Terror Suspects Hone Anti-Detection Skills
Simple Codes, Remote Sites, Internet Phone Calls Among Means Used to Foil High-Tech Surveillance

By Craig Whitlock
Washington Post Foreign Service
Saturday, January 5, 2008

MILAN, Italy -- In an age of spy satellites, security cameras and an Internet that stores every keystroke, terrorism suspects are using simple, low-tech tricks to cloak their communications, making life difficult for authorities who had hoped technology would give them the upper hand.

Across Europe, al-Qaeda operatives and sympathizers are avoiding places that they assume are bugged or monitored, such as mosques and Islamic bookshops, counterterrorism experts said. In several cases, suspects have gone back to nature -- leaving the cities on camping trips or wilderness expeditions so they can discuss plots without fear of being overheard.

In Britain, a man who called himself "Osama bin London" is among five people being tried on charges of operating terrorist training camps in remote areas, sometimes under the guise of paintball fights in the woods. The camps' participants included four men who later tried to set off backpack bombs on the London transit system on July 21, 2005.

In a separate case in London, a Ugandan immigrant is scheduled to go on trial this month on charges of receiving terrorist training in the New Forest, site of a former royal hunting ground established in the 11th century by William the Conqueror.

And in Germany, three Islamic extremists suspected of plotting to bomb U.S. targets in September were arrested after police tracked them to the hilly resort village of Oberschledorn. Investigators said the suspects had rented a vacation home where they could stash ingredients for making explosives.

Overall, terrorist cells around the world have become noticeably more skilled at avoiding detection, European counterterrorism officials and analysts said in interviews. For instance, operatives now commonly use Skype and other Internet telephone services, which are difficult to trace or bug.

At times, they have displayed a flair for creativity. Defendants convicted last April in a plot to blow up targets in London with fertilizer bombs communicated via chat rooms on Internet pornography sites in an effort to throw investigators off their trail, according to testimony.

Terrorism suspects are "certainly more careful," said Armando Spataro, the deputy chief public prosecutor in Milan. "They know we will intercept their conversations and track their mobile phone traffic."

In November, police in Milan announced they had broken up a long-standing network that had recruited suicide bombers to go to Iraq and Afghanistan. The investigation was based largely on a massive wiretapping effort by Italian police and resulted in the arrest of 20 suspects in Italy, England, France and Portugal. But the case took four years to build, in part because the targets assumed police were watching and eavesdropping on them.

Wiretap transcripts and other court records show that the cell of North African immigrants tried hard to blend into Italian society, working regular jobs, sending their children to public schools and taking pains not to appear unusually religious. When they did talk on the phone, they often adopted a roundabout or obtuse manner that masked their real meaning.

"You have to understand that there are some things everybody has to be careful about," Sabri Dridi, 37, an alleged captain in the Milan-based network, lectured one of his co-defendants in a call that he hinted, correctly, was being recorded by police. "Even going to visit a friend or relative can be suspect. You have to do things so that they don't notice you, because if they see somebody moving around all the time, they can really make things difficult."

Often, suspects use simple, homemade codes in their exchanges. In a trial in the German city of Kiel, a Moroccan-German man charged in a separate case with recruiting suicide bombers to go to Iraq revealed in testimony in November some of the rudimentary ciphers that he and other cell members used in Internet chat forums.

"Taxi drivers," Redouane el Habab said, referred to suicide bombers; explosives were "dough." Anybody who had to go to "the hospital," he added, had been taken to jail, while those visiting "China" were really attending training camps in Sudan.

Experts said the codes may not appear sophisticated at first glance but can be time-consuming to crack, especially if the targets are conversing in Arabic.

In September 2005, a British court convicted Andrew Rowe, a Jamaican convert to Islam, on terrorism charges after authorities found a secret code book in which he gave double meanings to the brand numbers of Nokia phones.

Pretending to be a traveling cellphone salesman, Rowe would use "Nokia 3310" to refer to money, "Nokia 3410" to signal potential trouble from the police and "Nokia 3610" as code for weapons. Rowe received a 15-year prison sentence, even though prosecutors and police said his precise plans remained a mystery.

"They are very creative on this front. It is one of the most interesting dimensions in this cloak-and-dagger war on terrorism," said Magnus Ranstorp, a terrorism analyst at the Swedish National Defense College . "They are incredibly aware when they use any electronic means to communicate that they can be monitored by the intelligence services all over the world, not just Europe."

Coded language was also cracked in the FBI investigation of Jose Padilla, the Brooklyn-born al-Qaeda follower who was convicted last August of conspiracy to commit murder.

According to prosecutors, Padilla and two co-defendants were bugged for years by the FBI, which eventually concluded that their frequent mentions of "eggplant" and "zucchini" were really references to weaponry and ammunition.

In Germany, police said they were taken aback by some of the tactics employed by the three-member cell that was charged in September with plotting to bomb American targets. To communicate with operatives in Pakistani training camps, cell members rarely used the same computer more than once, sometimes driving more than 100 miles to find a new Internet cafe.

Other times, they cruised through randomly picked neighborhoods in search of unsecured wireless connections, all in an effort to make it more difficult to monitor their e-mail traffic and Web searches, police said.

The cell was traced only after U.S. intelligence officials noticed suspicious electronic communications originating in Pakistan, counterterrorism officials said. Police said they later determined that the suspects had received anti-surveillance training in Pakistan.

"It's one thing to follow the foot soldiers or the ones recruited to be suicide bombers; they're often not very smart," said Rolf Tophoven, an analyst at the Institute for Terrorism Research and Security Policy in Essen, Germany. "But it's different with the elite ones, the clever guys who are Internet experts with white-collar jobs, sitting behind a desk. They are very sophisticated professionals who are able to counter the surveillance of the intelligence agencies."

The cat-and-mouse game has evolved in recent years as technology advances.

In March 2003, U.S. and Pakistani intelligence agents captured Khalid Sheik Mohammed, the lead planner of the Sept. 11, 2001, hijackings, after U.S. and European investigators traced a cellphone chip he had acquired from Switzerland.

The prepaid chip, or SIM card, was purchased anonymously, but European intelligence officials traced calls to it from a suspected terrorist in Germany and later determined that it was being used by Mohammed. He was caught even though he practiced extreme caution in his telephone habits; he rarely used the same cellphone more than once and had others take calls on his behalf, but he tripped up by relying on the same chip.

Since then, al-Qaeda operatives have tended to use chips only once or twice before throwing them away and have turned to Internet telephone services such as Skype, which are extremely difficult to monitor. One senior Italian counterterrorism official, speaking on condition of anonymity, expressed strong frustration that Skype had been invented.

Italian authorities are among the most skilled in Europe at monitoring telephone traffic. According to information made public in court cases, they employ a technique known as "funneling" to trace all cellphone calls made in the country during a certain period of the day or to another country or specific geographical region.

"Unfortunately, the technology changes so quickly that we're always playing a catch-up game," the senior Italian official said. "The bottom line is that we'll have to work more and more with human sources."

Other Italian officials, however, said the trackers would always have one important advantage: Because conspirators must communicate, they will always be vulnerable to eavesdropping in some form.

"Many times I ask myself, how is it still possible to obtain important information if the suspects know we can do this?" said Spataro, the deputy chief public prosecutor in Milan.

The answer, he said, is that "as members of a criminal association, they have to speak, they have to communicate with each other, they have to make plans."

View all comments that have been posted about this article.

© 2008 The Washington Post Company