Weapon of choice is a bit misleading. The ultimate weapon of choice for terrorists is a far cry from a computer keyboard, but this story ties into a lot of the public speaking I do on this topic.

Weapons of Choice: How Terrorists Use the Web
By Jay Lyman
NewsFactor Network
February 23, 2001

The same advantages the Internet and advanced technology bring to the general public and to business — speed, security and global linkage — are helping international terrorist groups organize their deadly and disruptive activities.

“The Internet and e-mail provide the perfect vehicles for these groups to communicate with each other, to spread their message, to raise money and to launch cyberattacks,” iDefense director of intelligence for special projects Ben Venzke told NewsFactor Network.

A recent report from U.S. officials indicates that terrorists’ use of the Web for communication and coordination through the use of encrypted messages is widespread, with numerous sites — many of which are unaware of the use to which they are being put — serving as conduits for terrorist conspiracies.

Government and private Internet security firms are doing their best to keep up with the terrorists, but the task is made more difficult by advancing technologies available to groups bent on targeting the U.S. and its citizens, allies and businesses.

Terror Tool

Security officials in government and private industry agree that the Web is heavily used by terrorists such as Osama bin Laden and other extremist groups, including Middle East terror organizations Hezbollah and Hamas.

“Terrorists use the Web mostly for propaganda and for information exchange,” said Matthew Devost, founding director of the Terrorism Research Center. “If you move beyond the Web, terrorist organizations do use information technology as a very viable and secure communication mechanism.”

Devost told NewsFactor that despite the Internet’s viability as an economic medium, it has proven somewhat insecure for commercial transactions.

He said the Web could help facilitate attacks by terrorist groups on not only the Internet economy, but on power, transportation and other systems that rely on information that is linked to the Web.

‘No Limit’

Terrorists are beginning to use the Web in interesting ways, Vigilinx director of intelligence Jerry Freese told NewsFactor.

“There’s really no limit to it,” Freese said. “Anywhere you can send an e-mail with an audio or graphics file is fair game.”

Freese, whose security company provides secure servers, intruder detection and security audits, said terrorist cells around the world use the Internet for scheduling, meeting and organizing.

“We see the Web as a terrorism-assistance tool that allows them to do things in secrecy,” he said, referring to encrypted messages. “The thing is, it can originate from anywhere. The Web, of course, is ubiquitous.”

Freese said steganography — putting encrypted messages in electronic files — is widely used by terrorist groups. A recent government report indicated that terrorists have been hiding pictures and maps of targets in sports chat rooms, on pornographic bulletin boards and on Web sites.

Reliance on the Net

Despite their ongoing efforts to cripple parts of the Web, disrupt infrastructure systems such as electrical power or steal money and information from government and businesses, terrorists have a vested interest in keeping the Internet working.

“It’s a very good tool for them,” Freese told NewsFactor, “so they don’t want to disrupt the flow of the Web; rather, they’ll target specific companies that are working with or are sympathetic to their enemies.”

Rogue Rights

While law enforcement officials are aware of terrorists’ use of the Internet, they cannot monitor Web sites for both logistical and legal reasons, according to spokesperson Steve Berry of the U.S. Federal Bureau of Investigations’ National Infrastructure Protection Center.

“However repugnant to our perception and to the general public and law enforcement their Web site or use of it might be, that does not give us the authority to block them,” Berry told NewsFactor. “That’s free speech. That’s the country we live in.”

Venzke, whose company tracks Web-based threats for Fortune 500 companies and government, said law enforcement is also limited by national culture and geography. The Web offers entry into any country from anywhere, and with so many points linked together, terrorist activity is often impossible to track.

“How do you force an [Internet service provider] halfway around the world, which may not be friendly to you to begin with, to shut down a Web site?” Venzke asked.

Predicting Protection

The rapid advancement of technology makes it hard to fight terrorists, who, experts agree, are adept at using the Internet and other advanced technology. Bin Laden’s al Qaida and other terrorist groups have reportedly used encryption programs available free on the Web, as well more powerful anti-spy software purchased on the open market.

The Terrorism Research Center’s Devost said that despite a number of valid efforts to combat terrorists, targeted countries and businesses are not prepared.

“Most nations, and most companies, are not being diligent with regard to addressing information security concerns and fortifying their security posture,” said Devost.

Counter Strike

Security experts claim they are getting better at detecting and decoding terrorist communiques, but more awareness and information sharing is needed.

“Right now, it’s very hard to detect where these messages are coming from and what their intent is,” said Freese. “Information exchange is a key issue here. We have a lot of repositories of information, but it isn’t shared. The government is trying to collate information from private and government sources to coordinate defenses.”

Devost agrees, adding that despite increased efforts to keep tabs on terrorists, vulnerabilities are on the rise.

“Governments are making great progress in understanding the way these groups are utilizing technology,” Devost said, “[but] while we are making progress, it is not enough.”