up in the last several years -- now cater to would-be jihadists like Irhabi 007. The terrorists who congregate in those cybercommunities are rapidly becoming skilled in hacking, programming, executing online attacks and mastering digital and media design -- and Irhabi was a master of all those arts. But the manner of his arrest demonstrates how challenging it is to combat such online activities and to prevent others from following Irhabi's example: After pursuing an investigation into a European terrorism suspect, British investigators raided Tsouli's house, where they found stolen credit card information, according to an American source familiar with the probe. Looking further, they found that the cards were used to pay American Internet providers on whose servers he had posted jihadi propaganda. Only then did investigators come to believe that they had netted the infamous hacker. And that element of luck is a problem. The Internet has presented investigators with an extraordinary challenge. But our future security is going to depend increasingly on identifying and catching the shadowy figures who exist primarily in the elusive online world. The short career of Irhabi 007 offers a case study in the evolving nature of the threat that we at the SITE Institute track every day by monitoring and then joining the password-protected forums and communicating with the online jihadi community. Celebrated for his computer expertise, Irhabi 007 had propelled the jihadists into a 21st-century offensive through his ability to covertly and securely disseminate manuals of weaponry, videos of insurgent feats such as beheadings and other inflammatory material. It is by analyzing the trail of information left by such postings that we are able to distinguish the patterns of communication used by individual terrorists. Irhabi's success stemmed from a combination of skill and timing. In early 2004, he joined the password-protected message forum known as Muntada al-Ansar al-Islami (Islam Supporters Forum) and, soon after, al-Ekhlas (Sincerity) -- two of the password-protected forums with thousands of members that al-Qaeda had been using for military instructions, propaganda and recruitment. (These two forums have since been taken down.) This was around the time that Zarqawi began using the Internet as his primary means of disseminating propaganda for his insurgency in Iraq. Zarqawi needed computer-savvy associates, and Irhabi proved to be a standout among the volunteers, many of whom were based in Europe. Irhabi's central role became apparent to outsiders in April of that year, when Zarqawi's group, later renamed al-Qaeda in Iraq, began releasing its communiqués through its official spokesman, Abu Maysara al-Iraqi, on the Ansar forum. In his first posting, al-Iraqi wrote in Arabic about "the good news" that "a group of proud and brave men" intended to "strike the economic interests of the countries of blasphemy and atheism, that came to raise the banner of the Cross in the country of the Muslims." At the time, some doubted that posting's authenticity, but Irhabi, who was the first to post a response, offered words of support. Before long, al-Iraqi answered in like fashion, establishing their relationship -- and Irhabi's central role. Over the following year and a half, Irhabi established himself as the top jihadi expert on all things Internet-related. He became a very active member of many jihadi forums in Arabic and English. He worked on both defeating and enhancing online security, linking to multimedia and providing online seminars on the use of the Internet. He seemed to be online night and day, ready to answer questions about how to post a video, for example -- and often willing to take over and do the posting himself. Irhabi focused on hacking into Web sites as well as educating Internet surfers in the secrets to anonymous browsing. In one instance, Irhabi posted a 20-page message titled "Seminar on Hacking Websites," to the Ekhlas forum. It provided detailed information on the art of hacking, listing dozens of vulnerable Web sites to which one could upload shared media. Irhabi used this strategy himself, uploading data to a Web site run by the state of Arkansas, and then to another run by George Washington University. This stunt led many experts to believe -- erroneously -- that Irhabi was based in the United States. Irhabi used countless other Web sites as free hosts for material that the jihadists needed to upload and share. In addition to these sites, Irhabi provided techniques for discovering server vulnerabilities, in the event that his suggested sites became secure. In this way, jihadists could use third-party hosts to disseminate propaganda so that they did not have to risk using their own web space and, more importantly, their own money. As he provided seemingly limitless space captured from vulnerable servers throughout the Internet, Irhabi was celebrated by his online followers. A mark of that appreciation was the following memorandum of praise offered by a member of Ansar in August 2004: "To Our Brother Irhabi 007. Our brother Irhabi 007, you have shown very good efforts in serving this message board, as I can see, and in serving jihad for the sake of God. By God, we do not like to hear what hurts you, so we ask God to keep you in his care. You are one of the top people who care about serving your brothers. May God add all of that on the side of your good work, and may you go careful and successful. We say carry on with God's blessing. Carry on, may God protect you. Carry on serving jihad and its supporters. And I ask the mighty, gracious and merciful God to keep for us everyone who wants to support his faith. Amen." Irhabi's hacking ability was useful not only in the exchange of media, but also in the distribution of large-scale al-Qaeda productions. In one instance, a film produced by Zarqawi's al-Qaeda, titled "All Is for Allah's Religion," was distributed from a page at www.alaflam.net/wdkl . The links, uploaded in June 2005, provided numerous outlets where visitors could find the video. In the event that one of the sites was disabled, many other sources were available as backups. Several were based on domains such as www.irhabi007.ca or www.irhabi007.tv , indicating a strong involvement by Irhabi himself. The film, a major release by al-Qaeda in Iraq, showed many of the insurgents' recent exploits compiled with footage of Osama bin Laden, commentary on the Abu Ghraib prison, and political statements about the rule of then-Iraqi Interim Prime Minister Ayad Allawi. Tsouli has been charged with eight offenses including conspiracy to murder, conspiracy to cause an explosion, conspiracy to cause a public nuisance, conspiracy to obtain money by deception and offences relating to the possession of articles for terrorist purposes and fundraising. So far there are no charges directly related to his alleged activities as Irhabi on the Internet, but given the charges already mounted against him, it will probably be a long time before the 22-year-old is able to go online again. But Irhabi's absence from the Internet may not be as noticeable as many hope. Indeed, the hacker had anticipated his own disappearance. In the months beforehand, Irhabi released his will on the Internet. In it, he provided links to help visitors with their own Internet security and hacking skills in the event of his absence -- a rubric for jihadists seeking the means to continue to serve their nefarious ends. Irhabi may have been caught, but his online legacy may be the creation of many thousands of 007s. feedback () siteinstitute org Rita Katz is the author of "Terrorist Hunter" [1] (HarperCollins) and the director of the SITE Institute, which is dedicated to the "search for international terrorist entities." Michael Kern is a senior analyst with the institute. [1] http://www.amazon.com/exec/obidos/ASIN/0060528192/c4iorg *==============================================================* "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen Alfred. M. Gray, USMC ================================================================ C4I.org - Computer Security, & Intelligence - http://www.c4i.org *==============================================================* _________________________________ InfoSec News v2.0 - Coming Soon! http://www.infosecnews.org
News URL
http://www.washingtonpost.com/wp-dyn/content/article/2006/03/25/AR2006032500020.html