January 07, 2009, 9:23 PM — A new breed of terrorists are using online forums to recruit people who align themselves with the mission of Al Qaeda, creating global networks of would-be terrorists who pose a growing threat, a senior cyberterrorist researcher warned this week.
Cyberterrorists are using a series of online forums and at least one social-networking site, PalTalk, to recruit people to their cause, Evan Kohlmann, a senior investigator and private consultant for Global Terror Alert, said at the International Conference on Cyber Security 2009 in New York. Many of these people never actually meet in person, but conspire online to launch both cyberterrorist and physical terrorist attacks such as suicide bombings, he said.
Global Terror Alert is an online clearinghouse of information for counter-terrorist researchers, analysts and policymakers. Kohlmann also acts as a consultant to law-enforcement agencies on terrorist cases.
At the conference, Kohlmann outlined Operation Praline, a sting operation in the U.K. that ultimately uncovered a would-be terrorist network in three countries led by Aabid Khan, a then-19-year-old Briton.
Khan, who was arrested in June 2006 when he was returning from a trip to Pakistan, used online forums and chat rooms to "meet" people and essentially became "a terrorist recruiter using the Internet," Kohlmann said. When he was apprehended, law-enforcement officials had reason to believe he was planning to set off bombs in Washington, D.C., and New York.
Khan, who promoted a "worldwide" war against people who did not support Al Qaeda, also was the ring-leader for other terrorist plots hatched in the U.K. and Canada; the perpetrators of those -- most notably a group of 17 men arrested in Toronto just before Khan's own arrest -- were apprehended before the acts were carried out.
Khan used a series of so-called jihadi online forums where people who support Al Qaeda and aim to wage terrorist attacks share their ideas, Kohlmann said, calling these sites the "Facebook and MySpace" of cyberterrorists. Khan also encouraged mounting cyberattacks on people who did not support his viewpoint, he said.
While his reference to social networks was meant as a comparison, people have actually used PalTalk, a chat-room hosting site, to host a live question-and-answer with people they alleged to be Al-Qaeda leaders, Kohlmann said. He said that he's not sure if the company "actually realizes what is going on with their chat rooms," but that the chat room in question is well known among members of jihadi forums.
"In this case, we are particularly talking about a single chat room, with a slightly-changing-but-mostly-static identifiable name, accessible via the official PalTalk chat room index," he said via e-mail a day after his presentation in New York. "This chat room has been routinely advertised on jihadi Web forums, and it is used on a day-to-day basis to trade download links for Al Qaeda propaganda videos [and] terrorist instructional manuals ... If the company hasn't gotten a hint of any of this by now, then they really need to start re-considering their security policies."
When asked if the company is aware of Al-Qaeda chat rooms, Judy Shapiro, vice president of marketing for New York-based PalTalk, said the company is aware that there are many political-discussion forums. However, if the chat occurring within those rooms does not violate the company's terms of service for troublesome language, freedom of speech applies.
"We absolutely shouldn't discriminate," she said. "We can't constrain people's ability to say what they want. If someone says, I am the head of Al Qaeda, come talk to me, that's perfectly legal."
In its terms of service, PalTalk lists "unacceptable conduct" that would violate those terms as "threatening, harassing, or intimidating another user" or "transmitting any unlawful, threatening, abusive, profane, offensive, defamatory, or hateful text or voice communication or images or other material, or any racially, ethnically or otherwise objectionable material, or any material that violates or infringes the intellectual property or privacy or publicity or other rights of any other party," among other kinds of behavior.
PalTalk will take down a chat room with no warning if users report trouble to its moderators. "If someone said, how do I create a bomb I can [detonate] in Times Square," that would obviously raise a red flag, Shapiro said.
In cases where "the level of language" would warrant an investigation, PalTalk would take whatever steps necessary to cooperate with law-enforcement officials or take down the site or both if there is good reason, she said.
In the meantime, others are doing their own part to take down jihadi Web forums, Kohlmann said. More than five of the top jihadi Web forums -- including ones called Al-Ekhlaas, Al-Hesbah, Al-Firdaws and Al-Boraq -- have been knocked offline since September, and several others that are still live such as Al-Shamikh, Majahden, and Al-Faloja "are suffering periodic blackouts which can last anywhere from several hours to a week in length," he said in the e-mail.
However, "you knock one out, another one pops up the next day," Kohlmann said at the conference, so just taking down the sites is not an effective way to stop cyberterrorists and would-be accomplices from meeting via online forums.
He thinks the real way for law-enforcement officials to hamper cyberterrorists and would-be accomplices using these sites is to join them and cause confusion and mistrust among their ranks.
"Infiltrating the system is most effective," he said. "People don't know if you're a real jihadi or an agent. These people have never met each other and if you give them a reason not to trust each other, that's all it takes" to disrupt their activities.
