April 10, 2006

Countering the Cyber Jihad: Cyber Privateering Part II

It's time we took the cyber jihad seriously. It has become obvious that the U.S. government is ill equippied to deal with the problem If we cannot win the cyber war, we cannot win our war against Muslim ideologues bent on creating the Islamic utopia by any means necessary.

Why is the U.S. government unable to respond adequately to the cyber jihad?

a) They are still in law enforcement mode.

Unless an internet website is breaking the law, no action is taken by the government. However, if we are in a war, then the normal rules do not apply. We cannot treat terrorist forces on the web as if they were simply exercising some Constitutional right of free speech. If this is a war, then fight it like one. If you can kill your enemies in war, then certainly censoring them is justified.

b) Intelligence agencies lack the institutional know-how to fight the online jihad.

Traditionally, intelligence agencies such as the NSA and CIA have been the information gathering arm of the U.S. government. Such intelligence is used by other agencies to act. They may monitor jihadi websites, but they obviously are not acting on their information.

Occasionally they do act, but when they do --such as with the arrest of Irhabi 007--they are in law enforcement mode. Irhabi 007 was charged with a crime, but if using the internet to wage war upon your own country is a crime, then doesn't this reveal the underlying problem of not treating this as a war?

c) The military lacks the tools to fight the internet jihad.

If this is war then it is the military--not the intelligence agencies such as the CIA and NSA, and not the law enforcement agencies such as the FBI -- that ought to be fighting it. The military is great at doing a lot of things, but taking down websites is not one of them. Even if we could identify each and every web server which hosts terror websites, the solution is not bombing the webhosts. For the most part, companies either are not aware that terrorists use their services or they do not care because there are no real consequences to doing business with the online jihadis.

The solution? There is no government solution. The only people really equipped to counter the online threat are hackers themselves. These cyber pirates have the necessary knowlege, tools, and experience in infiltrating and taking down websites. With minimum investment in equipment, with the assurance that they will not be prosecuted for activities which are normally considered illegal, and with the promise of a reward for each website taken down, these cyber pirates would be turned into cyber privateers. There skills which are normally deemed socially unacceptable, can be used to the advantage of winning the long war against militant Islam.

I will be posting on cyber-privateering from time to time. Stay tuned!

Michael B. Kraft at the Counteterrorism blog has some notes on Professor Gabriel Weimann's new book Terror on the Internet:

Prof. Weimann also describes various efforts by private groups or individuals to take down the web sites of terrorists –and the back and forth efforts between Israelis and Palestinians or their supporters to take down each other’s websites. He also discusses the efforts, largely futile, by governments to deprive terrorist groups of service providers because they jump to other providers or conceal their origin.

Hoffman emphasized another side of the coin—the need to take the offense as well as play defense. He said the United States and friendly governments should do more to make use of the internet get across reliable news and counter what he called the ”parallel world” in which terrorists and their supporters receive distorted perspectives and rumors on their web sites.

This may take more nimbleness and sophistication than US Government public diplomacy efforts have shown in recent years. But it is time to act and think outside the conventional box and should be given high priority. [READ THE REST]

To effectively counter the cyber jihad, it will take much more than public diplomacy. I will have more on this in the future.

Posted by: Rusty at 09:03 PM | Comments (8) | Add Comment
Post contains 703 words, total size 5 kb.

1 jeez, Just imagine if instead of learning about a terrorists by following him, photographing him, finding out who is friends, and contacts are, the CIA just walked behind them and dropped them with a nine in the skull. Then they would be a dead terrorist -- we wouldn't know anything about them, their skills, operations, people they mixed with but he'd be dead right, and everyone can feel better. These people talk on these boards, and they're an intelligence goldmine if not only their ability to out the extremists that visit them, and the people uploading to them. Why would you want to remove them? it's paramount to the above scenario. I myself, am a network security analyst, and I know quite a lot of people that are involved in finding exploitable conditions in software, and publishing advisories, you'd be happy to know some of the same people that released remote exploits for Microsoft Windows, and several high profile UNIX daemons consult for several three letter agencies. if they wanted in. they'd be in, and that is all I pretty much want to discuss on that topic.

Posted by: davec at April 11, 2006 12:52 AM (CcXvt)

2 True, davec, but if we don't stop monitoring them and start killing them, we're going to be in big trouble soon. The first step should be to round up and deport every muslim in the country, and then go kill them in whatever hellhole we've deported them to.

Posted by: Improbulus Maximus at April 11, 2006 06:37 AM (0yYS2)

3 We've "monitored" Hamas since its inception. We still "monitor" Hamas. When are we going to do something about all the Hamas websites, Hamas "charities", Hamas fundraising, Hamas leaders? Now, of course, it's too late. They govern a strategically significant piece of land. Question: When do you stop monitoring and start disrupting?

Posted by: Asgerd at April 11, 2006 07:26 AM (zGx/I)

4 Asking hackers to take down pages, they would face criminal charges for inside the United States is a stretch, especially as some of the Jihadi websites are located inside Europe, and the U.S does comply with the E.U laws. The U.S has even arrested foreign programmers on U.S soil in order to comply with the DMCA, at DefCon one of the largest gatherings of Hackers/security professionals in Vegas each year a russian programmer was arrested for violating the DMCA: programmer arrested This isn't an isolated event, the problem is worse, when you think that 98% of all web defacements are done by unskilled morons, using programs, who couldn't even target the right sites. A good example of this is when "WoH" defaced a anti-terrorism thinktank that lost employees in the September 11th attack, because it had the word "terrorist" in it's website domain name. The U.S military does take cyber-warfare very seriously, just because it's not on the frontpage does not mean the U.S has neither contingency plans to thwart it, or the ability to use it: cyber warfare moving from monitoring to action, is a good question -- however who is to say it isn't already happening? you have already seen the arrest of the London hacker, and the person in Iraq running the media arm for Al-Qaeda. I am sure we'd like to hear how this particular battle is being fought, however I'm sure you'd have the ACLU suing to find out every ISP the U.S has tapped, compromised or attacked within a week, I personally prefer hearing no details rather than having it layed out on the front pages of the Washington Times.

Posted by: davec at April 11, 2006 10:40 AM (CcXvt)

5 davec: In other words, it might be better to leave them up and running at least long enough to trace them?

Posted by: Oyster at April 11, 2006 02:02 PM (SlypO)

6 Given the tone of my comments, I'm probably being monitored too, which, considering the government's track record of violence against its citizens, probably means they'll come after me before any muslims who are plotting death to innocent people. They apparently think that citizens won't shoot back. They're wrong in this case if that's what they think.

Posted by: Improbulus Maximus at April 11, 2006 02:10 PM (0yYS2)

7 Oyster: hold on, I'm about to get a bit technical. Not only are these boards a goldmine in regards to tracking, and tracing who goes there, and participates, but the servers themselves contain a lot of valuable information. if they are being penetrated there is extremely valuable intelligence upon them, from the basic: server logs, every webserver in it's default state logs connections: ip address, browser type, page names with a date and time stamp -- to the advanced: some of the terrorists are using encryption like pgp (pretty good privacy) and stenography (ability to embed messages inside pictures) which without knowning the NSA's ability to reverse -- is often estimated to take longer than the life of the universe to break. However if I compromise the server, and create backdoors, for example replacing the pgp program with a backdoored version which logs fopen() [file open] fread() fwrite() [read/write] the jihadi's will be using their encryption with no idea their security is compromised, which would mean they are writing their messages freely, and I would be able to see everything they read or wrote that they believed to be securely encrypted. contrast that, with taking them offline -- which lasts about 30 minutes until they find another free account to host it again -- which may take me days to find again. This is the tip of the iceburg, and I really have not discussed the techniques in detail, nor do I have any interest in doing so.

Posted by: davec at April 11, 2006 02:50 PM (CcXvt)

8 Belive it or not, I actually followed that, Dave! Electronic trails are as abundant as paper trails if exploited correctly. The FBI caught a guy a few years ago who mailed in a clipped picture of a website's map to police pointing out where his victim's body was and they traced him through the website's recorded IPs of its visitors to where he accessed the map from, then went to his house and handcuffed him.

Posted by: Oyster at April 11, 2006 03:17 PM (SlypO)

Hide Comments | Add Comment

Comments are disabled. Post is locked.
26kb generated in CPU 0.0121, elapsed 0.1005 seconds.
118 queries taking 0.0938 seconds, 243 records returned.
Powered by Minx 1.1.6c-pink.

Search Thingy



Recent Comments

  • dage e thanks to to Ralph Lauren Paris to the 1996 Summer Olympics and since then has been many retiree... entry
  • Mary Box You can't be 11685 serious?!? entry
  • Caty Tota You guys are the 56452 best, thanks so much for the help. entry
  • tracy coyle Exactly how big is the step required from the Ward Churchills to the 20-something terrorist wannabe?... entry
  • jesusland joe And this surprises anyone. Hell, I predicted this years ago. I keep trying to tell you that Islam an... entry
  • greyrooster More proof that we should not allow these dorks to immigrate here. Stay in their own screwed up coun... entry
  • Jester The pentagon is a good place to establish an AQ cell. entry
  • Vinnie, Editor In Chief Pro Tempore IM was never banned. entry
  • Leatherneck I am pretty sure I.M. who appears to have been banned, warned everyone this type of ROP example woul... entry
  • Milf Lessons Hey bro! Nice blog :P /s entry

Categories

Archives

Blogroll

Sample link

Monthly Traffic

  • Pages: 37992
  • Files: 367
  • Bytes: 531.1M
  • CPU Time: 77:06
  • Queries: 3718454

Content

  • Posts: 5690
  • Comments: 76633

Feeds


RSS 2.0 Atom 1.0