The Invulnerable Networked Insurgency, Part 2
Why doesn't the government close down all the poisonous hate sites run by terrorist webmasters? PJM Sydney editor Richard Fernandez continues his analysis of the Internet Jihad. (Read part one here)
October 27, 2007 - 1:00 am
Besides the conspiratorial network of al-Qaeda itself there is a wider network of radical Islamic influence. It is sometimes called the Internet Jihad. The New York Times recently featured the story of a website called Inshallashaheed, operated by an American of Saudi Arabian descent named Samir Khan, who has turned "his parents’ home in North Carolina" into a “kind of Western relay station for the multimedia productions of violent Islamic groups.”
In recent days, he has featured “glad tidings” from a North African militant leader whose group killed 31 Algerian troops. He posted a scholarly treatise arguing for violent jihad, translated into English. He listed hundreds of links to secret sites from which his readers could obtain the latest blood-drenched insurgent videos from Iraq. His neatly organized site also includes a file called “United States of Losers,” which showcased a recent news broadcast about a firefight in Afghanistan with this added commentary from Mr. Khan: “You can even see an American soldier hiding during the ambush like a baby!! AllahuAkbar! AllahuAkbar!”
While Khan is portrayed by the NYT as not doing anything illegal, he is nevertheless serving the cause of al-Qaeda very well. "The Internet traffic counter Alexa.com, which rarely is able to measure the popularity of blogs because they do not have enough readers, ranked his among the top one percent of one hundred million Internet sites in the world." But Inshallashaheed is only one of many such sites on the Web.
That production line is the legacy of one man: Abu Musab al-Zarqawi, the former leader of Al Qaeda in Mesopotamia who was killed in June 2006 by American bombs. Mr. Zarqawi learned the power of the Internet in prison, according to a former associate who was imprisoned with him in Jordan a decade ago.
The Internet Jihad straddles two worlds. One foot is in the publicly accessible Internet (sometimes called the Lightnet) . But the other is planted in a private, limited network called a Darknet, from which it receives direction and material. A Darknet is a network where users connect, usually one node at a time only to people they trust. There is no directory for it, unlike the publicly accessible Internet. It is similar to a system of unlisted telephone numbers, where messages are passed only by people who know each other’s voices. Wikipedia explains the origin of the term.
The term was originally coined in the 1970s to designate networks which were isolated from ARPANET (which evolved into the Internet) for security purposes. Some darknets were able to receive data from ARPANET but had addresses which didn’t appear in the network lists and would not answer pings or other inquiries.
Unlike the Internet, where URLs are publicly accessible and for which a partial map exists courtesy of search engines, the Jihadi Darknet is a place which is off the books; it’s nodes are not publicly listed. But it is joined to the public Internet through a series of hidden doors like a castle honeycombed with secret passages. The reason the hidden and the open worlds must connect is that messages must pass from one side to the other. The Darknet needs a door to the public Internet to inject material for dissemination to the West and possibly to pass back messages into the underground.
One specific example of the how Jihadi Darknet surfaces on the Internet is told in the New York Times article. One Jihadi webmaster, a certain Dr. Muhammad Massari, “a Saudi physicist and dissident,” told the NYT that his site was used as a point of contact between the underground and those operating in open society. He described how certain types of content arrived anonymously on his site from time to time to be picked up and forwarded. The underworld briefly manifested its presence like a U-boat momentarily gliding beneath the surface to draw air, send a message or send a deadly torpedo at an unsuspecting merchantman.
“I never touch the videos that are on my forums,” said Dr. Massari, who wears a long white Arabic robe. “Someone with Al Qaeda uploads them, probably at Internet cafes, to password-protected sites. Then they call a friend, say, in Australia or Bras√≠lia, and say, ‘Hi Johnny, your mom is traveling today.’ That is the code to download the video. It goes up and down like that a few times, with no trace, until someone posts a link on my site.”
But if such websites are so harmful why not close down Samir Khan’s website? Why not shut Dr. Muhammad Massari’s dead-drop? The answer is that the door between the Internet Jihad and the surface opens both ways. It represents a point of vulnerability to the leaders of the Jihad. While some amateur attempts have been made to end Samir Khan’s access to the Internet, they have not come from law enforcement.
From time to time, Mr. Khan said, his father also cut off his Internet access and, to placate him, Mr. Khan recently added a disclaimer to his blog disavowing responsibility for the views expressed on the site. He has also been fending off citizen watchdogs who are working to knock sites likes his off the Internet. Twice in September his blog went dark when his service provider shut him down, citing complaints about the nature of his postings. Mr. Khan has now moved his blog to a site called Muslimpad, whose American operators recently moved from Texas to Amman, Jordan. Their larger forum, Islamic Network, is the host of discussions among English-speaking Muslims. One of their former employees, Daniel Maldonado, was convicted this year in federal court of associating with terrorists at their training camps in Somalia.
Monitoring Jihadi websites sometimes provides an opportunity to track down and identify the key nodes of the radical Islamic movement. The White House was recently accused of releasing a video of Osama Bin Laden obtained from a Jihadi website and possibly revealing the methods which were used to monitor it, thereby shutting down a vital source of intelligence. The Washington Post reported:
The founder of the company, the SITE Intelligence Group, says this premature disclosure tipped al-Qaeda to a security breach and destroyed a years-long surveillance operation that the company has used to intercept and pass along secret messages, videos and advance warnings of suicide bombings from the terrorist group’s communications network."Techniques that took years to develop are now ineffective and worthless," said Rita Katz, the firm’s 44-year-old founder, who has garnered wide attention by publicizing statements and videos from extremist chat rooms and Web sites, while attracting controversy over the secrecy of SITE’s methodology.
More recently, Rusty Shackleford of the Jawa Report criticized the New York Times for "outing" yet another Jihadi site, that of Samir Khan’s.
Thanks a lot to Michael Moss and the New York Times for blowing an ongoing investigation into a known al Qaeda sympathizer who lives here in the United States. I’ve known about this piece for a few weeks and wrote the NY Times to ask Moss not to run it. No reply from the Times. While we appreciate Moss’s commitment to spreading the word about the Internet Jihad, we really wish he would have consulted with us on the matter. He has a right to out Inshallahshaheed as Samir Khan, but doing so has jeopardized an ongoing investigation into a terror ring which begins in the US and ends in Somalia.
Shackleford suggests Samir Khan’s site provided vital clues to identify the network pathway to a node in Somalia. The first part of the Invulnerable Network Insurgency series maintained that the key to fighting a networked insurgency lies in identifying the "super-connected" members of the Jihadi underground. And one of the best ways of finding those key underground links lies in watching the most heavily trafficked Jihadi websites. Once again, the Small World property makes it likely that the major al-Qaeda operatives are only a few jumps away from Samir Khan’s or Dr. Muhammad Massari’s websites. Was Muhammad Massari, when he boasted to the New York Times about how his site was used as a secret door from the Jihadi underworld into the open world, implicitly assuming that the door could not be made to open both ways? But even though the doorway was defended; even though parts of the enemy Darknet were joined by the physical rather than electronic means (the so-called "sneakernet"); even if encryption were used to disguise messages; even if transient Internet connections were used to drop and pick up messages, Massari’s site and its entails still provided a wormhole through which a dedicated opponent could break through.
The process of attack and defense is a continuous activity on any network, as any reader who must renew his subscription to firewalls, anti-spyware and anti-virus programs will attest. There is always something trying to come through the door and something trying to prevent it. The Government Executive recently described this process of thrust and parry in a recent article.
September  seemed to mark a serious escalation in global cyber warfare. Media reports detailed what appeared to be Chinese attacks against Pentagon networks and government computer systems in Germany, France and the United Kingdom — putting Defense Department officials on the offensive. It began in early September when Financial Times reported attacks against Pentagon computer systems, and quoted unnamed Defense Department officials who pinned the blame on China’s People’s Liberation Army. In France, Germany, the U.K. and New Zealand, officials reported attacks and evidence of spyware traceable to China on government computer systems. In the U.K., Times Online reported that "China leads the list of countries hacking into government computers that contain Britain’s military and foreign policy secrets."
And just as the Chinese government continuously tries to penetrate into the secret parts of the Western network, counterterrorists are constantly trying to reach past the Jihadi defenses and find those critical nodes which we know from the Small World property to be only a few hops away from Massari’s website. The silent struggle between amateur and professional counterterrorists on the one hand, and the Jihadi network professionals on the other, recalls Winston Churchill’s classic description of the secret technical war that suffused the Second World War. He called it the Wizard War.
During the human struggle between the British and the German Air Forces, between pilot and pilot, between AAA batteries and aircraft, between ruthless bombing and fortitude of the British people, another conflict was going on, step by step, month by month. This was a secret war, whose battles were lost or won unknown to the public, and only with difficulty comprehended, even now, to those outside the small scientific circles concerned. No such warfare had ever been waged by mortal men. The terms in which it could be recorded or talked about were unintelligible to ordinary folk. Yet if we had not mastered its profound meaning and used its mysteries even while we saw them only in the glimpse … all the bravery and sacrifices of the people, would have been in vain.
This intellectual and scientific conflict is being reprised in the 21st century. And while nearly every technical aspect of it will has changed since the 1940s, in one respect it remains exactly as vital today as it was then.
Richard Fernandez is PJM Sydney editor; he also writes at the Belmont Club.