The US News & World Report has been digging into ‘hundreds of pages of heavily redacted court documents’ and finds evidence that al-Qaeda ‘has launched successful cyberattacks, including one against government computers in Israel.’ According to the paper, this is the first public acknowledgement of a terrorist group launching offensive cyber operations.
The court records are from one of the many legal hearings involving Mohamedou Ould Slahi, since his arrest in November 2001 on suspicion of involvement in the failed ‘Millennium Plot’ to bomb LA International Airport. The Mauritanian spent the subsequent years in Guanatanamo until a district court recently ordered his release on the basis that the US government could not in fact prove he was a ‘member of the Taliban or al Qaida’ at the time of the alleged offence [pdf], partly because the use of torture could have compromised the evidence provided.
The US News journalist, who has at least been following this case for a while, claims to have unearthed the following:
The court records do not specify when and under what circumstances Slahi discussed al Qaeda’s venture into cyberwar … For instance, Slahi told interrogators that al Qaeda ‘used the Internet to launch relatively low-level computer attacks.’ Al Qaeda ‘also sabotaged other websites by launching denial-of-service attacks, such as one targeting the Israeli prime minister’s computer server,’ court records show. The Israeli embassy in Washington had no comment on the information published in the court records.
Denial of service attacks are common and relatively easy and cheap to coordinate. They aim to overload and temporarily disable websites for the duration of the attack. Al Qaeda’s interest in the tactic, however, has received little discussion and attention.
Slahi, like many al Qaeda recruits, was highly educated and knowledgeable about computers, according to court filings. A citizen of Mauritania, he says he worked as a systems administrator for an Internet service provider there from May 2000 until July 2001. Slahi told interrogators that bin Laden’s group posted hacking instructions ‘on specific websites that directed the date and time of the attack.’
I don’t know if anyone has more details of this particular individual’s skills, or AQ’s actual capabilities in this area. This is not a naive enquiry, as I don’t mean any one of the thousands of articles on cyberterrorism clogging up the arteries of policy space. On that note, this piece quotes Richard Clarke, ex-presidential counterterrorism advisor:
To date, al Qaeda has not used its own hackers or rented hackers to damage, disrupt, or destroy important systems like banks, electric power grids, trains. We should expect that at some point a terrorist group might engage in low-level cyberwar, but the real threat is nation state action.
Which is what his new book is about, of course. It’s quite interesting to note how cyberterrorism has been downplayed since there’s a more plausible ‘cyberthreat’ to shriek about in the media. It would be quite ironic if now the furore over cyberterrorism has died down a little some evidence might emerge in the public domain that shows AQ actually were planning such attacks, even if they were not carried out to much effect. More likely, this information would be used as post facto justification for all the hysterical yelling over the topic in recent years.
Nevertheless, Clarke is technically correct on the terrorist threat, as also is the quoted ‘senior US counterterrorism official’ when he says, ‘sure, some computer-savvy terrorist sympathizers try to make trouble from time to time, but at this point we’re talking about things that cause more of a nuisance than lasting harm.’ One of his colleagues rounds out the piece, saying ‘when someone from al Qaeda jumps online, then we can jump on them.’ This is a sentiment heard often in counterterrorism circles―keep ‘em where you can see ‘em, the mantra goes.