Wednesday, October 10, 2007

Loose lips sink ships!

During recent interweb browsing and reading I came across the following and have to comment, it's been in the news lately but this just brought it up again for me; http://www.nysun.com/article/64163.

WASHINGTON — Al Qaeda's Internet communications system has suddenly gone dark to American intelligence after the leak of Osama bin Laden's September 11 speech inadvertently disclosed the fact that we had penetrated the enemy's system.

The intelligence blunder started with what appeared at the time as an American intelligence victory, namely that the federal government had intercepted, a full four days before it was to be aired, a video of Osama bin Laden's first appearance in three years in a video address marking the sixth anniversary of the attacks of September 11, 2001. On the morning of September 7, the Web site of ABC News posted excerpts from the speech.

But the disclosure from ABC and later other news organizations tipped off Qaeda's internal security division that the organization's Internet communications system, known among American intelligence analysts as Obelisk, was compromised. This network of Web sites serves not only as the distribution system for the videos produced by Al Qaeda's production company, As-Sahab, but also as the equivalent of a corporate intranet, dealing with such mundane matters as expense reporting and clerical memos to mid- and lower-level Qaeda operatives throughout the world.

Has the media lost all of their capability to make good discretionary decisions? Further, typically they have subject-matter experts, one would think that such experts would know better. But I suppose that it is all about the ratings and making that next buck!

While intranets are usually based on servers in a discrete physical location, Obelisk is a series of sites all over the Web, often with fake names, in some cases sites that are not even known by their proprietors to have been hacked by Al Qaeda.

Similar to a botnet etc... effectively a chain of pwned servers. This is certainly not a new concept and usage of such a concept in conjunction with services such as ToR (The Onion Router) would make tracking Obelisk users virtually impossible.

One intelligence officer who requested anonymity said in an interview last week that the intelligence community watched in real time the shutdown of the Obelisk system. America's Obelisk watchers even saw the order to shut down the system delivered from Qaeda's internal security to a team of technical workers in Malaysia. That was the last internal message America's intelligence community saw. "We saw the whole thing shut down because of this leak," the official said. "We lost an important keyhole into the enemy."

We most certainly did lose an important keyhole, ya think? If a keyhole is what you would call it. The intel received from such a source could easily help thwart future planned terrorist and military actions etc...

By Friday evening, one of the key sets of sites in the Obelisk network, the Ekhlaas forum, was back on line. The Ekhlaas forum is a password-protected message board used by Qaeda for recruitment, propaganda dissemination, and as one of the entrance ways into Obelisk for those operatives whose user names are granted permission. Many of the other Obelisk sites are now offline and presumably moved to new secret locations on the World Wide Web.

The founder of a Web site known as clandestineradio.com, Nick Grace, tracked the shutdown of Qaeda's Obelisk system in real time. "It was both unprecedented and chilling from the perspective of a Web techie. The discipline and coordination to take the entire system down involving multiple Web servers, hundreds of user names and passwords, is an astounding feat, especially that it was done within minutes," Mr. Grace said yesterday.

I agree with Mr. Grace, to an extent, it would be a feat indeed if individual personnel were involved. I think that it's also plausible to think that this network operated much like a botnet. From that perspective there could have been a simple command or series of commands that initiated the automatic shutdown or action to be taken in the event of a security breach.

The head of the SITE Intelligence Group, an organization that monitors Jihadi Web sites and provides information to subscribers, Rita Katz, said she personally provided the video on September 7 to the deputy director of the National Counterterrorism Center, Michael Leiter.

Ms. Katz yesterday said, "We shared a copy of the transcript and the video with the U.S. government, to Michael Leiter, with the request specifically that it was important to keep the subject secret. Then the video was leaked out. An investigation into who downloaded the video from our server indicated that several computers with IP addresses were registered to government agencies."

Yesterday a spokesman for the National Counterterrorism Center, Carl Kropf, denied the accusation that it was responsible for the leak. "That's just absolutely wrong. The allegation and the accusation that we did that is unfounded," he said. The spokesman for the director of national intelligence, Ross Feinstein, yesterday also denied the leak allegation. "The intelligence community and the ODNI senior leadership did not leak this video to the media," he said.

Ms. Katz said, "The government leak damaged our investigation into Al Qaeda's network. Techniques and sources that took years to develop became ineffective. As a result of the leak Al Qaeda changed their methods." Ms. Katz said she also lost potential revenue.

A former counterterrorism official, Roger Cressey, said, "If any of this was leaked for any reasons, especially political, that is just unconscionable." Mr. Cressey added that the work that was lost by burrowing into Qaeda's Internet system was far more valuable than any benefit that was gained by short-circuiting Osama bin Laden's video to the public.

I personally think that it's more than unconscionable, I dare say it's borderline treason!

While Al Qaeda still uses human couriers to move its most important messages between senior leaders and what is known as a Hawala network of lenders throughout the world to move interest-free money, more and more of the organization's communication happens in cyber space.

"While the traditional courier based networks can offer security and anonymity, the same can be had on the Internet. It is clear in recent years if you look at their information operations and explosion of Al Qaeda related Web sites and Web activities, the Internet has taken a primary role in their communications both externally and internally," Mr. Grace said.

Cheers,
JJC

No comments: