By Yuki Noguchi and Sara Kehaulani Goo
Washington Post Staff Writers
Thursday, April 13, 2006
Terrorist groups, which for years have used the Internet and its various tools to organize and communicate, are paying more attention to addressing security and privacy concerns similar to those of other Web users, counterterrorism experts say.
The Internet has long been a convenient gathering place for radical Islamists advocating violence against Western influences, known as jihadists. Through online chat, e-mail and Web postings, communities of people have relied on one another for advice, political debate, even movie reviews and biographical information on suicide bombers and religious leaders.
Recently, postings on jihadist Web sites have expressed increasing concern about spyware, password protection, and surveillance on chat rooms and instant-messaging systems.
One forum recently posted a guide for Internet safety and anonymity on the Internet, advising readers of ways to circumvent hackers or government officials.
"The Shortened Way of How to be Cautious; To the User of the Jihadi Forums, In the Name of Allah, the most Gracious and Merciful" was posted last month by an al-Qaeda-affiliated group calling itself the Global Islamic Media Front and was translated by the SITE Institute, a group that tracks international terrorist groups.
The posting advised Internet cafe users to set up a proxy -- a software program that erases digital footsteps such as Web addresses or other identifiable information -- before Web surfing. "I advise you to carry this program in your e-mail and it should be with you anywhere you are," it said.
"There's a lot of things like that," said Evan Kohlmann, a consultant on international terrorism. Last month, Kohlmann said, he found a jihadist Web site posting pirated McAfee anti-spyware software, which the site encouraged users to download to avoid monitoring. "Technology is as much a part of their lives as it is part of our lives."
Google Inc. and its growing arsenal of powerful software tools, for example, are both a boon and a bane for terrorist technologists who are increasingly wary that the programs might be turned against them to gather information about their activities. One of the jihadist Web sites cautioned its readers to "Beware of Google!!!" with specific warnings about its relatively new product Google Toolbar. The posting cited another technology blog that said the tool could be configured to operate like spyware, finding data on computers remotely.
In recent months, Google Video has also become a favorite tool among jihadist groups for uploading and accessing videos, said Rita Katz, director and co-founder of the District-based SITE Institute.
Microsoft Corp. and Yahoo Inc. declined to comment on their policies. Bruce Hoffman, a terrorism expert at the nonprofit research group Rand Corp., said that such postings indicate that electronic communication is still popular among terrorists but that they must constantly keep up with ways to avoid leaving electronic tracks.
"This kind of tradecraft is essential to survival," Hoffman said. They know the authorities are using wiretaps and monitoring satellite phones, so they are constantly trying to come up with ways to go around it, he said. When terrorist groups learned that the National Security Agency could track electronic communication only when it was in transit -- not when it was sitting in an inbox -- users started drafting messages in free e-mail accounts, then allowing others to log in to the accounts and read the drafts. No message ever had to be sent. "I would be surprised if this kind of electronic communication is diminished," Hoffman said. "They are just going to greater efforts to obfuscate it. They are hoping that with the volume of e-mail traffic, if they take the appropriate precautions, they can [communicate] undetected."
Like mainstream Internet users, terrorists have varying levels of technology knowledge, and plenty of other Web sites offer more prosaic advice for basic users.
"If an e-mail address ends with .sa, then this e-mail is registered [in] Saudi Arabia and can never be secure, and Saudi authorities can reach it at any time," said one recent posting, according to translations provided by SITE. The guide advocated, instead, use of anonymous accounts through Microsoft's Hotmail or through Yahoo. "It is preferable to use long and difficult passwords, and that it should be changed every now and then," the posting said.
Increased sophistication among users creates a kind of cat-and-mouse game between terrorists and law enforcement, experts said.
Chatter on jihadist Web sites often provides an important tactical and cultural window into how these group members think, communicate and coordinate, Kohlmann said. Shutting each site down would be almost impossible, and potentially counterproductive to U.S. homeland security interests, he said. But communications have become so vast, with so many outlets and in so many forms, it has also become increasingly difficult for government agencies to monitor it all, he said.
There is no evidence that Internet companies such as Google, Yahoo and Microsoft have cooperated with federal spy agencies to monitor terrorist communications. But privacy groups point out that it would be fairly easy for the federal government to subpoena any of these companies' records or issue a national security letter to them, essentially requiring them to turn over the data. In those instances, the companies would be precluded from disclosing publicly what they turned over to federal officials.
Yahoo and Microsoft's MSN are quiet about how much user data they save, and for how long, but Google makes clear that it wants to store more and more user data on its servers, said Daniel Brandt, founder of a privacy-advocacy Web site called Google Watch.
"From a jihadist perspective, they are absolutely right. They should avoid Google like the plague," Brandt said.
Staff researcher Julie Tate contributed to this report.