July 5, 2007 at 7:43 PM ET
It was hailed as the world's first real cyberterrorism trial. Three British men, all teen-agers when their careers began, were accused of using the Internet to raise money, incite hatred, and help plan terrorist attacks. Two months into the trial, all three suddenly pled guilty this week.
As details emerge of their cyber-terror plots, their case provides a chilling look at what can happen when jihad spills over onto the Internet.
The case is also among the first to show direct links between identity theft, hacking, and terrorism. And it will give readers yet another reason to vigilantly protect their personal information while surfing or reading e-mail.
Authorities say the terrorists used phishing e-mails to trick recipients into divulging personal information, thereby making Westerners unwitting donors to al-Qaeda.
The three British citizens – Younes Tsouli, born in Morocco, Waseem Mughal, a British native, and Jordanian-born Tariq Al-Daour – all pled guilty this week to inciting others to commit terrorist acts outside the U.K. Their jail sentences range from 6.5 years to 10 years.
Their trial largely was progressing in obscurity, while British media focused on other terror cases, such as the infamous fertilizer bomb plotters, convicted in April, or the Operation Vivace trial, involving a failed plot to bomb London in 2005. But even if you've never heard of the three cyberterrorists, you know their work. Their conviction might mark the first genuine case of teen-age hackers turned al-Qaeda fighters.
Tsouli, the best-known of the three cyberterrorists, set up a series of jihadist Web sites in the months after the attacks on September 11. His chief claim to fame: posting gruesome execution videos, including those involving Wall Street Journal reporter Daniel Pearl and American Nick Berg. Tsouli, now 23, used a vast network of hijacked Web sites to publish the videos. He went by the revealing moniker “Irhabi007” – in English, Terrorist007, hinting at the fictional character James Bond.
But it was Tariq al-Daour – who began his career as a credit card thief as early as 15 years old – who provided the money for the operation, authorities say.
"(The three suspects) admitted together purchasing Web sites using stolen identities and credit card details, and used the Web sites to publish the extreme propaganda and recruiting material produced by al-Qaeda in Iraq," said Colin Gibbs, a prosecutor on the case. "The material was crafted to incite and recruit suicide bombers accessing the Web sites and forums internationally."
The three men only knew each other over the Web, and never met until they were arrested. They managed to carry out their cyber-jihad in the privacy of their own apartments.
“Behind the apparent normality of their daily lives, these young men firmly believed, supported and set about inciting others to follow an extreme ideology of violent holy war against so-called disbelievers," Gibbs said.
Phishing and terrorism
During the trial, reports from British newspapers say the prosecution alleged that the three men managed to steal about $4 million through credit card fraud and identity theft.
Al-Daour used old-fashioned phishing – fake e-mails that solicit personal information – to trick Internet users into giving up credit card numbers and other personal information, said a U.S. investigator who helped prepare the case for Scotland Yard.
Like many other credit card thieves, Al-Daour ordered merchandise with the stolen credit cards, had them shopped to a series of “drop” sites, and used a network of thieves to turn the stolen goods into cash. He also stole identities of Internet gambling site members and wracked up winnings to help raise funds.
The official spoke on condition of anonymity because he was not authorized to speak on behalf of British authorities. He could not provide additional details on how the money was ultimately spent.
Al-Daour, now 20, honed his credit card theft craft at the non-defunct CarderPlanet.com Web site, which he joined in 2002 – when he was just 15 years old. He also used computer viruses developed to steal personal information that were published on another hacker haunt named RATSystems.org, the U.S. official said.
CarderPlanet.com was for years the one-stop shopping arena for all manner of identity thieves. It provided an active market for the buying and selling of credit card data and other personal information. There also were extensive training manuals for up-and-coming hackers.
Eventually the site became a favorite haunt for journalists, too, before it was finally shut down by federal investigators in 2004, along with a companion site, ShadowCrew.com. At the time, the U.S. Secret Service said 28 members of the site were arrested worldwide.
But not Al-Daour. He wasn’t arrested for another year.
It's not clear if any of the CarderPlanet members knew that a member of Al Qaeda was among them.
Al-Daour and the others were rounded up by British authorities in October 2005. When arrested, their computers yielded a wide range of terrorist-related material. Most alarming for the United States: Tsouli's hard drive contained a pictures of landmark buildings in Washington D.C., suggesting he might be gathering data for a possible attack there, according to Newsweek.
On Thursday, a possible link between the three cyberterrorists and the recent spate of attempted bombings emerged. As part of their Web site jihadist efforts, Tsouli created chat rooms and bulletin boards where terrorist methods could be discussed. In one post from 2005, one posted message read: "We are 45 doctors and we are determined to undertake jihad and take the battle inside America."
So far, British authorities are calling that link a coincidence. But there is another intriguing mention of a possible connection between health professionals and terrorists.
Back in 2005, when all three were arrested, the BBC reported that a slip of paper with words "Hospital=attack" was found in the Mughal’s bedroom.
Not really cyber-terror
British authorities say this is the first time anyone has been prosecuted for using the Internet to fuel terrorism. With publication of details about the group’s cyber-jihad, some computer security experts might be tempted to suggest that a long-promised arrival of cyberwar might be upon us.
But Cyberterrorism expert Dorothy Denning says that's unlikely. She said that despite Britain's characterization of the three as cyberterrorists, Al-Daour, Mughal, and Tsouli weren't planning to commit crimes that most people would call cyberterror – Web-based attacks on critical infrastructure systems, such as electrical grids.
Instead, they were raising money and attracting publicity through the Internet. While their efforts were successful, neither technique was especially new, Denning said. The Millenium Plot terrorists, who planned to blow up Los Angeles Airport on New Year’s Eve, were caught with a laptop computer full of stolen credit cards used to fund their activities. Imam Samudra, who planned the deadly Bali bombing, wrote his memories in prison and included a chapter on computer hacking, Denning said.
"The thing to pay attention to is how they are using the Internet to organize and get people to conduct attacks," Denning, now an instructor for the Navy, said.
Internet-based destruction is not out of the question, however. Earlier this year, attackers using a network of hacked computers –known as bots –attacked Estonian Web sites after a diplomatic skirmish between Russia and Estonia. Several government sites were rendered useless by the attacks, which lasted for about one week.
Toppling Web sites or stealing credit cards is a far cry from the long-promised Digial Pearl Harbor Richard Clarke warned about back in 2000. The likelihood of the Internet being knocked off-line by hackers, or even the likelihood of a power utility being disrupted through the Web – is remote. But Al-Daour's ability to raise money, and Tsouli's ability to attract online attention, signals a less dramatic but more practical way for terrorists to use the Internet as a tool.
“There are people, including law enforcers, who initially thought these guys were computer geeks or hackers," Evan Kohlmann, a U.S.-based terrorism consultant who gave evidence in the case, told the Associated Press. “But they were a lot more dangerous, they were the key aides to al-Qaida. There was no one more skilled at what they did."