Threat Analysis Number: TA01-001 Date: 20 December 2001

Al-Qaida Cyber Capability

Key Judgements

Background
Osama bin Laden established Al-Qaida in the late 1980s to bring together Arabs who fought in Afghanistan against the Soviet invasion. It helped finance, recruit, transport and train Sunni Islamic extremists for the Afghan resistance. Its current goal is to establish a pan-Islamic Caliphate throughout the world by working with allied Islamic extremist groups to overthrow regimes it deems "non-Islamic" and to expel Westerners and non-Muslims from Muslim countries. In February 1998, Al-Qaida issued a statement under the banner of the "World Islamic Front for Jihad Against the Jews and Crusaders" claiming it was the duty of all Muslims to kill US citizens--civilian or military--and their allies everywhere.

The size of Al-Qaida is unclear. The group itself has been reported to have several hundred to several thousand members. Al-Qaida also serves as a focal point, or umbrella organization, for a worldwide terrorist network that includes many Sunni Islamic extremist groups such as Egyptian Islamic Jihad, some members of al-Gama'at al-Islamiyya, the Islamic Movement of Uzbekistan and the Harakat ul-Mujahidin. Al-Qaida has a worldwide reach with cells in a number of countries and is reinforced by its ties to global Sunni extremist networks.

Bin Laden and his key lieutenants reside in Afghanistan and the group maintains terrorist training camps there. Bin Laden, son of a billionaire Saudi family, is said to have inherited approximately US$300 million which he uses to finance the group. Al-Qaida also maintains moneymaking front organizations, solicits donations from like-minded supporters and illicitly siphons funds from donations to Muslim charitable organizations.

Threat to Critical Infrastructure
Some insight into the thinking of Islamic extremists was obtained in July 2001. At this time, Ahmed Ressam (convicted of attempting to place a bomb at the Los Angeles International Airport around 1 January 2000) testified in court that he was trained to attack the infrastructure of countries. Specifically, he stated that he was trained to target "such installations as electric plants, gas plants, airports, railroads, large corporations and military installations also." When asked why he chose an airport as a target, he said, "an airport is sensitive politically and economically." Ressam received terrorist training in Afghanistan and is linked to the Al-Qaida network.

The targeting of the World Trade Center by Islamic extremists in 1993 and 2001 was a symbolic act, ideal for sowing fear in the United States. However, the 11 September attack had an even deeper ripple effect: the temporary disruption of the entire US financial and transportation infrastructure. If the terrorists did not fully anticipate these aftershocks, they can see them clearly now. This raises the possibility that those responsible may shift their sights away from primarily symbolic targets, such as heavily populated buildings or sports stadiums, toward critical infrastructures.

Cyber Capability to Target Critical Infrastructure
There are no known examples of Al-Qaida launching cyber attacks against critical infrastructure. Although it has demonstrated a very sophisticated logistical and organizational ability, to date, its attacks have been physical and clearly "low-tech". For example, past attacks have included blowing up a dingy packed with explosives next to the USS Cole and exploding bombs near US embassies in Africa. Even the attacks on the World Trade Center and Pentagon on 11 September were done with conventional means.

Nevertheless, there has been significant, albeit unsubstantiated, reporting that bin Laden and his Al-Qaida organization are sophisticated users of computer and telecommunication technology. For example, it has been reported that Al-Qaida personnel use the Internet for sending encrypted communications.

Interestingly, in the wake of the 11 September 2001 attacks, Osama bin Laden reportedly gave a statement to Hadmid Mir (editor of the Ausaf newspaper) indicating that:

"hundreds of young men had pledged to him that they were ready to die and that hundreds of Muslim scientists were with him and who would use their knowledge in chemistry, biology and (sic) ranging from computers to electronics against the infidels. He said they had no atom bombs and missiles but the passion for jihad was more important than those weapons."

This statement suggests that Bin Laden is threatening to use computer-based attacks against the West. However, due to its very poor communications infrastructure, Afghanistan does not provide an ideal venue for staging such attacks. According to the CIA World Fact Book, the capital city of Kabul had only 21,000 main phone lines in use in 1998. Domestically, there are telecommunication links between the cities of Mazar-e Sharif, Herat, Kandahar, Jalalabad and Kabul through microwave and satellite systems. There are reportedly very few links abroad. Osama bin Laden's personnel reportedly go to Peshawar, Pakistan to maintain phone, fax and modem communication with the outside world.

Bin Laden's choice to use Afghanistan as a base for his operations limits Al-Qaida's ability to use that country as a base for malicious cyber activity. Therefore, a potential cyber terrorist attack by the Al-Qaida group, or their sympathizers, against the West would most likely have to be launched or coordinated outside Afghanistan. Likewise, Taliban forces would appear to be very ill-equipped to launch any sort of cyber effort from within the country.

Cyber Threat Related to 11 September
The events of 11 September will engender cyber attacks between individuals sympathetic to the United States and those who support the terrorists. US supporters have already begun cyber attacks against Arab and bin Laden-linked computer systems. When this becomes significant, a retaliatory response can be expected against networks perceived to be connected to the US and its allies.

On 14 September, a group calling itself the "Dispatchers" posted a statement on the Web saying it has already disabled Internet Service Providers (ISPs) in the Middle East and has been targeting ISPs in Afghanistan with the explicit goal of destroying them. The Dispatchers, claiming to be approximately 300 strong, said it would target Pakistan, Iraq and several other Middle Eastern countries. The hacker group said it is planning a coordinated attack against Internet infrastructure in targeted countries and other critical information systems. The US National Infrastructure Protection Center has issued an alert suggesting that the Dispatchers may inadvertently cause collateral damage to American computer systems during attempts to damage Arab/Muslim foreign computer systems via distributed denial of service attacks.

Groups that may be sympathetic to the terrorists, and may themselves launch cyber attacks against US and western computer systems, include the "Iron Guard". The Iron Guard is a group of hackers formed during the Israeli-Palestinian cyber conflict late in 2000. This group is believed to be technically adept and is reported to have ties to Hezbollah and other Muslim extremist groups. The group's initial call for cyber jihad was supported and promoted by al-Muhajiroun, whose leader (Sheik Omar Bakri Mohammed) has known ties to bin Laden. The Iron Guard has suggested in the past that it considers American commercial companies to be responsible for their government's actions.

Analysis of Threat
While bin Laden' s comments that his organization was prepared to use experts with knowledge of computers to launch further attacks are noteworthy, there is no history of Al-Qaida engaging in cyber attacks and no information suggesting that it has already prepared itself for such action. Bin Laden's vast financial resources, however, would enable him or his organization to purchase the equipment and expertise required for a cyber attack and mount such an attack in very short order. Regardless of Al-Qaida' s actions, a cycle of attacks and reprisals has commenced and will continue to occur between hackers sympathetic to Islamic extremist action and supporters of the United States.