HomeFeaturesDailyBriefingsRapidReconSpecial ReportsAbout Us
World

Terror Web 2.0

The Net-Centric Operations of Terrorist Groups Today

By Guest ContributorJeffrey Carr | June 19, 2007

The latest phase of the Internet revolution, which has been widely referred to as Web 2.0, has not been overlooked by web-based terror networks. A recent study by the Artificial Intelligence Lab of the University of Arizona details precisely how these net-savvy terrorists are using the Web for fund-raising, recruitment, propaganda, logistical support, communications, training, and even cyber warfare.

The following table breaks down terrorist objectives and how they are supported by web sites and web-based features:

Table 1: How Websites Support Objectives of Terrorist/Extremist Groups1
Terrorist objectives Tasks supported by web sites Web features

Enhance communication
  • Composing, sending, and receiving messages
  • Searching for messages, information, and people
  • One-to-one and one-to-many communications
  • Maintaining anonymity

  • Synchronous (chat, video conferencing, MUDs, MOOs) and Asynchronous (e-mail, bulletin board, forum, Usenet newsgroup)
  • GUI
  • Help function
  • Feedback form
  • Login
  • E-mail address for webmaster, organization contact

Increase fund raising
  • Publicizing need for funds
  • Providing options for collecting funds
  • Payment instruction and facility
  • E-commerce application
  • Hyperlinks to other resources

Diffuse propaganda
  • Posting resources in multiple languages
  • Providing links to forums, videos, and other groups’ web sites
  • Using web sites as online clearinghouses for statements from leaders
  • Content management
  • Hyperlinks
  • Directory for documents
  • Navigation support
  • Search, browsable index
  • Free web site hosting
  • Accessible

Increase publicity
  • Advertising groups' events, martyrs, history, ideologies
  • Providing groups' interpretation of the news
  • Downloadable files
  • Animated and flashy banner, logo, slogan
  • Clickable maps
  • Information resources

Overcome obstacles from law enforcement and the military
  • Send encrypted messages via e-mail, forums, or post on web sites
  • Move web sites to different servers so they are protected
  • Anonymous e-mail accounts
  • Password-protected or encrypted services
  • Downloadable encryption software
  • E-mail security
  • Stenography

Provide recruitment and training
  • Hosting martyrs' speeches, stories, multi-media that are used for recruitment
  • Using flashy logos, banners, cartoons to appeal to sympathizers with specialized skills & similar views
  • Build massive and dynamic online libraries of training resources
  • Interactive services (games, cartoons, maps)
  • Online registration process
  • Directory
  • Multi-media
  • FAQ, alerts
  • Virtual community

The Pentagon has recently announced that it monitors over 5,000 jihadist sites and keeps a close watch on the top 100 most active and hostile. The European Union launched its "Check the Web" portal in May, 2007, which is a Europol (European Police) resource that all 27 member states can contribute intelligence to. In spite of these efforts, and those conducted by the U.S. Intelligence Community, there are a number of obstacles that confound our ability to find, capture, and evaluate this data.

For one, conventional search engines like Google only crawl and index a tiny amount of the data on the Web; typically the first 101k of a web page. The key words entered into Google's search window are run against the indexed data in Google's massive data stores, rather than the Web itself. For another, terrorist websites may utilize other means to make themselves invisible to web crawlers, including (but not limited to):

  • Password-protected pages
  • Noindex metatag
  • Firewalls
  • Relational databases
  • Spider traps
  • Real-time content

Most researchers involved in the study of the Terror Web understand the limitations of public search engines and resort to the manual collection, storage, and analysis of web content. Qin (Qin et al 2007) points out that a manual form of collection and analysis is very limiting, and that as of November, 2006, almost no studies have been done (Qin et al 2007) which analyze the level of technical sophistication as compared to mainstream organizations.

The Terror Web's capability for cyber warfare was recently demonstrated by the Denial-of-Service attack launched against the government of Estonia, which was a collective world-wide effort by a group of Russian nationalists to disrupt and cripple Estonia's Internet resources. The attack was successful, and required nothing in the way of sophisticated equipment or specialized knowledge. The sheer number and size of bot networks is hard to measure but recent FBI activity, such as Operation Bot Roast, suggests that potential victims of botnet activity could number in the millions. These are just the networks that law enforcement can identify.

It is important to understand that Western governments are fighting a desperate battle to get a handle on these developments. While both service-specific and joint doctrine on how to fight in cyberspace exists, the institutions, policies and procedures necessary to overcome cyber-based terrorist attacks face numerous challenges. Many of these are simply bureaucratic in nature while others are clearly linked to the infrastructure limitations and security measures levied on defense and intelligence agencies. The sooner such limitations can be overcome, the sooner we can effectively counter terrorism in cyberspace.

Thanks to an increase in terrorism research funding made available by various government agencies, there is a growing body of work available from institutions such as RAND, the Centre for the Study of Terrorism and Political Violence at St. Andrews University, Scotland, The Center for Strategic and International Studies (Washington, D.C.), and the Dark Web Project at the University of Arizona, which recently published "Mapping the contemporary terrorism research domain" in October, 2006.

Jeffrey Carr participated in law enforcement and intelligence gathering activities with the U.S. Coast Guard until 1980. Today he is an information architect for analyst software, and writes about Data Fusion and Geospatial Intelligence at his blog www.IntelFusion.net.

5 Comments

Thanks Jeff, this is great! I'm forwarding a link to this TW entry to some of my local contacts (even though they should already be aware of such things) as a "must read." I've been watching this area recently, after getting involved in a fusion project, and then being exposed to the work of Aaron Mannes on the Semantic Web. A short descriptive paper of his can be found here. I have found alot of the work being done at the MINDLAB at the University of Maryland to be fascinating.

NOTE: Mannes also writes for the Counterterrorism Blog.

This sort of research can have two purposess. The stated one is to combat terrorism. There is another aim too and that is to monitor Google, hide information from the public, belittle their critics and create a disinformation campaign.

When a stealth aircraft flew over Phoenix the Pentagon treated the inhabitants to a lifesize model of a little green man.

Glad you found the article informative, Jay. In addition to MINDLAB, check out the University of Maryland's START program.

Also, if you're interested in the Semantic Web, you'll love what the University of Pittsburg is doing with CERATOPS.

While I've been involved in security technology and policy for a while, I'm a relative "newbie" to IT security. Clearly, you are on that wavelength. My exposure to the MINDLAB has been as a result of some work I've done in data fusion with a friend in Maryland (I'll check on the START program).

My limited exposure to Mannes' work led me to begin to understand (at least try to) how dynmamic the web has become and how the sifting and analysis of information has become so sophisticated. That is relates to counterterrorism brings it all within one circle for me.

The points that you and Michael have recently made are that this enemy, especially as embodied by al Qaeda, is eduated and sophisticated. If they aren't up with us, they aren't too far behind. The disclosure a few months ago of the "mujahadine secrets" Arabic encryption is another example.

I could even argue that the level of sophistication of the Web 2.0 environment may even impact on responses to disasters and attacks, and even to the public-private partnership aspects of those responses and understanding of the various interdependencies (this is another area of my interest - trying to finish a piece on P3 now, but "the day job" is intruding).

I was involved in network management for a number of years, this included network security. Why are there not more training programs available?