In here Jeff Bardin continues to highlight the Jihadist software, communication means, online guides, and dwells on the phases of radicalization process.Some of their early methods that used network security tools out there – obfuscation, denial and deception – included the distribution of Asrar al-Mujahideen, or Mujahideen Secrets v.1 from GIMF, Global Islamic Media Front (see right-hand image). This had 256-bit symmetric encryption and 2048-bit asymmetric encryption used on thumb drives. There was some training, not too much, and they had it here as kind of packaged up on the image.
Regardless, they started communicating this on the forums, and they started spreading out into email, chat, instant messaging, blogs, forums and different groups out there, as we will see. They also were looking at steganography and different encryption uses, the use of anonymous accounts on various email sites. And they started realizing that all email was being targeted, therefore they stopped sending email and would use email for dead drops, placing draft messages, using shared email accounts and using them for a period of time before they stopped using them altogether.
This helped in their communication and coordination, and their command and control, and distributing different documents and videos. In addition, it also helped in their intelligence collection, or open source data collection leading to intelligence; recruitment, training, fundraising, offering jobs in IT, looking at ISPs that were actually sympathetic to their cause so that they could actually host their websites and operate their organizational online networks out there.And they were also looking for insiders that had access to critical infrastructure. In the early days these were some of their initial activities (I guess I mentioned it): obfuscation, denial and deception. The second version of Mujahideen Secrets had been advertised: as you can see here, when it blowed up, you can see the matrix in the background (right-hand image). In addition, you can see Cyrillic MYPppp. In addition, you have an upside down fish, or the symbolic of Christianity, and a dead fish in this case; multiple keys within it showing the use of various different encryption keys and the tool set, as well as new features in red down at the bottom (see left-hand image above), Jadid, or ‘New’ that was available in the tool set. In addition, you see an M16 with a key on the end of the circle – it’s part of their logo from the Global Islamic Media Front. Mujahideen Secrets version 2 (see right-hand image) was a definite improvement over version 1. They added some new features in the tool set; speed was actually part of it as well – they came embedded with a public key, so they had it ready to go. In addition, they had greater help files, and you could search and look at the index of contents, table of contents of different help out there.
Symmetric cipher algorithms such as Rinjdael, Mars and Twofish were included as well as your standard file shredding and key management, all in a tool – basically an open “PGP on steroids” version that they developed themselves; could have potentially been developed by the Kavkaz-Center group out of Chechnya. It provides them a method of encryption that is still in use today, as advertised at the end of the Inspire magazines where they published their public key.As part of the v.2 release of Mujahideen Secrets, they had the digital fingerprint of the actual software and the keys (see left-hand image). You could actually see the compression ratios in Mujahideen Secrets. But also they released this with the intent of encrypting video and potentially encrypting images and embedding them in steganography. So they had a combination of different things they were using at the time, encrypting different texts and media, embedding it in different images and steganography, and teaching people how to use different tool sets out there with respect to making videos and different images, where they could, in fact, embed their information and hide in plain sight. Demonstrating further integration with some of their solutions out there: I mentioned earlier Teqany magazine as one of the early magazines. There’re only a couple of magazines out there, highly technical, all in Arabic. But in the Mujahideen Secrets training indices they actually pointed Teqany magazine as one of those that have been zipped up and encrypted as an example (see right-hand image). This was back in early 2007 and shows there their dedication to protecting information. In a move towards mobile they actually came out with TRSC, one of their technical units came out with Asrar al-Juwal, or Mobile Secrets (see left-hand image). This was a Java tool set that was able to run on Blackberry. It had some bugs, it was still in beta format, and they never seemed to get the second release in the marketplace. I am not sure if it was used very much; it pops up from time to time. As you see here, this is version 0.4. But it was a move that area, and it did have a small footprint, and you could actually use it, but it was a little buggy. Jihadists were also concerned about information security (see right-hand image). They used many different types of anti-viruses. They were using Kaspersky here, and they actually cracked and provided the key, made the key available, as well as pointers to where to download and how to install Kaspersky. During the Iraq war the ‘Baghdad sniper’ was glorified (see left-hand image). This person, if, or more than one person, actually – it was attributed to one, had videos taken of his actual kills and shots, mostly in urban areas. You have some cutouts here on this particular screen of US soldiers prior to their being shot. The distance seemed to be pretty decent. Distance here can be estimated, they would blow it to being several hundred yards. In addition, you can see the distance because there’re cars going back and forth in the urban areas within the video shots. Regardless, Baghdad sniper had many videos; he had his own site baghdadsniper.net. They were training that one with online trainings, whether it was written, as well as video, and then combined with the actual exploits of the Baghdad sniper. A little bit more on the Baghdad sniper (see right-hand image); the weapon of choice was the Dragunov, a Russian-made weapon. In addition, his kills were 24, 3 officers targeted, and 16 different wounded out there. And you could actually get the high resolution video of his actual exploits, all these different sites at the time. They usually would post them as high, medium and low resolution; low targeting for the most part mobile devices. Many of these sites carried them for years; they carried them without dropping them until finally there was pressure put against them. Nowadays they still are used, but they are dropped fairly quickly, except for archive.org, the actual way back machine. Other parts of their training regiment also include the use of US military manuals, one such here: Cyber Operations and Cyber Terrorism, was found in many links off their sites (see left-hand image). In addition, many US army field manuals were made available and are still available through archive.org, and they pop up periodically, depending upon need. So overall, their education was pretty sound with respect to the academic side of the house, and they followed through with multiple media solutions: web 2.0, email, chat, instant messaging, blogs, forums, groups, use of audio and video, animated gifs to the strength. They had a very strong Jihadist media organization and a propaganda machine that was very effective. The main Al-Qaeda site at the time was Ikhlas (see right-hand image). Ikhlas is no longer around, but it was the main site for communicating Zawahiri and bin Laden information. It was a vBulletin site, and you could actually enroll in the site, but you could have junior-type status until you actually proved your worth and your alignment to the Salafi views of Islam. It was just their enrollment forum, here you put a username and email address, and it was fairly easy to get tied to it. This site was eventually taken over by some western organizations and republished, discovered within 24 hours and taken down again soon after. I think it was 2009-2010 when this occurred. But Ikhlas today does not exist in this form; many other forums are out there that are still in use. This is your standard vBulletin enrollment form for one of the forum sites (see left-hand image). You put your username in, then your email address, email address second time, and then your password twice; then some more information about yourself: your location, male/female, your time zone. Then it would actually send the enrollment link to the email address and you could enroll.
Nowadays you have to be invited to many sites; if you have not made it in already, it’s difficult to get in. But this was standard enrollment at the time. Some would actually send an email and then start asking you questions about your views of extremist Islam, or Salafi view of Islam. If you couldn’t answer those questions correctly, then you wouldn’t make it in. So it was a little bit of a test. Nowadays it’s much more strict; they’ve gotten fearful of allowing people in. There are other ways to get into the sites, but for the most part it’s much tighter nowadays.As I mentioned vBulletin software earlier, in the early days it was actually owned by a UK company, just about 96 clicks into the West of London, but it was actually hosted at theplanet.com in Houston, Texas. You notice (see right-hand image), on the site they have different languages available: German, Chinese and Hungarian. They used to have Arabic here as well, they do fully support it: if you go into the forums, you can find out information about the actual language support for it. They kind of pulled it after a lot of attention. Now this company and software is actually owned by Internet brands out El Segundo, just north of Los Angeles. About 180 dollars for one license; if you buy a quantity, you get it much cheaper. It’s a fairly easy to use and set up forum-type solution that jihadis prefer. These three gentlemen (see left-hand image) were involved in a lot of posting of Jihadist material coming out of Iraq. Younis Tsouli, aka Irhabi007, aka Terrorist007. You see this was a picture after he was arrested. They were involved in a lot of criminal activities that helped support and fund their actions. For the most part they would distribute a lot of different setups and were the precursor to all these different forums out there.
They were eventually caught, and now they are in prison. They provided some great support to Zarqawi and others in Iraq, as the videos would come to them and they would actually compress them, dress them up and post them online on these different sites.The celebration of their physical exploits were all over their forum sites, videos, pictures, congratulatory and slaps on the back, and different animations that would take our information and post it on their site, demonstrating how asymmetrically, from a guerilla perspective, a couple of Jihadists would sacrifice themselves. Much of their training comes from online learning and education on how to make bombs. Different types of these were actually using different Mitsubishi phones to trigger the explosives from backpacks: what you saw there was a video of the Madrid bombings, very well planned and how they actually herded people towards the stairwell and had the bombs go off in sequence, knowing for well that they would be herding and moving that way. A very good example of how cyber terrorist activities in learning and training, command and control and communications and different technologies can be used and learned about online and taken to physical execution. The next slide (see right-hand image) has some very graphic photos, so I’ll warn you right now: if you do not have a strong stomach, please do not proceed to the next slide. These are images taken directly from the Madrid bombing in the aftermath as they lined up the bodies.
What’s interesting here is that these would be taken by the law enforcement, not by the public. How would they make their way out to the public, and in fact into the hands of Jihadist folks and, in particular, Al Qaeda? Now, the group that performed this bombing was not part of Al Qaeda at the time – it was actually trying to gain entry. As a result of the bombing they were admitted into the fold as Al Qaeda members. Regardless, they’re very gruesome images. You’ll notice that there are some black boxes, where they’ve redacted some of the parts – this is tradition in Islam to blackout and to redact the eyes, as well as genitalia, or anything of a sexual nature.One of the key features for Salafis is, of course, the use of the Internet. But using the Internet requires some skill and direction. Per this, the Salafis have written and posted documentation on how to start a Jihadist media organization (see left-hand image). The image here is a snippet of the translated version of that document. It covers many aspects of media creation and can service a role model for counter-intelligence replication, as well as intelligence infiltration. The methods are not earth-shattering, but nonetheless are written to define a roadmap for almost anyone wishing to create a Jihadist media organization in several easy steps to follow. Now, the Internet is used for many different things, in this case communication, of course. But it also has a flow with radicalization process (see right-hand image). There’s complements of the NYPD; they did quite a study out there. It’s drawn some heat in some circles, but it goes through different phases, as you see here: pre-radicalization, self-identification, indoctrination and jihadization.
Each of these phases is unique and has specific signatures allying to it. All individuals who begin this process do not necessarily pass through all these stages, of course. Many stop or abandon this process at different points. They just lose their desire to go further, and they don’t believe it. Some pass through the entire process and are quite likely to be involved in the planning or implementation of a terrorist act.
The pre-radicalization is the point of origin for individuals before they begin this progression. They can do it online. It is their life situation before they were exposed to an adopted Jihadist Salafi Islam, it’s their own ideology. The majority of individuals involved in these plots begin as unremarkable, and they had ordinary jobs, they had lived ordinary lives and had little if any criminal history.
When it comes to self-identification, this phase is where individuals are influenced by both internal and external factors. They explore Salafi Islam and gravitate away from their old identity and begin to associate themselves with likeminded individuals and adopt this ideology as their own.
Some of the triggers are the economic situation, losing a job, or block from mobility, or not working at all; social alienation, discrimination, racism, whether it’s real or perceived, they have that idea of being victimized; political situation, or international conflicts involving Muslims, and they are being treated poorly, such as possible Abu Ghraib, or they line themselves based on political situations in certain countries – we’ll see a video here from Lars Vilks shortly. Or there may be deaths in the family, someone close at the hands of westerners. Regardless, these can all be triggers, as are caricatures and are images of the Prophet Mohammed, peace be upon him.
The indoctrination phase is a phase in which an individual progressively intensifies his or her beliefs. They wholly adopt Jihadi Salafi ideology and conclude without question that conditions and circumstances exist where action is required to support and further the cause. User is driven by the spiritual sanctioner, someone like Anwar al-Awlaki, someone ordained, if you will, and seen as someone very well educated in the Quran. In Awlaki’s case, he was an imam.
While the initial self-identification process may be an individual act, as noted above here, association with likeminded people is an important factor as the process deepens. By the indoctrination phase this self-selecting group becomes increasingly important as radical views are encouraged and reinforced.
It also starts to get down to much smaller group and relates to the Dunbar’s number. Take a look at Dunbar’s number on Wikipedia, you’ll understand the trust factors around the human mind, and as we get to greater trust, we have fewer groups of people in that circle.
Then there’s the jihadization phase, in which the members of the cluster accept their individual duty to participate in Jihad and self-designate themselves as holy warriors, or Mujahideen. Ultimately, the group will begin operational planning activities for the Jihad or a terrorist attack, and these acts will include planning, preparation and execution. While the other phases of radicalization may take place gradually over 2 or 3 years, possibly, the jihadization component can be very rapid, taking only a few months or even weeks to run its course.Pre-radicalization, from a cyber perspective, used to take place in the forums (see left-hand image), where they’re well-organized and publish Jihadist-related media and publications, as well as Mujahideen press releases, communicate statements out there, many of which are just pure propaganda and false in nature.
They also organize their forums into science and applications, different Quranic verse, historical and biographical information on people and places, the basic tenants of the faith and methodologies and principles and teachings are there, as well as different ways to behave yourself, and purification and manners, since Islam is part of your everyday life that absorbs your life.
In addition there will be different requests and information and conversations amongst different participants on the sites, poetry and media postings, different discussions, as well as, of course, IT and communication technologies some of which we’ve shown here that is available for download.
There was a video spread online to demonstrate that the West and Israelis are nameless, faceless, cold, steel, remote controlled from a distance who kill indiscriminately, targeting women and children. The idea there is to fully indoctrinate and self-identify with this and align with the victimization mentality. This video was done a couple of years back and targeting Obama after he was elected, showing the Statue of Liberty burned down and torn down from the top, as well as the skyline in New York City. There was a message to an “old enemy”.With much of the education on pre-radicalization left to the forums, budding Jihadists begin to align with religious figures that are vetted to communicate the words of the Quran. One such imam was Anwar al-Awlaki (see right-hand image).
Alignment to a religiously vetted figure provides validation that their cause is righteous and just. Awlaki recorded many sermons that are available in mp3 format for download on many sites that seem to be normal Islamic sites. But they are not normal, only posting as such to deceive and deny. Very deep within these sites are messages that support the Salafi viewpoint and make available sermons of hate for the solidifying the position of victimization, and all-out warfare by the West on Islam.
Awlaki also wrote 44 ways to support Jihad that ensures education starts at a young age to indoctrinate and brainwash children in the ways of the cyber Mujahed and those who someday may take their cyber views to actual physical action. Having achieved rock star status, Awlaki could not show up in person at his lectures due to threats to his life, but would instead deliver them via phone to packed crowds in theatres or other gathering places, such as colleges and university lecture halls.
Read previous: Cyber Jihad: Jihadist Use of the Internet 2008-2011