Cybersecurity and Cyberwar (18 page)

The Internet revolution has allowed terrorist groups to obscure their operations in new ways that complicate the old ways of thinking about threats. Terror groups, eerily like the rest of us, value the Internet for its reliable service, easy terms, and virtual anonymity. The Taliban, for example, ran a propaganda website for over a year that kept a running tally of suicide bombings and other attacks against US troops in Afghanistan. And yet the host for the website was a Texas company called ThePlanet that rented out websites for
$70 a month
, payable by credit card. With some 16 million accounts, the company wasn't aware of the Taliban site's existence and took it down once notified by authorities.

And even when these sites are discovered and taken down, what we know and love about the Internet's structure works to these groups' advantage. Osama bin Laden's very last video before his death was simultaneously uploaded onto five different sites. And while counterterrorism agencies rushed to take them down, within one hour the video had been captured and uploaded by over 600 sites. Within a day, the number of sites hosting the video had doubled once again.

For terror groups, Internet communication does more than just create new connections and spread viral ideas; it also maintains old ones much in the same way that the rest of us use social networking to keep in touch with high school friends. Here, too, the relative anonymity and shrinking of distance that cyberspace allows are valuable advantages. Anarchist groups in the 1800s, the progenitors of many of the terror groups today, sent secretly coded messages by post and had to wait months for a reply. Today, a group can link members continents away instantaneously. All of the 9/11 attackers, for example, had Hotmail accounts, and they were thought to have coordinated through notes left in the guestbook section of a website run by the brother-in-law of one of
Osama bin Laden's lieutenants
.

Where cyberspace has had perhaps the greatest impact is in the sharing of knowledge in new and innovative ways. Some organizations take advantage of this for the positive, like the Khan Academy, which has allowed children around the world to learn math and science via online tutorials. But terrorists have also spread their peculiar type of knowledge, or what security experts call “TTPs” (short for tactics, techniques, and procedures), in ways not possible before. The recipes for explosives are readily available on the Internet, as
are terrorist-provided designs for IEDs for use across conflict zones
from Iraq to Afghanistan
. This diffusion of terror teachings has been hugely important as these groups have found fewer and fewer training spaces free from global drone strikes.

The transfer of knowledge is not just about the “how” of a terror attack, but also the “who” and the “where” on the targeting side. Groups use cyberspace as a low-cost, low-risk venue to gather intelligence in ways they could only dream about a generation ago. For example, no terrorist group has the financial resources to afford a spy satellite to scope out targets with pinpoint precision, let alone the capability to build and launch one into space. Yet Google Earth worked just as effectively for Lashkar-e-Taiba, a Pakistan-based terror group, when it was planning the 2008 Mumbai attacks.

As in other areas of cybersecurity, we have to be aware of our own habits and uses of the Internet and how such bad actors might take advantage. In 2007, US soldiers took smartphone photos of a group of new US Army helicopters parked at a base in Iraq and then uploaded them to the Internet. The helicopters weren't classified and the photos showed no seemingly useful information to the enemy. But the soldiers didn't realize the photos also included “geotags,” which revealed where the photographers had been standing. Insurgents then used these geotags to pinpoint and destroy
four of the helicopters
in a mortar attack. Experts now use this example to warn people to be more careful about what they share when engaged in an important activity. “Is a badge on Foursquare worth your life?” asked Brittany Brown, social media manager at
Fort Benning, Georgia
.

A growing worry is that groups may fully exploit social networking to locate better targeting information, and not just for geographic targets, but human ones. After the bin Laden raid in 2011, an American cybersecurity analyst was curious as to what he could find out about the supposedly super-secret unit that carried it out. He told us how he was able to find twelve current or former members' names, their families' names, and home addresses. This was not a matter of leaks to the press but rather through a series of social networking tricks. He identified one member of the raid team from a website photo of his SEAL training class, and another after he located an online image of a person wearing a SEAL team T-shirt with a group of friends and then tracked down those friends.
Using these same tactics, he also found the names of FBI undercover agents and, in another case, two married senior US government officials who were participating in a swinger site (and thus vulnerable to blackmail).

The analyst carried out the exercise to warn these targets to beware that there was more about them on the Internet than they thought, a useful reminder for us all.

“It seems that someone is using my account and is somehow sending messages with my name… The dangerous thing in the matter is that they [those replying to what they thought was a genuine e-mail] say that I had sent them a message including
a link for download
, which they downloaded.”

We can all empathize with this fellow. Many of us have received similar warnings from friends or family that someone has hacked their account and to beware of suspicious messages. The difference is that the individual complaining about being hacked in this case was “Yaman Mukhadab,” a prominent poster inside Shumukh, a supposedly elite, password-protected forum for radicals. Before he sent out his warning to the forum, the group's agenda had included assembling a “wish list” of American security industry leaders, defense officials, and other public figures
for terrorists to target and kill
.

Mukhadab's cyber hardships illustrate that technology is a double-edged sword, even in the cyber realm that otherwise seems to be perfect for terrorists. Consider how much better and faster the Internet is today for terrorists wanting to communicate versus the experience of their 1800s forebears, who had to use snail mail to plan bombings. Yet, just as the mail of the past proved a liability for nineteenth-century anarchists once police learned to track them down by searching their correspondence, so too can today's terrorists' online activities shift from an advantage to a vulnerability.

A new debate has emerged in recent years, with some arguing that in lieu of playing a never-ending game of whack-a-mole, trying to track and then shut down all terrorist use of the Internet, it might be better to let the groups stay. “You can learn a lot from the enemy
by watching them chat online,” said Martin Libicki, a senior policy analyst at the
RAND Corporation
, a nonprofit research organization.

The point is that the advantages of cyberspace for terrorism can be equally useful for counterterrorism. The Web has aided terrorist groups by acting as both a Rolodex and playbook. But those on the other side of the fight have access to the same Rolodex and playbooks.

The networking effects of cyberspace, for instance, allow terrorists to link as never before, but they also allow intelligence analysts to map out social networks in unprecedented ways, providing clues about the leadership and structure of terrorist groups that would otherwise be impossible to gain. The world learned just how powerful some of these tools can be from documents leaked by NSA contractor Edward Snowden in 2013, detailing how US intelligence agencies and their allies engaged in online surveillance of an unprecedented scale. The approach was to monitor as much Internet traffic as possible, with a particular goal of collecting what is known as “metadata.”

Essentially data about the data itself, metadata is information that describes the nature of communication, rather than the content. In traditional telephone surveillance, for example, this would simply be a record of what phone number called another phone number at what time, as opposed to what was said on the call. In the cyber era, metadata is far more complicated and thus far more useful. It includes information about geographic location, time, e-mail addresses, and other technical details about the data being created or sent. When this data is gathered together from sources around the world, sophisticated algorithms can be used to connect dots and reveal new patterns, as well as track individual devices, even when the user is trying to hide her identity. The effort was designed to help find links between terrorists. But the NSA programs controversially entailed collecting such information on the online activities of millions of non-terrorists. Think of it as trying to find a needle in a haystack, by collecting the entire haystack.

Online efforts can even be used as a means to pinpoint those not yet linked into terror networks, such as those pondering joining extremist groups or engaging in the sort of “lone wolf” attacks that have become more prominent in recent years. For instance, in 2008 and 2009 US intelligence agencies reportedly tried to attack and shut down the top terrorist propaganda websites on the anniversary of
9/11, in order to delay the release of an Osama bin Laden video celebrating the attacks. In 2010, however, they took a different tack. As
Wired
magazine reported, “The user account for al-Qaida's al-Fajr media distribution network was hacked and used to encourage forum members to sign up for Ekhlaas, a forum which had closed a year before and
mysteriously resurfaced
.” The new forum turned out to be a fake, an online spiderweb entangling would-be terrorists and their fans. Similarly, while the Internet might spread potential terrorist tactics, defenders can also gain crucial insight into which tactics are taking hold and need to be defended against.

And, of course, one doesn't have to just watch but can also engage in cyberattacks against the terrorists. One known example (we only want to talk about the cases the terrorists already know about!) is using the terrorists' own computers to spy on them. This is what happened to Yaman Mukhadab and to the Global Islamic Media Front (GIMF), a network for producing and distributing radical propaganda online. In 2011, it had to warn its members that the group's own encryption program, “
Mujahideen Secrets 2.0
,” actually shouldn't be downloaded because it had been compromised.

Just as cyberattacks don't always just seek to breach a network to gain information, cyber counterterrorism can change information inside a terrorist's networks. This might include playing a cheeky game of propaganda. In 2010, the terror group Al-Qaeda in the Arabian Peninsula (AQAP) issued “Inspire,” an English-language online magazine designed to draw in recruits and spread terror tactics. Their first issue was reportedly hacked by British intelligence agencies, who replaced the terrorist “how to” pages with a cupcake recipe. Or the corruption of information might flip the idea of cyberterrorism on its very head. In one case, online bomb-making instructions were changed so that the attacker would instead blow himself up during the construction of the device.

What's notable about these online counterterror efforts is that, as with the rest of cybersecurity, governments are not the only players. Nonstate “hacktivism” has even played an important role in policing the Web. Jon Messner, for instance, is a private citizen from Maryland, who took down al-Neda, an al-Qaeda site. Fighting terrorism online is a hobby for Messner, though. His day job is running an Internet pornography business, being perhaps best known for originating the “
housewife next-door
” genre. It's yet another
illustration of how the Internet isn't ungoverned, but rather is self-governed in strange and fascinating ways.

Cloud computing, the concept of delivering computing resources remotely over a network, is both a multibillion-dollar industry and a growing field that many believe is key to the future of the online world (as we'll explore later on). But for three days in 2011, the Dutch government threatened to undermine the new era of cloud computing, all in the name of human rights.

Taking issue with American laws that gave the US government access to any data stored on computers controlled by American companies, the Dutch Minister of Safety and Justice threatened to deny any American firm the ability to offer cloud-computing services to the
Dutch government in 2011
. Yet if no country was willing to let its data be held by a foreign company for fear of government surveillance, the transformative power of cloud computing to store and distribute data globally would be severely undermined. The Dutch ultimately backed down, but these calls have been echoed even more sharply around the world following the disclosure of certain NSA surveillance practices in 2013. Such episodes highlight a key tension: How do we balance the need for security with the importance of privacy and free expression?

Often couched in the language of human rights, the term “Internet freedom” centers on the idea of online free expression and the right to access the Internet as a means of connecting to others around the world. This idea builds on political rights granted well before the cyber age, like those in the 1948 Universal Declaration of Human Rights and the 1966 International Covenant on Civil and Political Rights “that guarantee the right to seek, receive and impart information and ideas through any media and
regardless of frontier
.”

As the world moved into the digital age, democratic states argued that the online world wasn't just structured with a democratic ethic in mind, such as through the governance models we discussed in
Part I
; it also had to respect rights in the same spirit. This became a major part of former US Secretary of State Hillary Clinton's agenda, when she argued that our basic human rights must include
cyberspace, since “people are as likely to come together to pursue common interests online as in
a church or a labor hall
.”