Terror on the Internet
What’s the real relationship between terrorism and the Internet? Are terrorists actually planting computer viruses, damaging corporate Web sites, and hunting around online for top-secret government information? Nobody can tell for sure. It is known, however, that there are now hundreds of sites on the Web serving terrorist groups and their supporters, and that some of these Web sites have received network services from companies located in the United States.
The existence of terrorist groups — and terrorist Web sites — is indisputable. The sites are plain to see, and the hundreds of groups running them hail from all over the globe. Examples range from the Palestinian Islamic Jihad (PIJ) in the Middle East to the Irish Republican Army (IRA) in Europe and the Colombian National Liberation Army (ELN-Colombia) in Latin America.
Some experts say that U.S. intelligence agencies are surreptitiously infiltrating “chat rooms” — or online discussion groups — on these terrorist sites.
“It’s easier to infiltrate the ranks over the Internet than face-to-face, because people cannot tell who you really are,” says George Smith, a senior fellow at GlobalSecurity.org. The program in Ohio is part of the National Academic Consortium for Homeland Security.
“I know — but only in an unofficial way — that counterterrorist agencies are monitoring many (terrorist) chat rooms and forums, and pretending to be members of the ‘clubs,’” says Gabriel Weinmann, a professor of communications at the University of Haifa in Israel.
Expert opinions differ dramatically, though, about how else terrorists might be using these sites, as well as about what — if anything — can and should be done to stop terrorists from keeping toeholds on the Web.
“On a videotape, Osama Bin Laden said that he wanted to destroy the U.S. economy. The entire U.S. economy is built on computer chips. What better way to bring it down than through cyber-terrorism?” suggests Rebecca Ehrenfeld, director of the American Center for Democracy, Internet researcher, and member of the anti-terrorism group Committee on the Present Danger.
Some, on the other hand, question the whole notion of “terrorism on the Internet.”
“There’s been a big culture of forecasting cyber-terrorism, but a lot of that’s been consigned to the funny files. During the Clinton Administration, Richard Clark used to spend a great deal of time appearing before Congress and various industry groups, telling people that terrorists would use the Internet to shut off electricity,” Smith says.
“But you can’t destroy real-world things in the infrastructure over the Internet, where you’re only dealing with software. There’s something immutable about roads and bridges,” he adds
Others hold a perspective somewhere in between. “Terrorists are using the Internet to raise money and to plan their activities. They need to do a lot of their planning online. If they’re going to make a drive into Jerusalem, they can’t hold a meeting beforehand in the West Bank,” adds Michael Lipham, a research analyst at The Robert Francis Group. Internet security is one of Lipham’s specialty areas.
In a special report prepared for the U.S. Institute for Peace, Weinmann claimed that the potential for terrorist cyber-attacks over the Internet is an “overrated” threat, and argued that policymakers and journalists should instead focus on “the numerous uses that terrorists make of the Internet every day.”
Weinmann has concluded that terrorists’ Web presences serve eight main purposes: psychological warfare; publicity and propaganda; data mining; fundraising; recruitment and mobilization; networking; sharing information; and planning and coordination.
Yet in an example of data mining, Weimann points to one Web site, operated by the Muslim Hackers Group, that runs tutorials on creating computer viruses and sabotaging computer networks. The same site has also featured links to other U.S. sites that claim to divulge sensitive data such as code names and radio frequencies used by the U.S. Secret Service.
Is information from terrorist sites actually being used to commit cyber-terrorist acts such as unleashing viruses and hacking into computer networks? Weimann, for one, draws that implication.
“The Muslim Hackers Group’s Web site offers tools only. But I guess that people who surf to this site are interested in learning about hacking. Otherwise, why would they go there?” he said.
Ehrenfeld also implies that terrorist sites could be hotbeds of hacking. “For years now, the Saudi Arabian government has been paying for people to come to the United States and study. The Saudis have also funded a number of software development firms. Terrorists use very sophisticated methods for embedding messages into their sites. So it’s not at all inconceivable that they’re spreading viruses, too,” she says‥
Some, though, are not so sure the terrorist groups actually have enough technical savvy to pull off these types of Web capers. “There are a lot of people out there on the Web who don’t seem to have the best interests of the U.S. at heart, but it’s hard to know who is — and who isn’t — a terrorist,” Smith says.
“Some people suspected as terrorists have been described in the media as adept with computers. But maybe this just means that they’re people who could work at Kinko’s — who know enough to turn on a computer and organize files,” Smith continues. “Some of them still don’t know how to stop Web sites such as Yahoo! from sticking ads at the end of their e-mails. And that isn’t very smart, because through the ads, their messages can be traced.”
What if terrorists are, in fact, using their Web sites as platforms for cyber-abuse? Debate is rampant over what to do.
Ehrenfeld cites a study by the Center for Special Studies in Israel, which shows that three U.S. companies — VONOC, Alabanza and Level 3 — have provided network services to the ISPs (Internet service providers) that run (or “host”) the PIJ’s Web sites.
Some want to see terrorist Web sites shut down. Ehrenfeld, for example, contends that U.S. Congress should enact new legislation requiring American-based network services companies to demand that their clients, the Web hosting companies, identify their customers. She would also like to see the U.S. Senate ratify the Council of Europe’s Convention on Cyber Crime.
But others, including Weimann, strongly doubt that the United States and other world governments will produce laws banning terrorist Web sites.
“This is improbable for a number of reasons: the futility of banning these Web sites; the support that terrorists find in some countries; and the unlikely establishment of an international front against terrorism on the Internet,” Weimann says.
According to experts, a breach in a network’s security is much more likely to be the work of a maladjusted teenager or a disgruntled employee than a terrorist group.