Terrorists brandish tech sword, too

Imam Samudra is notorious for his technology evangelism. From death row in Indonesia, the architect of bomb blasts that killed 202 people at a Bali nightclub in 2002 wrote an autobiography that encourages would-be terrorists to use technology against the United States and offers a primer on credit card fraud for financing the operations.

“It’s really a very powerful guide to becoming an effective cyber thief,” said Alan Paller, director of research at the SANS Institute, a security watchdog.

Samudra is a chilling reminder that the FBI, the CIA, England’s MI5 and other intelligence and law enforcement agencies worldwide aren’t the only ones turning to modern computer and communications technology to help their cause.

Like the recently foiled plot to use easily obtained chemicals to produce bombs aboard airplanes, another branch of modern terrorism tradecraft is “taking advantage of technology we use everyday, but for subversive uses,” said Kim Taipale, executive director of the Center for Advanced Studies in Science and Technology Policy, a think tank.

According to security experts, al Qaeda and loosely organized units inspired by it approach technology differently from state-sponsored spies who have tried to hack into classified U.S. government computer systems to gather intelligence and disrupt operations.

Stateless terrorist groups often use the Internet for communications and recruiting. They also use it to spread bots, stealth software programs that load onto the PCs of unsuspecting people and then steal credit card numbers and banking passwords or use the infected machine to launch cyberattacks.

Others worry about the potential for even more sophisticated technology applications by terrorists. “The next frontier is their ability to potentially attack our infrastructure from a cave in Afghanistan to shut down the northeastern power grid,” said Bruce Brody, vice president for information security at Input, a consulting firm for the public sector.

Fortunately, law enforcement agencies, aided by security experts in government and private industry, don’t only react to threats. New security techniques and technologies are helping crack the top technology challenges created by international terrorist techno-geeks and proactively diminish their effectiveness.

Terrorist Tech Challenge #1: The Internet
Similar to its multifaceted personality for law-abiding uses, the Internet presents many opportunities to terrorists:

Command and control. The Internet’s fluid organizational structure provides a communications foundation for command and control activities within centralized terrorist groups, such as al Qaeda, and more loosely organized cells worldwide. It quickly conveys communications via e-mail messages and secure Web sites to operatives.

“They can open up Web sites and close them down within minutes, which [shows] that the intended audience had a separate message indicating what to look for and when to look for it,” said Brian Jenkins, senior adviser to the president of Rand Corp., a public policy think tank. “As you go chasing it, it disappears by the time you get there.”

Reconnaissance and surveillance. Laptop PCs captured by suspected terrorist leaders and operatives often contain schematics of government buildings, power plants and other potential physical targets — plans likely obtained and distributed via the Internet.

“A terrorist organization today has available to it as much [surveillance technology] as the Soviets had during the Cold War,” Taipale said. Terrorists “don’t need a satellite; they can just go to Google Earth.”

Tradecraft development. “The information revolution means that information is now widely available at the same time,” said Peter Singer, a senior fellow and national security expert at the Brookings Institution. Instant communications means that the latest tactics for making improvised bombs, obtaining stolen credit card numbers or evading authorities while using cellular phones quickly become available worldwide.

Media and propaganda. The Internet removes editor and reporter intermediaries that may alter messages terrorists seek to communicate to their perceived constituents. Terrorists “are able to put some of these horrific videotapes of actual attacks or hostages being beheaded directly on the Internet,” Jenkins said. As of Sept. 11, 2001, “there were probably only a handful of sites devoted to the jihadist cause. Now there are hundreds and hundreds of these sites.”

Community development and recruitment. In the past, Islamic terrorist recruiting counted on the “jihadi trail,” a chain of radical outposts that stretched across the Middle East to Afghanistan, to unite new recruits with organizers. Today, like-minded communities organized in Internet chat rooms or on MySpace perform similar roles electronically.

“You may be some angry teenager in Farmingham, England; Pensacola, Fla.; or Madrid, Spain, and meet other people just like you,” Singer said. “On the Internet, people tend to congregate with like-minded people. It’s self-reinforcing and helps to radicalize people.”

What's next in security technology?

Click here to enlarge chart (.pdf).

chart
How we fight back
The best way to foil Internet-based command and control activities may be the use of stealth operations rather than force. Intelligence agencies can disrupt terrorists’ communications by breaking network connections to keep information from getting through or delaying its arrival.

“The strategy is to create problems. Let the rest of the organization wonder about where the funds are going or make people think others are informers,” Taipale said, adding that destabilizing communications increases the chances that terrorists will make mistakes.

The Web’s natural anonymity aids those techniques. “The Internet is a masked ball,” Jenkins said. “If you establish the proper credentials, you can actually begin to participate in some of these online communities and chat rooms.”

But he warns that law enforcement authorities need to work harder at this type of digital espionage.

“Dealing with the radicalization and recruitment process is a part of the battlefield where we have not learned to operate effectively yet,” Jenkins said. “We have the most high-tech armed forces in the world, but we’re struggling to understand this new dimension of political warfare. It’s not just a matter of technology; it’s a matter of comprehension.”

Terrorist Tech Challenge #2: Drive-by computer infections
Antivirus software and admonitions against opening e-mail attachments from unknown senders are no longer enough to keep malicious programs off PCs. Careful computer users may unknowingly infect their computers with malicious programs that record keystrokes and send information to hackers anywhere worldwide.

Drive-by infections occur when unsuspecting Web surfers visit a booby-trapped Web site, often one associated with spam, pornography or gambling. Security holes in Web browsers allow such sites to secretly download keystroke-logging software to the visitor’s computer. The logging program then watches for a preset trigger, such as a bank’s Web address, and then records the next couple of hundred keystrokes, which may include an account number and password. With the financial information in hand, terrorist hackers “immediately transfer money to banks outside of the United States,” Paller said. “It’s the fastest, best way to convert cyberattacks into money.”

How we fight back
Paller said anti-spyware programs are becoming less effective at identifying and removing sophisticated keystroke loggers. One defense is to diligently update security patches that plug holes in Web browsers. Another defense is behavior analysis hardware and software, available from Cisco Systems, Finjan Software, Lancope and others. The security technology analyzes a new program’s code to understand what it does before it accesses a PC’s hard drive.

This approach asks a simple question. “‘Is this content legitimate or not?’” said Yuval Ben-Itzhak, chief technology officer at Finjan.

“The first time we see the code, we can understand whether it is malicious or not from its behavior,” he added.

Terrorist Tech Challenge #3: SCADA systems
Supervisory control and data acquisition (SCADA) systems are the brains behind large-scale infrastructures such as electrical power grids and nuclear power plants. Theoretically, regional power blackouts, economic disruptions and sabotage could occur if terrorist hackers penetrated a SCADA system.

“There certainly are vulnerabilities in our infrastructure — we have seen disruptions occur because of failures in reliability,” said Daniel Ryan, a professor at the Information Resources Management College of the National Defense University. “I suspect it might be possible for a terrorist to create those kinds of effects.”

How we fight back
A recent effort by the Idaho National Laboratory, the New York State Office of Cyber Security and Critical Infrastructure Coordination, and the SANS Institute addressed one of the biggest vulnerabilities in SCADA systems.

Many bundles of computers and software contain capabilities — unbeknownst to buyers — that may let terrorist hackers access computers to try to take over systems. Those internal capabilities include features such as an enterprise-class e-mail module in Sun Microsystems workstations and Web servers in Microsoft Windows-based servers.

Paller said those capabilities open unnecessary security risks. For example, he said vulnerabilities associated with Microsoft’s Internet Information Services Web server worsen when the software comes preloaded on a computer from a systems integrator or other third-party source. Worse still, many users, unaware of the software’s presence, don’t think of going to Microsoft for patch updates that would reduce vulnerabilities.

“Right now, the people sell it to us with everything turned on, and they justify that by saying that it’s convenient to people,” Paller said.

Earlier this month, the three organizations released “Cyber Security Procurement Language for Control Systems,” a set of guidelines for utilities and their suppliers that define the types of features they should disable until users decide to activate them.

“Most security [strategies] have winners and losers,” Paller said. “This is one that seems to have people only saying that it makes sense.”

Terrorist Tech Challenge #4: Cell phones
Like many previous terrorist plots, the recent liquid-bomb plot apparently included one of the world’s most ubiquitous electronic devices: the cell phone. Cell phones can be detonators for improvised bombs used in Iraq, and investigators think they played a role in the 2002 Bali bombing and the commuter train explosions in Spain two years later.

“What’s scary is the exquisite ease with which a cell phone becomes a detonator,” said David Nelson, a security consultant at Input. “At the appropriate time, from anywhere in the world, you dial the cell phone number, and when the phone rings, the connection is made and the detonator goes off.”

Whether used as detonators or for on-the-fly communications, the rise of inexpensive cell phones that contain prepaid credit for calls rather than a link to a specific account provide a layer of throwaway anonymity for terrorists, Nelson said.

How we fight back
Intelligence agents can track cell phones via the built-in Global Positioning System capabilities in many devices if careless users don’t remove the battery in their phones. Savvier users may try to avoid this tracking tactic, but agents can still thwart the calls using military versions of communications jammers that block calls by sending alternative signals to collide with communications traffic originating several miles away.

“Cell phones allow terrorists to keep moving around and shift bases of communications, but they’re also a vulnerability because cell phone signals can be intercepted,” Ryan said.

Terrorist Tech Challenge # 5: Encryption
Although laptop and desktop PCs seized during raids of terrorist hideouts promise troves of intelligence, common technologies are keeping authorities from easily culling data from the machines. “PGP is just a download away,” Nelson said, referring to a widely used encryption program.

Sophisticated terrorist organizations routinely use encryption technology to scramble data stored on hard drives and in e-mail messages that law enforcement agencies might intercept in transit. Similarly, Web site creators use Internet security protocols such as Secure Sockets Layer to make traffic unreadable to outsiders.

How we fight back
If authorities identify a secured site potentially used by a terrorist organization, they may not be able to read individual messages but can still collect intelligence by analyzing the traffic that comes to the site.

“I may not know what you are saying, but I know who you are saying it to,” Nelson said.

For example, by intercepting SSL communications, authorities could determine the IP addresses of the communicators. The Whois network protocol can then help law enforcement agencies track the owners of specific IP addresses or domain names. Although not always geographically specific, a Whois search may pinpoint a message’s country or perhaps city of origin.

But like other countermeasures, technologically savvy terrorist organizations are finding ways around this one, too. They can cover their Internet tracks by communicating with intermediary computers that indirectly relay messages between primary senders and recipients.

“Authorities may know the guy in the middle, but they can’t get back to the originator,” Nelson said. “It’s the same cat-and-mouse game all over again.”

Joch is a business and technology writer based in New England. He can be reached at ajoch@worldpath.com.

Human touch still needed

Just as there are no silver bullets to cure business productivity ills with technology alone, anti-terrorism organizations need to balance their reliance on technology with “the more grungy aspects of spy tradecraft,” said David Nelson, a security consultant at Input.

Successful espionage requires agents who understand different cultures, speak the relevant languages and blend in with terrorist groups.

Combining agents like these with advanced technology creates a potent anti-terrorism force. “If we know who a bad guy is, then it’s a lot easier to search phone records for who he is connected to than to use phone records just as a black hole to search for a reputed bad guy,” Nelson said. This appears to be the approach the National Security Agency is using by gaining access to domestic phone records, he added. “They are looking for needles in a haystack.”

Instead, Nelson advocates a back-to-basics approach for the people part of the equation.

— Alan Joch

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.