Technology and Security Discussions on the Jihadist Forums: Producing a More Savvy Next Generation

Publication: Spotlight on Terror Volume: 3 Issue: 10

Jihadist groups operating online appear to be raising awareness about information and communications security, and stressing the importance of technical know-how in conducting successful operations. Two training manuals recently found on Internet discussion forums promoting militant Islam illustrate the importance of technical savvy to the jihadist movement. Formerly used chiefly as a platform for al-Qaeda statements and claims of responsibility for attacks by numerous groups, these forums have become a grassroots medium through which individuals without any particular group affiliation can post a document or manual of their own creation, subsequently useable as standard procedure for terrorist cells. (For more on security issues and the next generation of al-Qaeda, see Al-Qaeda’s Next Generation: Less Visible and More Lethal, by Michael Scheuer [Terrorism Focus, Volume 2, Issue 18].)

Although the technology discussed is simple in nature, the dissemination of basic security guidelines for hacking and for mobile phone use could greatly enhance the effectiveness of aspiring mujahideen, as they would make fewer security mistakes and create fewer leads for Western intelligence services. A former CIA official commented that several notable arrests and intelligence coups have come about through simple security errors on the part of the terrorists. For example, Ahmed Ibrahim al-Nagar, a member of the Egyptian Islamic Jihad group operating in Albania, was arrested and ultimately convicted due to his lax personal security habits. Information recovered from his laptop yielded many new insights into the EIJ organization and its future plans, never before available to human intelligence personnel.

We have seen numerous examples of this phenomenon in recent months. Italian Islamic militants employed a simple strategy involving the use of multiple SIM cards when making mobile phone calls. Each call, very brief, would consist of a short series of code words, after which the caller would dispose of the old SIM card and install a new one, repeating the process until the message was complete. In this way, tracking the caller’s location and monitoring the transmitted message was nearly impossible. Similarly, Yasser Arafat and his cadre were forced to improvise to continue their communications when Israeli security forces had them confined. Their headquarters compound was under constant human and electronic surveillance, and yet the Palestinians were able to maintain their privacy and efficacy through a series of simple security precautions.

The first of the recently posted documents was found on the forum Minbar ahl al-Sunna wal-Jama’a (“The Pulpit of the People of the Sunna;”, a user calling himself ‘albattar’ posted an article instructing readers on how to become hackers. The article is written in a pedagogical style, giving aspiring hackers a brief overview on the subject followed by an analysis of the motives and incentives for computer-based attacks. These factors are separated into several categories: political, strategic, economic and individual.

The article outlines three different activities that constitute categories of hacking. The first consists of direct intrusions into protected corporate or government networks. Such an attack may begin by defeating the firewalls set up to protect the network, which the author claims can “contribute to the demise of a protected system.” Once inside, an attacker would immediately seek to obscure and ultimately misrepresent their location and identity, through a technique called “spoofing.” This technique is used in conjunction with “source routing” to maneuver throughout the network. Source routing is a method in which the path a particular set of data packets takes is outlined by the hacker in such a way that computers normally isolated from the Internet (using only internal IP addresses) can be accessed. Intruders take advantage of the fact that source routing is a routine element of network maintenance, used when troubleshooting internal communication problems.

The second type of hacking is the infiltration of privately-owned computers, to steal personal information. This type of attack is possible due to both “the naïveté of personal computer owners,” and the widespread availability and effectiveness of exploitative software.

The final category involves the interception of sensitive information in transit, such as credit card numbers and Personal Identification Numbers. The author lists examples where such information is at risk, including online merchants lacking the most recent or most advanced protections. In addition, the article includes links to numerous applications and instruction manuals outlining their use.

While the author exhibits considerable knowledge of computing throughout the article—making extensive references to important personalities and events in computing history, as well as key terms in English—numerous other examples given of software and tactics are well out of date. This is likely due in part to the level of computer technology and Internet service available to the author.

Another manual, posted to the Muntadiyat al-Farouq forums (, informed readers about the fundamentals of cell phone security. Reprinted from the Tawheed wal-Jihad forum, the manual explains the basics of mobile phone communications, outlining the security risks inherent in the use of such a device to coordinate operations. This manual is an example where a rather basic document circulates across different Internet forums, becoming more valuable with each exposure to new readers. In the past, such a text might have been prepared for a specific audience and then destroyed after reading. With the rise in popularity among aspiring mujahideen of such sites as the al-Farouq forums, documents like this become rapidly disseminated to new individuals and groups.

The article discusses the route a call takes when communicating between two mobile users, and how much information about the caller is available to companies and law enforcement authorities. When a call is placed on the mobile network, the identity and general location of the caller are automatically recorded. Other relevant data includes the model number and production date of the mobile phone, as well as the duration and recipient of the call. The author stresses however that the precise location of the caller is impossible to determine through routine records, and no information is transmitted while the device is powered off.

In their training and in the execution of their operations, these aspiring mujahideen prefer to employ the simplest or most direct method possible, to avoid complications and to facilitate self-instruction. This often means they will choose less sophisticated methods, opting for simplicity over advanced technology. They know they cannot prevail in an even contest against national intelligence services without the finest (and most costly) technology available, so they seek instead to outsmart the strategy behind the gadgetry.

As the online community supporting terrorist groups evolves and attracts new members with increasing levels of technical and tactical prowess, analysts and security services will need to monitor such communications closely. Without the information and insight gained through such evaluation, no meaningful understanding of overall methods and ideology will be possible.