Jeff Bardin from Treadstone 71 provides a detailed overview of the Jihadist activities on the Internet, including their software tools, online resources, etc.
Good day and welcome to this cyber jihadist use of the Internet from 2008 to 2011 overview by Treadstone 71. This deck, over 60 slides, will cover from a high level the jihadist use of the Internet through those years, actually starting well before 2008, but first delivered by myself in different seminars, discussions, talks from RSA and SecureWorld Expo.These discussions are compiled here into one deck. I removed some information I thought was not important for this talk, but hopefully it will provide you some education on the level and types of use of Islamic extremists and their use of the Internet over those years.
This slide (see right-hand image) demonstrates their use of audio and video in multiple different languages. They’ll use German, Spanish, Turkish, English, as well as Arabic. You will also see videos out there that are meant to shock; others are meant to educate and teach and train, others are meant to brainwash and continue the standard view of the Salafi view of Islam.This particular slide (on the left) is a series of animated gifs that focus on some more training, like the Mujahideen Poisons Handbook, which is a little bit like an instruction; the Mujahideen Secrets v.2, the encryption tool (there was version 1, we’ll cover that a bit later), as well as some other animated gifs here on 9/11 and ambushes throughout the Iraq war era. The agenda for today is: we’re going to cover online training and look at jihadist media out there. We’ll look at the Salafi with respect to radicalization; also take a look at forensics and communicating jihad. And then we’ll close up for the day and wrap it up. This is over 60 slides, so it is lengthy, even though this subject could go on for days and weeks, if we had the time. Hopefully you’ll enjoy the presentation. There was a great deal of training early on (see left-hand image). There was Al-Battar magazine, and they had several issues focusing on training, a training camp. The 6th issue, which you can see the cover here on the right, discussed cell organization and different command structures for their cells.
They also had a magazine that came out with two editions called The Technical Mujahid. These were all in Arabic and talked about more IT technical type of issues, as well as some violent type activities.
Then there was the Al-Qaeda University for Jihad Sciences that was electronic. It talked about e-Jihad, and we’ll talk about some of that a little bit later. There are training manuals out there and videos for explosives of all types, IED’s, surface-to-air missiles, flying planes – there were just 18 videos on flying 747’s back in the Al-Battar video days.
There was one issue here, issue #10 of Al-Battar that was a training manual focusing on special coverage of kidnapping. It had reasons for detaining one or more individuals by an enemy and forcing the government or the enemy to succumb to some demands, put the government in difficult situation that will create a political embarrassment between the government and the countries of the detainees; obtaining important information from the detainees, obtaining ransoms, which we’ve seen a lot of late. Such was the case with those in the Philippines, Chechnya and Algeria in the early days. They say that brothers from Mohammed’s army in Cashmere received a 2 million dollar ransom that provided good financial support to the organization, able to fund other terrorist activities.
I’ll bring a specific case to light; this happened at the beginning of the cases in Chechnya and Algeria with the hijacking of a French plane, if you remember that. And the kidnapping operations were performed by the brothers in Chechnya and the Philippines.
They also have requirements needed in forming a kidnapping group: a capability to endure psychological pressure in difficult circumstances. In case of public kidnapping the team will be under a lot of pressure, they say. And the detention must not be prolonged: “in case of stalling, hostages must be gradually executed so that the enemy knows we are serious.”
“When releasing hostages such as women and children, be careful as they may transfer information that might be helpful to the enemy. You must verify that the food transported to the hostages and kidnappers is safe – this is done by making the delivery person and the hostages taste the food before you. It is preferred that an elderly person or child brings in the food, as food delivery could be done by a covert Special Forces person.”
“Beware of the negotiator: stalling by the enemy indicates your intention to storm the location. Beware of sudden attacks, as they may be trying to create a diversion, which could allow them to cease control the situation. Combat teams will use two attacks, the secondary one just to attract attention, and the main attack elsewhere. In case your demands have been met, releasing the hostages should be made only in a place that is safe to the hostage takers. Watch out for the ventilation, or rather openings, as they could be used to plant surveillance devices, through which the number of kidnappers could be counted and gases could be used.”
“Do not be emotionally affected by the distress of your captives. Abide by Muslim laws as your actions may become a dower call to join Islam. Avoid looking at women.” These are just some of the training items in issue #10 of Al-Battar.Other training manuals (see right-hand image) covered many different lessons out there – from counterfeit currency and forged documents to weapons, measures related to buying and transporting them, special tactical operations, espionage, information gathering using open methods, open source in this case, or covert methods, and the secret writing with ciphers and codes, as well as assassination using poisons and cold steel. We’ll take a look at some of that with respect to cold steel in the next slide. With respect to assassinations (see left-hand image) using cold steel they get very descriptive on where to actually place the blade: anywhere on the ribcage, both or one eye, the pelvis, the back of the head, the end of the spinal cord – directly above the person’s buttocks; made to disable and kill as much as possible, as quickly as possible.
In addition, they talk about the blow of a club between the eyes, veins and arteries, genitals and so on. They get into specifics of grabbing testicles, grabbing the ribcage, and how to actually perform the execution in a battle, in a fight. They also talk about castor beans and ricin in detail in multiple different documents out there and training manuals. This is just one, and it gets very specific in how to go about performing these actions. So what you have online is a basis for academic side of training, and then you have to go to a training facility in different territories where they have these camps, and actually learn how to do it firsthand.I mentioned in one of the slides earlier the Mujahideen Poisons Handbook. This is the index (see right-hand image), one of the indices in the beginning here, actually, a table of contents. And it talks about homemade poisons from ricin, alkaloids of potato, arsenic, sodium nitrate, thallium, and phosphorus to chlorine and different gases. The edition starts with introduction: this file is dedicated to help folks learn how to put together different poisons.
“May Allah reward him every time it is used in his path and may He help him in his difficulties, amen. To the mujahideen of Afghanistan who’ve lit the flame of jihad in the hearts of every sincere Muslim. Throughout the world you will conquer Constantinople and Rome.” This is from the Prophet Muhammad, peace be upon him.They go on to talk about the book dealing with poisons (see left-hand image), and poisons are substances which cause harm to human body, of course. It is an esoteric knowledge, and must only be passed on to those who truly intend to use it in the name of Allah. They talk about lethal doses that often have a question mark beside them – that is because the quantities given are not established truly; they’re only estimates based on experiments with rabbits.
It is hoped that the brothers who work on this subject will research further, care out their own experiments, and refer to medical books to fill in what is missing. So they do realize that there’re holes here and it’s actually just a starting point. The gentleman who publishes this goes on to say: “I was learning from people whose first language was not English; some of the names of chemicals, properties are wrong. Be very careful when preparing poisons: it is much more dangerous than preparing explosives. I know several mujahids whose bodies are finished due to poor protection. On the positive side, you can be confident that poisons have actually been tried and tested successfully, hehe.” So this is the mujahideen poisons; that’s been out for several years and it’s still available out there. And again, I’ll focus here on ricins, since it’s been in the news frequently lately in the United States.Now, most people believe that Inspire magazine was the first jihadist magazine, but actually Jihad Recollections was (see right-hand image). Here in this edition we have “Obamaturk”, comparing Obama to Ataturk, the then leader of Turkey, the Ottoman Empire, who brought secular vews to Islam, which is directly an anathema to the Islamic extremists view, the Salafi view of Islam. In addition we have some discussions here on Omar Hammami and his conversion to Islam and move to fight with the Shabab in Somalia. In addition we have Adam Gadahn, who had gone from Jewish to Christian values to Islam to extremist Islam coming out of Los Angeles, who is now married and reported to be living in Pakistan as one of the spokesmen (see left-hand image). Adam has been very adamant; many see him as quite a buffoon, but he still continues to communicate in English, as well as in Arabic, Salafi values. So the intent here is to demonstrate that many westerners have seen the light and have converted to Islam.
In addition, in this particular version as of May of 2009, we have a warrior trainer, the days of Abu Leith; we have the analysis of the architect of global jihad, which is from Abu Musab al-Suri who was released from jail in Syria during the recent activities over there.
Revisiting the global jihad media effort is discussed in this, talking about America being a bully among bullies, and different activities about technology with respect to: “Forget cell phones, the sixth sense is coming,” and 8 great reviews of iPhone 3.0. So they cover many different things in this from religion and biography, strategy and lessons, social issues, technology, and health, and the jihad recollections. There were four versions that made it before this magazine actually was retired.Continuing onto this version of Jihad Recollections from May 2009: you see information here on the left from GIMF, the Global Islamic Media Front (see right-hand image), on a video: “Signs of Victory are Looming over Afghanistan.” At the bottom on the left you see a pointer that points to one of the online storage sites, at the time – FileFlyer. On the right you see more discussion on the war of atrocities from the same gentlemen, and a pointer down the bottom to FileFlyer again.
But the text here is from Abu Musab al-Suri, criticizing some of the issues with respect to current training and activities and success rates of the different schools out there, and really hitting home at this failure in education due to the lack of a program, and there’s a political failure, because there is absolutely no program.
In the Salafi view of Islam they offer no programs, no training from political viewpoint and no establishments from a political organization. So once they take over, it’s just pure chaos for the most part. They say that they’ll refer back to the Islamic law, but their interpretations are extremely severe, and people suffer at the hands of it.
You will also find that al-Suri is looking for more mobile training methods, such as in-house training. He also goes on to talk about online training and just-in-time type training using means that secret and subtle and creative while using effective methods to strike as much pain, loss and terror to the adversaries.This is a screenshot from Teqany magazine (see right-hand image); it was in Arabic exclusively. It was a technical magazine focusing on teaching and training on how to use various tool sets available in the marketplace. First released in November 2006, there were only two editions of this particular magazine. From the inside of Teqanymag you have methods on how to hide documents. On the top left you also had GPS utilization focusing on Iraq at the time. Use of wireless devices and video and media players out there was also part of their standard training set with respect to Teqanymag (see left-hand image). Back in 2007 there was an effort to take down different sites that were criticizing the Muslim sites, or, in particular, the Salafi-type sites. Raising e-Jihad was this effort (right-hand image); as you can read from the right here, they’re trying to get people to sign up. One of the unique things about this was the video game atmosphere around what they were trying to do.
It says that the program provides a number of hours for an attack, in this case 24. They are going to update their databases. They have features, such as direct communication with the leadership and business networks, especially from the heavens. And their names will appear on this page per period, each period between a month and two weeks after this is done with the authorization of Allah.
They had an option to register a username in writing of who’s been invited to participate, and it led up to 24 points, one per hour for each brother brought in to join the attack. The strategy here is to find locations out there, to have them withdraw data that is actually abusing Muslims or is against their values. And the attack that they wanted to hit them with is doubling or tripling their bandwidth usage for denial-of-service. And they would really prefer to push them into bankruptcy and close the site if possible.
They indicate that the attack will be open for 24 hours and that members can collect the greatest number of points, with each point being equivalent to one hour of attack. This never really matriculated, but the effort started early on, and that is what we see on the next slide. There was a tool put out there in several versions of a DDoS-type tool.They followed on with a new Electronic Jihad program (see right-hand image) starting with version 1 to 1.5, eventually 2 and moving on to version 3. They made this much more simple to use. They made software downloads to simplify the denial-of-service attacks. It was designed by a Saudi national. They had chat rooms available to plan and coordinate attacks. And there was a forum that listed websites to be attacked and the potential impact they wanted to carry out.
So, unlike the first campaign of electronic Jihad where participants did not have prior knowledge of the websites that they were attacking until they activated the Electronic Jihad software, the main page of the then al-jinan.org site carried names of the websites to be targeted for the attacks. Also the e-Jihad software program 1.5, or the silver version, had been updated to v.2 and again to 3. The new version of the software was much easier to use. After a few seconds of activation it actually updates the targets automatically and is compatible with different connection speeds and capable of using different proxies to override different website blocking technologies.
The version also set up account name and passwords at al-jinan.org for every user. And they can register the number of hours the user spent attacking targets and every two weeks the names of those who scored the highest would actually be posted. At the time the highest score was claimed by user nicknamed George Bush, who spent 4211.5 hours, or 70 full days, trying to DoS anti-Islamic sites. Other users spent hundreds of hours running the program as well.The installation process for the Electronic Jihad program is very simple, you just need to follow instructions and click through. In addition it shows you the interface for Electronic Jihad (see right-hand image), much the same as before, but this is a 3.0 version with more features. In addition, what they followed on with is where you at the time could download e-Jihad 3.0.zip, guaranteed by Kaspersky to be clean of any malware (see left-hand image). So, very simple to find at the time; probably, nowadays you’d find it at archive.org, the way back machine which continues to archive pretty much anything and everything of Jihadist value and makes it available for them. There was another tool made available at the time that was much the same with respect to DDoS, or denial-of-service type of attacks (see right-hand image). What they were really after here was conducting these different cyber attacks or hacking for money and organizational support, disruptive hacking for cyber Jihadist against different websites out there. And what they’re looking for is trying to acquire different low-level weapons for development and training here and distributing these hacking tools and information about them and educating people on how to use them, and then having statements as well about computer network attacking activities.
They would look for calls for action here, and formal education in IT. And they looked at cyber space experience as something that they were after here, and the extensive use of the Internet was what they sought. And again, the development use of cyber tools, including network and data security tools, were key areas that they were recruiting for in the online forums.