June 8, 2011:
British intelligence (MI6) recently hacked into al Qaeda's online magazine ("Inspire") and quietly replaced bomb making instructions with cupcake recipes, and removed or modified other information. While some intelligence officials prefer to hack hard and shut down these sites, outfits like MI6 and the CIA prefer to use sites like Inspire as a source of intelligence. This can be done by monitoring message boards, traffic to the site and other, more technical (but useful) information. The CIA has been suspected of doing what the MI6 did to Inspire, but using more subtle and lethal methods. For example, bomb making instructions can be changed in small ways, to make the bombs very dangerous to those making them. The same with other information on the site, making small changes that will create arguments or confusion among site users. These two techniques are ancient intelligence practices. Al Qaeda is particularly vulnerable to these kinds of attacks because Islamic terrorists have never become a threat via Internet based attacks and, in general, lack much knowledge of how the Internet is built and maintained.
For that reason, over a decade of warning about Islamic terrorists using the Internet to launch attacks has come to nothing. At most, there have been some defacing of web pages, often by hackers driven more by nationalism than religion. The Internet Jihad (struggle) has been mostly smoke, and very little fire.
Attempts by terrorists to recruit hackers have had very poor results. The Moslem world has much lower levels of literacy, education and computer proficiency than the West. There are a growing number of programmers and Internet specialists in the Moslem world, but most of them have legitimate jobs in software firms, or maintaining software and Internet services for companies. Some are involved with Internet crime, and a very few are eager about helping carry out Internet based terrorism going. Nearly all the Moslem blackhats (criminal hackers) are reluctant to get on a terrorism watch list, or something worse if they join some terrorist outfit. Moreover, Islamic terrorists recruit mainly from the young and clueless (and angry and unemployed). Internet penetration in the Islamic world is very low, as is literacy itself. The Islamic cyber threat is largely fiction, because the potential pool of Islamic Internet Jihadis is so tiny.
This is somewhat surprising, as there are Cyber War tools available that even the poorly educated terrorist computer user could operate. For example, there's a software program that online gamers use to launch DDOS (Distributed Denial of Service) attacks on other players they are particularly angry with. DDOS is used to shut down a web site, or individual user's Internet access, with a flood of garbage messages, generated from as few as fifty "zombie PCs" (machines hackers have earlier seized control of). Some bot herders (those who control hundreds, or thousands, of zombies) will rent zombies for these small scale DDOS attacks. The going rate is a few dollars a day per zombie (fifty will usually do to shut down one person's Internet access). Several thousand zombies are needed to shut down a web site, and criminals use that many to blackmail online businesses. This sort of thing happens every day, but it is rarely used by Islamic terrorists.
Counter-terrorism organizations know why there have not been more of these attacks by al Qaeda, or any other self-proclaimed Islamic warriors. The fact is that the Islamic terrorists are not nearly as well organized or skilled as the mass media would lead you to believe. There are many types of attacks, not just those involving the Internet, that terrorists could carry out, but don't. It doesn't happen because the terrorists cannot get it together sufficiently to do it. That should tell you something. The potential is there, and that is scary. But the reality has to be recognized as well, and that's a lot less scary.