Technology and ISPs
But the government and private-sector strategy for combatting terrorist use of the Internet has several facets. Certainly, agencies like the FBI and the National Security Agency – and a variety of watchdog groups, such as the Site Institute, a nonprofit organization based in an East Coast location that it asked not be publicized – closely monitor jihadist and other terrorist sites to keep abreast of their public statements and internal communications, to the extent possible.
It’s a massive, needle-in-a-haystack job, but it can yield a steady stream of intelligence tidbits and warnings. For example, the Site Institute recently discovered, on a forum called the Jihadi Message Board, an Arabic translation of a U.S. Air Force Web page that mentioned an American airman of Lebanese descent. According to Rita Katz, executive director of the Site Institute, the jihadist page added, in Arabic, “This hypocrite will be going to Iraq in September of this year —I pray to Allah that his cunning leads to his slaughter. I hope that he will be slaughtered the Zarqawi’s way, and then [go from there] to the lowest point in Hell.” The Site Institute alerted the military. Today, on one if its office walls hangs a plaque offering the thanks of the Air Force Office of Special Investigations.
New technology may also give intelligence agencies the tools to sift through online communications and discover terrorist plots. For example, research suggests that people with nefarious intent tend to exhibit distinct patterns in their use of e-mails or online forums like chat rooms. Whereas most people establish a wide variety of contacts over time, those engaged in plotting a crime tend to keep in touch only with a very tight circle of people, says William Wallace, an operations researcher at Rensselaer Polytechnic Institute.
This phenomenon is quite predictable. “Very few groups of people communicate repeatedly only among themselves,” says Wallace. “It’s very rare; they don’t trust people outside the group to communicate. When 80 percent of communications is within a regular group, this is where we think we will find the groups who are planning activities that are malicious.” Of course, not all such groups will prove to be malicious; the odd high-school reunion will crop up. But Wallace’s group is developing an algorithm that will narrow down the field of so-called social networks to those that warrant the scrutiny of intelligence officials. The algorithm is scheduled for completion and delivery to intelligence agencies this summer.
And of course, the wider fight against spam and online fraud continues apace. One of the greatest challenges facing anti-fraud forces is the ease with which con artists can doctor their e-mails so that they appear to come from known and trusted sources, such as colleagues or banks. In a scam known as “phishing,” this tactic can trick recipients into revealing bank account numbers and passwords. Preventing such scams, according to Clarke, “is relevant to counterterrorism because it would prevent a lot of cyber-crime, which may be how [terrorists] are funding themselves. It may also make it difficult to assume identities for one-time-use communications.”
New e-mail authentication methods may offer a line of defense. Last fall, AOL endorsed a Microsoft-designed system called Sender ID that closes certain security loopholes and matches the IP (Internet Protocol) address of the server sending an inbound e-mail against a list of servers authorized to send mail from the message’s purported source. Yahoo, the world’s largest e-mail provider with some 40 million accounts, is now rolling out its own system, called Domain Keys, which tags each outgoing e-mail message with an encrypted signature that can be used by the recipient to verify that the message came from the purported domain. Google is using the technology with its Gmail accounts, and other big ISPs, including Earthlink, are following suit.
Finally, the bigger ISPs are stepping in with their own reactive efforts. Their “terms of service” are usually broad enough to allow them the latitude to pull down objectionable sites when asked to do so. “When you are talking about an online community, the power comes from the individual,” says Mary Osako, Yahoo’s director of communications. “We encourage our users to send [any concerns about questionable] content to us – and we take action on every report.”