“We’re facing a very great threat of loosely-coupled, organizational networks that increasingly rely on IT infrastructure to coordinate their movements and recruit young disenfranchised, apathetic guys as suicidal pawns in a sophisticated, dispersed movement. (…)” (AHM, Usenet, September 21, 2001)
Although various forms of cyber terrorism and cyber espionage have existed as far back as the 1980s, it would not be until the turn of the 21st century that the world at large would be introduced to a new breed of hacker: the cyber jihadist. While the first murmurings of the “Cyber Jihad” (or e-Jihad) came in the form of a post by Cletus Nelson to the Conspiracy Theory Research List (CTRL) on December 19, 2000, the e-Jihad movement did not begin to heat up until after the Al Qaeda September 11, 2001 attack.
Much has changed since that time. In both cyberspace and meatspace.
Early cyber jihadists tended to focus upon web site defacements. The “Information Warfare” site chronicles some of these in a November 2001 article titled, “Cyber Protests.” Even so, the e-Jihad movement did not seem to be taking root. That is, superficially speaking… there was little-to-no media coverage and attacks of any real significance seemed few and far between.
The idea of a cyber jihad however persisted. For example, in June of 2002, an apparent Syrian car salesman by day, cyber jihadist by night, attempted to form a jihad hacker group: Arab Electronic Jihad Team. His was but one of many self-styled cyber jihadist groups that have formed over the past decade.
Notably however, “One man’s Cyber Jihadist is another man’s Hacktivist” simply does not apply.
Why might that be? Or rather, what, exactly, differentiates Cyber Jihadists from Hacktivists (such as Anonymous)? After all, both engage in web defacements (cyber graffiti), DDoS attacks (cyber vandalism), and other illegal cyber activities (worms, keyloggers, etc). For starters, consider the Hacker Pyramid.
While the above is but a parody, it does convey some inherent truths within “Hackerdom” and especially in context of this article. For example, Cyber Jihadists are largely comprised of Cyber Terrorists whereas Hacktivists are largely comprised of Ankle Biters and Script Kiddies. The Stuxnet virus (a worm designed to target Seimens SCADA, carrying a PLC payload) vs. Anonops attack against HBGary (social engineering and SQL injection) epitomize this.
Furthermore, Cyber Jihadists hack to further extremist terrorist agendas as well as provide a means to network and train potential recruits. Take, Ansar Al Jihad.
“Ansar Al Jihad Network’s website is another popular jihadi website that is accessible in Pakistan. The forum has been closed for membership, but features videos, press releases and discussions about the war in Afghanistan and Pakistan. While one could not see the discussion on the forums, it is astounding to see the sheer number of videos that have been produced by the As-Sahab Foundation for Islamic Media Publication, Al-Qaeda’s media cell, featuring members of the Taliban that have been killed, or messages from current Taliban leaders fighting in Afghanistan and Pakistan.
The site listed in the aforementioned article was registered in 2010. The original site and its mirrors were registered within five months of the United States invasion of Iraq. Original videos began to appear on the wayback machine as early as 2004, though they have since been scrubbed. However many can still be found in both the google video archives as well as on youtube such as the notorious “Bush Assassination” mock-up, white phosphorus attack footage, and Juba sniper footage.
Videos that did not make it to google or youtube include but are not limited to various Iraqi resistance and training videos, and the “wlakinallahrama” video. The latter was uploaded to the main Ansar Al Jihad site in 2004 and contained, among other things, a shot of a handwritten note asking viewers to call in the U.S. 39th BCT in the event a certain individual was detained by US forces.
The above is but one example of cyber jihadist activities and why both local and foreign government bodies have not only been monitoring these individuals but have set up elaborate stings, as well. Whether via the CIA’s, since closed, jihad honeypot or the USAF’s recent RFP for acquiring persona management software.
Some opine the latter is for astroturfing. Doutful. Historically speaking, that is. The government’s approach to combating terrorism on the cyber front makes it abundantlly clear, at least to this writer, that they have other things in mind… a Facebook honeypot, for example.
The idea of persona management is a new word for an old hacker mainstay: sockpuppets. Though, the goal in the case of government entities, involves infiltrating cyber jihadist groups to identify and collect information in relation to terrorist threat. In fact, this approach has garnered numerous arrests over the past decade.
Arrests include but are not limited to 15 year-old Mirsad Bektasevic (aka “Maximus“), who was caught up in a 2005 Danish raid. 22 year-old West Londoner, Younis Tsouli (aka Irhabi 007) in 2007. 26 year old Moroccan, Faical Errai in 2010. 46 year-old Colleen LaRose (aka “Jihad Jane” and “Fatima Rose“) and 31 year-old Jamie Paulin-Ramirez (“Jihad Jamie“) in 2010. LaRose plead guilty on February 1, 2011 and it is yet unknown whether Paulin-Ramirez will change her “not guilty” plea for the upcoming May trial.
Persona management is however an extremely slow and arduous process. After all, the socks must not only be aged but a robust cyber profile must be developed. And the sock must interact on a regular (yet, not too regular) basis. One that only hints at routine while not looking… well… botty. After all, people are creatures of habit.
In other words, the sock must believable. Persona management software may (or not) help this process along.
At the very least, it can utilize cyber profiling to automate the sock’s interaction (i.e., posting to people’s facebook walls, clicking like/dislike buttons, commenting in various forums and on various blogs that are congruent to the sock’s published interests). At best, it can also “scrape data” which can then be fed to the great heuristic analyzer in the sky… or in this case, within the bowels of the government’s think tanks. With the goal of not only alerting them to potential terrorist threats but generating dossiers for tracking down potential terrorists. At worst, it can be construed as a gross breach of privacy that could result in inadmissible evidence in a court of law. That is, where social networking sites, such as Facebook, are concerned.
Regardless of the very real threat of terrorism, we remain faced with important issues, among which include identifying and defining how to protect ourselves from hacker jihadists without compromising ethical values. While some of these protections can certainly come from hardening the infrastructure (IDS, AVS, Sofware & Hardware firewalls) and even implementing some form of persona management software, a great deal is really no different than every day living.
That is, our safety is also dependent upon education with regard to everything from safe surfing practices and implementing new social rules that are specific to cyberspace to codifying rules of engagement within the context of “cyber war.”