How Terrorists Encrypt 5: International Anti-Terror Operations

Duncan Campbell talks about several major anti-terror operations and the way encryption techniques were used by jihadis to organize their attacks.

Operation MAZHAR (2005)

Younis Tsouli (aka Irhabi 007) – notorious computer savvy jihadist

An international search tracked down an Islamic Internet activist who for 3 years had been tauntingly calling himself on the Internet “Irhabi 007”. “Irhabi” is Arabic for “terrorist”, so “Terrorist 007”. He was certainly putting it in their face and, from the appearance of Mr. Tsouli after his arrest, it looks like they may also have been putting it in his face.

Younis Tsouli was arrested in London and quickly found to be the long-sought-after “Irhabi 007”. When his computers were seized, it was found that he had managed and set up a series of Islamic websites on behalf of al-Qaeda using money stolen by carding. Tsouli and others in his circle were active members of the Russian-based carding sites “Carders Army” and “ShadowCrew”.

Younis Tsouli was alleged to have raised over 2 million Euro from carding.

He was alleged to have raised over 2 million Euro from carding and he had become al-Qaeda’s principal video distribution outlet at the time. He hacked websites to place and then distribute new al-Qaeda videos. Now, Tsouli did use PGP, and used it properly. He communicated over Hotmail, MSN, and the usual networks, but only with a small PGP key directly, there weren’t many people in his network, and it appeared that they mainly used GAIM – that’s an instant messaging system which supports encryption over normal instant messaging.

YouBombit – the failed jihadi project

YouBombit – the failed jihadi project

Tsouli and his colleagues were cyber criminals as much as they were jihadis. From the evidence presented, Tsouli was a competent enough hacker and data manager. He did encrypt using PGP, but only with what seems to have been a rather small core of international and iKey-competent correspondence. And just as they were moving in, he had a plan for a new website which was going to look a bit like the YouTube for Jihadi videos, but it’d have a different name, “YouBombit”. As far as I can recall, “YouBombit” never went live.

Operation NICHE (2006)

Mohammed Siddique - Scottish student groomed for suicide mission

This was in Scotland, my country. Mohammed Siddique was a young Scottish Muslim who was arrested on his way back from Pakistan. He’d been targeted because of the e-mails exchanged with 2 Internet contacts who appeared to be grooming him for jihad missions, or Shahid missions – suicide missions. One of them called himself “Oceanblue”, the other “Khalid the Shahid” – “Khalid the Martyr”.

Oceanblue at the time lived in the North of England, and he was already the subject of a very closed surveillance operation by the United Kingdom Security Service. Siddique was claimed also by a fellow university student to have announced that he wanted to be a suicide bomber, and he’d said so in a university cafe. After Siddique was arrested, Scottish police used an international warrant to subpoena all of the Internet records from AOL for the second alleged groomer, and this was Khalid the Shahid.

Siddique’s association with Khalid led to his arrest, but he was released in 2010

Siddique’s association with Khalid led to his arrest, but he was released in 2010

Khalid turned out to be an American living in a town he said was Centreville, Maryland, which doesn’t exist. However, Khalid’s real identity was established by the U.S. Department of Justice, and then they went through all of his records and screen names on AOL to see what he’d been doing as a groomer. So this is his list of screen names: “Khalid the Shahid”, “RyanRobinAnne”, “Miss Em 2301”, “Florida JW Gal”, and “Intel Cutie 2006”. It seems that Mr. Khalid was perhaps indeed a groomer, but you have to wonder who he was trying to groom and for what.

Mohammed Siddique was convicted, not of associating with that lot, but he was convicted, astonishingly, of assisting terrorism by just hyperlinking on a website he’d set up as a student. He’d hyperlink indirectly to al-Qaeda material which had been published elsewhere in the Internet, and he was sentenced to 6 years imprisonment for that. However, that sentence was fully quashed in January of 2010.

Operation PRALINE (2006)

Aabid Khan inspired an attack through online channels

Aabid Khan inspired an attack through online channels

Four Muslim men were arrested in the South of England for conspiracy to murder. At the center of the plot was this man, Aabid Khan, who was an active social networker who’d been under surveillance for months in a major operation. He was alleged to have groomed international contacts to join Jihad. There were large pinwheel diagrams of his associates, and this is one of the diaries they seized from him, talking about plans for assail to acquire equipment, mount an attack, and then the surveillance log outside an airport terminal. All of their activities operated in the way you’re now familiar with: normal Webmail, Hotmail, Yahoo, and some open codes, nothing more.

Operation OVERT (2006)

Operation OVERT dealt with a major airline bombing plot

Operation OVERT dealt with a major airline bombing plot

This you’ve got to remember, because it was the transatlantic airline bombing plot that triggered the overnight ban on passengers carrying liquids. This was a real terror plan, which the prosecutors in the later trial claimed could have caused more casualties than 9/11, and that could have been true if the bombs had gone off. They had their suicide videos lined up, they adapted 10 aircrafts targeted, they had arranged bombs that were made of 2 components disguised as fruit juices using copious quantities of hydrogen peroxide hidden in woods outside London. They’d acquired one special house for use for bomb assembly.

This transatlantic airline bombing plot could have caused more casualties than 9/11.

Rashid Rauf and Mohammed Gulzar – organizers of the attack

Rashid Rauf and Mohammed Gulzar – organizers of the attack

And the operation was run from Pakistan by a guy called Rashid Rauf and his British friend Mohammed Gulzar, both of them had come from Birmingham. They communicated with each other by open-coded e-mails. So, for example, when Gulzar was reporting to Rauf how much hydrogen peroxide he’d acquired, he referred not to H2O2, but to aftershave. So, again, in this major plot, the e-mail command linking back to al-Qaeda, there was no encryption, just open code and the use of varying Webmail addresses, in the hope of staying under the surveillance radar.

The suspected manager of this operation in Britain, Mohammed Gulzar, had come in to Britain and re-entered on a contrived identity with a new bride who disappeared as soon as he landed. He came with a laptop that had been reformatted, reloaded with Windows, and made to look really clean and sweet – wedding pictures, family chat, nothing more. Suspicious of itself, actually. But there was no attempt on this computer at hidden partitions, complex tricks, information hiding.

Terrorists who were charged with making the bombing plot

Terrorists who were charged with making the bombing plot

However, experience shows that in both sides of the business – the terrorists and the anti-terrorists – they make mistakes, and in this case both of them made inconceivably bad mistakes. For the terrorists, although they’d reformatted the computer, they had not wiped the unallocated clusters to null, as a consequence traces were left, clear traces, of previous research on hydrogen peroxide, which is completely damning evidence. They should, therefore, have been a conviction achieved in the view of the prosecutors. But this vital evidence was missed at trial. It was fished out of the unallocated clusters apparently too late to be used. As a result, although the co-conspirators who’d recorded their suicide videos were jailed for life, Mr. Gulzar was acquitted and walked free. These are the 8 who were accused of making bomb plots.

Read previous: How Terrorists Encrypt 4: “Mujahideen Secrets” Software
Read next: How Terrorists Encrypt 6: Traces Cleanup with TrueCrypt Software

Like This Article? Let Others Know!
Related Articles:

Leave a comment:

Your email address will not be published. Required fields are marked *

Comment via Facebook: