Small Wars Journal

The Role Al Qaeda Plays in Cyberterrorism

Share this Post

The Role Al Qaeda Plays in Cyberterrorism

 

Lyda Tesauro

 

According to the United States Department of State, Al Qaeda is a Foreign Terrorist Organization under section 219 of the Immigration and Nationality Act; this group emerged in the 1980s out of the anti-Soviet jihad in Afghanistan and officially made the terrorist list in October 1999 because of their heinous activities, brutality, militant ways, and radical Islamic ideology (U.S. Department of State, 2018 and Byman, 2016). Other Al Qaeda affiliations such as Al Qaeda in the Islamic Maghreb (AQIM), Al Qaeda in the Arabian Peninsula (AQAP), and Al Qaeda in the Indian Subcontinent are also considered Foreign Terrorist Organizations in the Unites States (U.S. Department of State, 2018). Although Al Qaeda is better known for their savagery and physical terror attacks than their cyber presence, this terrorist organization does practice cyberterrorism—even though that is not their strong suit—and does utilize the internet as well as social media to spread their global jihad message. Since Al Qaeda has a distinct hatred for the Western world, including the United States, the American people should be concerned about Al Qaeda’s interest in utilizing cyberterrorism—regardless of whether or not they actually have the capability to follow through with their threats at this time (Knake, 2010). Some targets that Al Qaeda has hinted at attacking in the future are the United States economy (e.g. financial institutions, Wall Street, stock market, etc.) and American public utilities (e.g. water, electric, sewage, gas, natural gas, telephone, and transportation), so the potential threat that they pose to the U.S. should be taken seriously (Knake, 2010). With the huge impact Al Qaeda has on social media and the internet, it is only a matter of time before more technologically savy, radical Muslim Al Qaeda identifiers start utilizing the full spectrum of cyberterrorism to validate their existence and further their agenda. Throughout this paper, I will help readers better understand the role Al Qaeda plays in cyberterrorism; I will do this by discussing how the terrorist organization utilizes the internet to indoctrinate as well as recruit likeminded extremist individuals, by delving into how Al Qaeda uses the internet to conduct cyberterrorism, by shedding some insight into how this particular terrorist organization’s activities effect the larger topic of cybersecurity, and by touching on what the future of Al Qaeda could be in the cyber realm.

 

How Al Qaeda Uses the Internet to Further Their Agenda/Ideology

 

With the rise of the internet and social media platforms, Al Qaeda has been able to expand their global initiative and recruit more radical jihad extremists. Al Qaeda utilizes internet-based websites to publish jihadist literature (e.g. The Encyclopedia of Jihad and The Encyclopedia of Hacking the Zionist and Crusader Websites) and accept donations online to fund their campaigns (Holt, T. J., Bossler, A. M., & Seigfried-Spellar, K.C., 2015). The terrorist group also utilizes social media and other media platforms (e.g. cell phone video cameras, web cams, YouTube, video games, music, magazines, etc.) to give radical preachers as well as militants a place to spew their propaganda, publish their jihadist literature, incite violence, tell people who to assassinate, engage in psychological warfare by threatening specific communities/societies, deliver virtual military training/logistics to carry out violent jihad like a loyal terrorist (e.g. those tactics include education on urban and gang warfare, how to conceal as well as make explosives/weapons, how to execute ambushes, arrests, and explosions), coordinate terrorist attacks, glorify martyrdom, provide advice on computer security as well as instruct faithful members on how to hack into computer networks, record their brutality, and/or recruit new members (Holt, T. J., Bossler, A. M., & Seigfried-Spellar, K.C., 2015 and Rudner, 2017). While it may seem like Al Qaeda’s activities on the internet are exaggerated, there are plenty of examples to validate the claims.

 

One specific example of how Al Qaeda uses the internet to further their agenda is through an English-written online magazine called Inspire—which is run by Al Qaeda in the Arabian Peninsula (AQAP); the online magazine is decently followed, provides information on Al Qaeda’s viewpoints as well as the jihadist movement, and commentates on the group’s kill list (Holt, T. J., Bossler, A. M., & Seigfried-Spellar, K.C., 2015). Because Al Qaeda’s Inspire does a great job at publishing content that resonates with likeminded individuals, they are victorious in “spreading the call for jihad” online (Rudner, 2017). Another example of Al Qaeda’s success in the cyber realm is how effectively the terrorist organization reaches its target audience through film and on-the-ground reporting (Holt, T. J., Bossler, A. M., & Seigfried-Spellar, K.C., 2015). By recording their experiences at Arab Spring protests, videoing beheading executions (such as Jewish journalist Daniel Pearl’s death), and releasing several video games (targeted to the youths) that place the player in the role of a jihadist fighting against Jews, Westerners, and the U.S. military, Al Qaeda makes themselves more relatable, gives themselves some relevance, shows people that they are a force to be reckoned with, and attempts to normalize or justify their behavior—which is beneficial to the terrorist group’s survival (Holt, T. J., Bossler, A. M., & Seigfried-Spellar, K.C., 2015). With their success at luring people online (especially the “homegrown” terrorists in Western societies) to accept as well as follow their radical jihadist views, Al Qaeda has become one of the poster children for not using the internet as simply an attack vehicle to fulfill their agendas (Holt, T. J., Bossler, A. M., & Seigfried-Spellar, K.C., 2015 and Rudner, 2017). In fact, Al Qaeda does not necessarily need to be the best at cyberattacks when their unregulated presence on the internet alone plays such a significant role in fostering violent Islamic extremism—more so than prisons, universities, and places of worship (Rudner, 2017). Instead of primarily using the internet to implement cyberterrorist attacks, this terrorist group tends to use cyberspace more for communicating/spreading their jihadist agenda globally, cultivating support for their initiatives through social media or web forums, offering theological justification for actions of terror on online platforms, providing technical instructions and operational guidelines on the internet for their terrorist attacks, inciting violence through their media forums, engaging in online fundraising activities to support their cause, and web defacing their so-called enemies’ websites (Holt, T. J., Bossler, A. M., & Seigfried-Spellar, K.C., 2015 and Rudner, 2017). Because of the terrorist organization’s limited cyber capabilities and the many ways Al Qaeda uses the cyber realm to further their ideology, criminologists such as Marjie Britz have had to create a more expansive definition for cyberterror to encompass the many ways organizations like Al Qaeda utilize technology to further their missions (Holt, T. J., Bossler, A. M., & Seigfried-Spellar, K.C., 2015). According to her, cyberterror is “the premeditated, methodological, ideologically motivated dissemination of information, facilitation of communication, or attack against physical targets, digital information, computer systems, and/or computer programs which is intended to cause social, financial, physical, or psychological harm to noncombatant targets and audiences for the purpose of affecting ideological, political, or social change; or any utilization of digital communication or information which facilitates such actions directly or indirectly” (Holt, T. J., Bossler, A. M., & Seigfried-Spellar, K.C., 2015). With this definition, scrappy cyberattacks and social media incitements can still be acts of cyberterror, which makes Al Qaeda fall under not only the terrorist organization category, but also the cyberterrorist category.

 

The E-Jihadists and Electronic Attacks by Al Qaeda

 

Considering the fact that cyber warriors generally hail from the class of the disaffected, educated, and relatively-well-off radicals (which is typically the demographic of Al Qaeda members), Al Qaeda should have advanced cyber warfare and cyberterrorism capabilities to hurt the West; however, Al Qaeda really does not have the tools or skill set worthy of their savage reputation (Liu, 2015). According to Holt, Bossler, Seigfried-Spellar, and Liu, the most prominent—yet still mediocre—e-jihadists or hacker groups that represent Al Qaeda are: the Al-Qaeda Alliance Online (an offshoot of the hacker group GForce Pakistan), Youni Tsoulis (an e-jihadist), and the Al Qaeda Electronic (a hacking group affiliated with Al Qaeda) (Holt, T. J., Bossler, A. M., & Seigfried-Spellar, K.C., 2015 and Liu, 2015). Reports indicate that Al-Qaeda Alliance Online is the hacking group that defaced a web server operated by the National Oceanic and Atmospheric Administration (NOAA) on October 17, 2001; Youni Tsoulis is the e-jihadist who developed multiple web forums, created hidden links to propaganda web forums/sites that supported Al Qaeda, promoted hacking, and made tutorials on hacker sites “with substantial detail on methods of attack and tactics to compromise websites;” and lastly, the Al Qaeda Electronic (AQE) is a hacking group that has limited, rudimentary capabilities and focuses on web defacement (mostly), DoS/DDoS attacks, and data breaches (Holt, T. J., Bossler, A. M., & Seigfried-Spellar, K.C., 2015 and Liu, 2015). Unfortunately, most of the cyberattacks orchestrated by these groups or individuals have not been successful. Some examples of their failures are: the attempted and unsuccessful DoS attack against the Vatican website after Pope Benedict’s controversial comments about the Prophet Mohammad and Islam, the planned cyberattacks against U.S. financial institutions, the stock exchange, and SCADA systems that ultimately failed, and the unsuccessful November 11, 2017 campaign that attempted to conduct DDoS attacks against several Western websites (Holt, T. J., Bossler, A. M., & Seigfried-Spellar, K.C., 2015, and Liu, 2015). It is also important to note that Al Qaeda is notorious for acquiring assistance when conducting their “cyberattacks” and at times exaggerates the success of their operations/attacks; this can be found in AQE’s alleged Operation Black Summer (Liu, 2015).

 

According to the Al Qaeda Electronic group, AQE partnered with the Tunisian Cyber Army (TCA) and “penetrated a number of prominent websites, several of which belonged to U.S. government agencies and multinational corporations, between February and May” (Liu, 2015). After further inspection from the National Cybersecurity and Communications Integration Center, the NCCIC believes that Al Qaeda’s involvement was non-existent—contrary to AQE’s statements (Liu, 2015). Because Al Qaeda is a terrorist organization, encourages its members to “spread rumors,” and is not exactly trustworthy, it is safe to say that the “operation” was meant to be propaganda—regardless of whether or not anything actually happened (Rudner, 2017). The sad part though is that the terrorist organization’s members and maybe even some civilians think that Al Qaeda was behind this “operation.” Because some individuals still hold this belief, the strength of Al Qaeda was validated—which means that the act or non-act was still a success for the radical jihadist group.

 

In order for Al Qaeda to keep its credibility as a cyber threat and keep their followers invested, the terrorist organization needs to stick to their signature and mostly successful website defacement campaigns against relatively low-value targets until they sharpen their technical skills (Liu, 2015). Al Qaeda will also need to make a multi-year investment in developing offensive cyber capabilities, they will need to find a secure facility, and they will need an advanced test bed if they want to make a statement in cyberspace (Knake, 2010). Once they are more proficient in the cyber realm, do not have to rely heavily on automated vulnerability scanners to find points of penetration, and can properly invest in their cyber terror program, then Al Qaeda will be able to orchestrate more effective cyberterrorist attacks (Liu, 2015).

 

Insight into How These Activities Effect the Larger Topic of Cybersecurity

 

Because many terrorist organizations do not have the capabilities to orchestrate a serious cyberterrorist attack, they are actively trying to gain the technical skills to conduct such a catastrophic attack; Al Qaeda seems to be one of those terrorist organizations. According to Defense Department CIO Terry Halvorsen, cyberterror is a perfect avenue for terrorist groups like Al Qaeda because exploiting an opponent’s cyber weakness(es) tends to be fairly quick and cost-effective while the financial damage and time invested in recovering from a cyber attack like that is vast (Pomerleau, 2015). With hackers and terrorists alike already sharing/providing information on vulnerabilities present in organizations’ as well as governments’ software and hardware of systems across the world, it would be in Al Qaeda’s and other terrorist organization’s best interest to try and exploit those flaws in the system (Holt, T. J., Bossler, A. M., & Seigfried-Spellar, K.C., 2015). In order to effectively do that though, Al Qaeda would need to penetrate, map, and damage the networks that control the industrial base; that would require a large team of experienced hackers, a lot of time/resources, and advanced infrastructure—which Al Qaeda does not have right now (Knake, 2010).

 

Unfortunately for the United States though, Al Qaeda and other terrorist organizations are becoming enthralled with the idea of cyberterrorism as well as cyberwarfare and are making plans to launch formidable attacks once they are able (Clarke, Arquilla, Lewis, Hamre, Skroch, & Dick, 2003). In order to properly mitigate their risks so that they can avoid these types of attacks, the United States “needs to make real investments to bolster the security of its critical infrastructure;” this includes government systems, military systems, and private sector systems (e.g. water, electric, sewage, gas, natural gas, telephone, and transportation) (Knake, 2010). The United States also needs to disconnect the internet from any infrastructure that can be turned into a weapon regardless of the number of safeguards in place to protect it (Knake, 2010). Lastly, the United States needs to continue to raise its defense to ensure that no amount of cyberterrorist capabilities will be enough to harm its critical infrastructures (Knake, 2010).

 

What the Future of Al Qaeda Could be in the Cyber Realm

 

As previously mentioned, the future of Al Qaeda in the cyber realm is promising; however, Al Qaeda needs to make some changes if they want to achieve the results they are looking to attain. According to Richard Clarke, a former Presidential Advisor for Cyberspace Security, members of Al Qaeda outside the United States are doing reconnaissance on America’s critical infrastructures and a number of Al Qaeda’s new members have technical backgrounds as well as advanced hacking skills (Clarke, Arquilla, Lewis, Hamre, Skroch, & Dick, 2003). In fact, a University of Oxford study of Islamic radicals parallels Richard Clarke’s statement; the study claims that militant jihadist groups—like Al Qaeda—have been recruiting more intelligent, college graduated computer science and information technology majors (Rudner, 2017). The study also mentions that computer engineers are “highly over-represented” in many terrorist organizations—including in Al Qaeda (Rudner, 2017). Because Al Qaeda’s members are becoming more interested in cyberterrorism/cyberwarfare, they are becoming more educated on cyber issues, and they are enhancing their technical skills, I believe that this seemingly new direction for Al Qaeda needs to be monitored by the U.S. so that America is not blindsided by an attack of this nature (Clarke, Arquilla, Lewis, Hamre, Skroch, & Dick, 2003). With President Trump’s recent decision to recognize Jerusalem as the capital of Israel, Al Qaeda’s increased technical skills, Al Qaeda’s projected culmination of their jihadist plan for global supremacy in 2020, and Al Qaeda leader Zawahiri’s threats on December 8, 2017 in response to the President’s announcement, I think it is quite possible to see a larger scaled cyberterrorist attack directed at the United States in the near future (Counter Extremism Project, 2017 and Rudner, 2017). Hopefully, the United States systems are secure enough to handle the attack and would receive minimal or no damage from it.

 

Conclusion

 

As outlined in this report, I chose a specific terrorist organization, Al Qaeda, and analyzed the role that they played in cyberterrorism. Throughout the paper, I discussed how the terrorist organization utilized the internet to indoctrinate as well as recruit likeminded extremist individuals, delved into how Al Qaeda used the internet to conduct cyberterrorism, included some insight into how this particular terrorist organization’s activities effect the larger topic of cybersecurity, and touched on what the future of Al Qaeda could be in the cyber realm. Hopefully, after reading this paper, people will not dismiss Al Qaeda’s cyberterrorist capabilities or underestimate them while they are probably in the process of refining their credibility in cyberspace.

 

References

 

Byman, D. L. (2016, July 28). Comparing Al Qaeda and ISIS: Different goals, different targets.

Retrieved July 16, 2018, from https://www.brookings.edu/testimonies/comparing-al-qaeda-and-isis-different-goals-different-targets/

 

Clarke, R., Arquilla, J., Lewis, J., Hamre, J., Skroch, M., & Dick, R. (2003, April 24). What are

Al Qaeda's Capabilities? Retrieved July 16, 2018, from https://www.pbs.org/wgbh/pages/frontline/shows/cyberwar/vulnerable/alqaeda.html

 

Counter Extremism Project. (2017, December 22). Al Qaeda. Retrieved July 16, 2018, from

https://www.counterextremism.com/sites/default/files/threat_pdf/Al-Qaeda-12222017.pdf

 

Holt, T. J., Bossler, A. M., & Seigfried-Spellar, K.C. (2015). Cybercrime and digital forensics:

An introduction. New York, NY: Routledge, Taylor & Francis Group.

 

Knake, R. K. (2010, February 12). Cyberterrorism Hype v. Fact. Retrieved July 16, 2018, from

https://www.cfr.org/expert-brief/cyberterrorism-hype-v-fact

 

Liu, E. (2015, December). Al Qaeda Electronic: A Sleeping Dog? Retrieved July 16, 2018, from

https://www.criticalthreats.org/wp-content/uploads/2016/07/Al_Qaeda_Electronic-1.pdf

 

Pomerleau, M. (2015, December 10). Terrorist groups looking to refine chops in cyberspace.

Retrieved July 21, 2018, from https://defensesystems.com/articles/2015/12/10/al-qaeda-electronic-cyber-activities.aspx

 

Rudner, M. (2017, June). “Electronic Jihad”: The Internet as Al Qaedas Catalyst ... Retrieved

July 16, 2018, from https://www.bing.com/cr?IG=B2A015C7511C4FA7B87C5ECA177E896E&CID=186F49F71FB265CF270645B31E4F640C&rd=1&h=-0T3__LrAuw1hlmC7d2CatmXFg_bMBE2acr8uqS8qmw&v=1&r=https://www.tandfonline.com/doi/full/10.1080/1057610X.2016.1157403&p=DevEx.LB.1,5499.1

 

U.S. Department of State. (2018). Foreign Terrorist Organizations. Retrieved July 16, 2018, from https://www.state.gov/j/ct/rls/other/des/123085.htm

 

Categories: terrorism - Al Qaeda

About the Author(s)

Lyda Tesauro is currently working in the legal field (criminal law) while pursuing her M.S. degree in Information Security and Assurance at Norwich University. She graduated from the University of Dallas in May of 2017 with a B.A. in Business and a concentration in Legal Studies. While attending undergrad, Lyda was a collegiate athlete, studied abroad for a semester in Italy, and was involved in various clubs on campus. She now enjoys researching information security issues and hopes to educate others on the importance of this field.

Comments

Thedrosophil, thank you for your comment and for sharing your viewpoints. I can understand why you do not necessarily agree with the definition that I used for cyberterrorism. Your definition of cyberterrorism, from what I gathered from your post, tends to align with the FBI’s more narrow definition of the term. However, other organizations and experts in the field believe that cyberterrorist attacks do not have to result in physical harm or cause financial disaster; basically, they think that less harmful attacks can also be considered acts of cyberterrorism as long as “the attacks are intended to be disruptive or [are intended] to further the attackers' political stance” (Rouse, 2017). In some circles, even cyber espionage can be considered cyberterrorism if the purpose of the spying was to execute a cyberterrorist attack (Rouse, 2017). If we are basing cyberterrorism on a more liberal standard that has been accepted by many experts, Al Qaeda would qualify as a cyberterrorist organization under that definition. In fact, renowned researchers in cybercrime and cyberterrorism Dr. Marjie Britz, Dr. Thomas J. Holt, Dr. Adam M. Bossler, Dr. Kathryn C. Seigfried-Spellar, as well as NATO utilize this more encompassing interpretation of the term cyberterrorism. Although the definition I used arguably does not stay as true to the traditional meaning of terrorism, it is still just as valid. Because there is “no current consensus between various governments and the information security community on what qualifies as an act of cyberterrorism,” we do not have a concrete answer on what constitutes cyberterrorism—which means that there will continue to be confusion as well as much debate on what cyberterrorism really is (Rouse, 2017). Hopefully, a unanimous, international definition/standard for cyberterrorism can be reached as well as accepted in the near future. 

Regarding your comments on Al Qaeda’s technical abilities, I highlighted throughout the paper and even gave examples (mainly in The E-Jihadists and Electronic Attacks by Al Qaeda section) that clearly show that Al Qaeda is currently not at a point where they are a serious cyber threat to anyone—including the United States. However, with the information that I gathered, I came to the conclusion that the future of Al Qaeda is promising in the cyber realm IF they decide to implement some of the changes I suggested in the paper. Some of the changes I mentioned were: “mak[ing] a multi-year investment in developing offensive cyber capabilities…find[ing] a secure facility, …[attaining] an advanced test bed,” and reducing how heavily they rely on “automated vulnerability scanners to find points of penetration.” I also stated that in order for Al Qaeda to effectively orchestrate a serious cyberterrorist attack, they needed to “penetrate, map, and damage the networks that control the industrial base; that would require a large team of experienced hackers, a lot of time/resources, and advanced infrastructure—which Al Qaeda does not have right now.” If Al Qaeda continues to remain interested in cyberterrorism and certain members continue to gain the technical skills needed to complete such a task, the terrorist organization could become a real threat to the United States in the cyber realm—especially when Al Qaeda is gaining new members/recruits that have advanced technical backgrounds. Obviously, Al Qaeda’s potential transformation into a serious cyber force (if they stay on track) will not happen overnight, but I do believe that the United States should continue to monitor the terrorist organization as well as their cyber capabilities so that America is not blindsided one day by a devastating cyberterrorist attack—as mentioned in my paper. Although I agree with you that a cyber event producing a "kinetic, real-world effect" is uncommon, I do think it is best to err on the side of caution to ensure that a cyberattack of that nature (however it is classified) does not ever occur. If the government continues to mitigate their risks and continues to ensure the protection as well as security of government systems, military systems, and private sector systems (e.g. water, electric, sewage, gas, natural gas, telephone, and transportation), I believe America will not fall prey to such a serious cyberattack or cyberterrorist attack from Al Qaeda or anyone else.      

Also, thank you for suggesting Dr. Rid’s book Cyber War Will Not Take Place. I will definitely try to read it because I always like learning other perspectives.

Best Regards,

Lyda 

Reference

Rouse, M. (2017, December). What is cyberterrorism? - Definition from WhatIs.com. Retrieved August 14, 2018, from https://searchsecurity.techtarget.com/definition/cyberterrorism  

thedrosophil

Mon, 08/13/2018 - 5:33pm

At the risk of focusing too narrowly on semantics, a definition of "cyberterrorism" would be enlightening. While the author highlights aspects of terrorist operations - fundraising, recruiting, propaganda, and such, none of which are new and all of which have been subject to endless commentary and countermeasures of varying robustness since 2001 - these fail to meet the definition of "cyberterrorism". "Terrorism" is chiefly understood as violence committed against non-combatants, often indiscriminately, to inspire fear, in order to achieve a political goal. "Cyberterrorism" must, therefore, attempt a similar outcome: the inspiration of fear to achieve political goals. The "3 C's" of deterrence might also be helpful to highlight: capability, credibility, and communication.

Can al Qaeda communicate their intent to secure political goals, through the inspiration of fear, by way of "cyber attacks"? Yes.

Are such declarations of intent by al Qaeda credible? Their intent is credible, insofar as most people believe that they would carry out such attacks if they could.

Most critically: are al Qaeda, in its various incarnations, capable of securing political goals, through the inspiration of fear, by way of "cyber attacks"? Not really, and probably not ever. The best they've been able to manage is vandalizing some webpages and temporarily hijacking a few DoD Twitter accounts. Not very terrifying, and a poor attempt at securing any sort of political goal.

And, of course, this goes to the larger issue with "cyberwar" and "cyberterrorism". Dr. Thomas Rid's 2013 book, "Cyber War Will Not Take Place", is extremely well researched and enlightening on this issue. Even under ideal laboratory conditions, it's extremely rare that a "cyber" event would produce a kinetic, real world effect. Most "cyber" events fall more neatly into the realm of sabotage, espionage, or subversion. Even events such as the (presumably) Russian attacks on Estonian and Georgian information systems and the Ukrainian power grid only fall within the realm of "warfare" if one dilutes that definition to the point of uselessness; and attacks on these scale require such sophistication as to fall outside the likely capabilities of sub-state actors such as al Qaeda. If we extend this to "cyberterrorism", the likelihood of an al Qaeda, or even a Russia or China, being able to pull off an epic event that inspires fear on a politically significant scale is virtually nil.

I highly, highly recommend Dr. Rid's book. I'm one of a tiny handful of folks who possess a professional background in both information/"cyber" security on the one hand, and international relations on the other. Save for a one-off article by Adam Elkus in War on the Rocks, Dr. Rid's book is virtually the only informed, responsible work I've encountered on this topic.