Gregory Pratt Posted October 9, 2007 Share Posted October 9, 2007 Al Qaeda's Internet communications system has suddenly gone dark to American intelligence after the leak of Osama bin Laden's September 11 speech inadvertently disclosed the fact that we had penetrated the enemy's system. The intelligence blunder started with what appeared at the time as an American intelligence victory, namely that the federal government had intercepted, a full four days before it was to be aired, a video of Osama bin Laden's first appearance in three years in a video address marking the sixth anniversary of the attacks of September 11, 2001. On the morning of September 7, the Web site of ABC News posted excerpts from the speech. But the disclosure from ABC and later other news organizations tipped off Qaeda's internal security division that the organization's Internet communications system, known among American intelligence analysts as Obelisk, was compromised. This network of Web sites serves not only as the distribution system for the videos produced by Al Qaeda's production company, As-Sahab, but also as the equivalent of a corporate intranet, dealing with such mundane matters as expense reporting and clerical memos to mid- and lower-level Qaeda operatives throughout the world. While intranets are usually based on servers in a discrete physical location, Obelisk is a series of sites all over the Web, often with fake names, in some cases sites that are not even known by their proprietors to have been hacked by Al Qaeda. One intelligence officer who requested anonymity said in an interview last week that the intelligence community watched in real time the shutdown of the Obelisk system. America's Obelisk watchers even saw the order to shut down the system delivered from Qaeda's internal security to a team of technical workers in Malaysia. That was the last internal message America's intelligence community saw. "We saw the whole thing shut down because of this leak," the official said. "We lost an important keyhole into the enemy." By Friday evening, one of the key sets of sites in the Obelisk network, the Ekhlaas forum, was back on line. The Ekhlaas forum is a password-protected message board used by Qaeda for recruitment, propaganda dissemination, and as one of the entrance ways into Obelisk for those operatives whose user names are granted permission. Many of the other Obelisk sites are now offline and presumably moved to new secret locations on the World Wide Web. The founder of a Web site known as clandestineradio.com, Nick Grace, tracked the shutdown of Qaeda's Obelisk system in real time. "It was both unprecedented and chilling from the perspective of a Web techie. The discipline and coordination to take the entire system down involving multiple Web servers, hundreds of user names and passwords, is an astounding feat, especially that it was done within minutes," Mr. Grace said yesterday. The head of the SITE Intelligence Group, an organization that monitors Jihadi Web sites and provides information to subscribers, Rita Katz, said she personally provided the video on September 7 to the deputy director of the National Counterterrorism Center, Michael Leiter. Ms. Katz yesterday said, "We shared a copy of the transcript and the video with the U.S. government, to Michael Leiter, with the request specifically that it was important to keep the subject secret. Then the video was leaked out. An investigation into who downloaded the video from our server indicated that several computers with IP addresses were registered to government agencies." Yesterday a spokesman for the National Counterterrorism Center, Carl Kropf, denied the accusation that it was responsible for the leak. "That's just absolutely wrong. The allegation and the accusation that we did that is unfounded," he said. The spokesman for the director of national intelligence, Ross Feinstein, yesterday also denied the leak allegation. "The intelligence community and the ODNI senior leadership did not leak this video to the media," he said. Ms. Katz said, "The government leak damaged our investigation into Al Qaeda's network. Techniques and sources that took years to develop became ineffective. As a result of the leak Al Qaeda changed their methods." Ms. Katz said she also lost potential revenue. A former counterterrorism official, Roger Cressey, said, "If any of this was leaked for any reasons, especially political, that is just unconscionable." Mr. Cressey added that the work that was lost by burrowing into Qaeda's Internet system was far more valuable than any benefit that was gained by short-circuiting Osama bin Laden's video to the public. While Al Qaeda still uses human couriers to move its most important messages between senior leaders and what is known as a Hawala network of lenders throughout the world to move interest-free money, more and more of the organization's communication happens in cyber space. "While the traditional courier based networks can offer security and anonymity, the same can be had on the Internet. It is clear in recent years if you look at their information operations and explosion of Al Qaeda related Web sites and Web activities, the Internet has taken a primary role in their communications both externally and internally," Mr. Grace said. Link to comment Share on other sites More sharing options...
southsideirish71 Posted October 9, 2007 Share Posted October 9, 2007 QUOTE(Gregory Pratt @ Oct 9, 2007 -> 10:38 AM) Al Qaeda's Internet communications system has suddenly gone dark to American intelligence after the leak of Osama bin Laden's September 11 speech inadvertently disclosed the fact that we had penetrated the enemy's system. The intelligence blunder started with what appeared at the time as an American intelligence victory, namely that the federal government had intercepted, a full four days before it was to be aired, a video of Osama bin Laden's first appearance in three years in a video address marking the sixth anniversary of the attacks of September 11, 2001. On the morning of September 7, the Web site of ABC News posted excerpts from the speech. But the disclosure from ABC and later other news organizations tipped off Qaeda's internal security division that the organization's Internet communications system, known among American intelligence analysts as Obelisk, was compromised. This network of Web sites serves not only as the distribution system for the videos produced by Al Qaeda's production company, As-Sahab, but also as the equivalent of a corporate intranet, dealing with such mundane matters as expense reporting and clerical memos to mid- and lower-level Qaeda operatives throughout the world. While intranets are usually based on servers in a discrete physical location, Obelisk is a series of sites all over the Web, often with fake names, in some cases sites that are not even known by their proprietors to have been hacked by Al Qaeda. One intelligence officer who requested anonymity said in an interview last week that the intelligence community watched in real time the shutdown of the Obelisk system. America's Obelisk watchers even saw the order to shut down the system delivered from Qaeda's internal security to a team of technical workers in Malaysia. That was the last internal message America's intelligence community saw. "We saw the whole thing shut down because of this leak," the official said. "We lost an important keyhole into the enemy." By Friday evening, one of the key sets of sites in the Obelisk network, the Ekhlaas forum, was back on line. The Ekhlaas forum is a password-protected message board used by Qaeda for recruitment, propaganda dissemination, and as one of the entrance ways into Obelisk for those operatives whose user names are granted permission. Many of the other Obelisk sites are now offline and presumably moved to new secret locations on the World Wide Web. The founder of a Web site known as clandestineradio.com, Nick Grace, tracked the shutdown of Qaeda's Obelisk system in real time. "It was both unprecedented and chilling from the perspective of a Web techie. The discipline and coordination to take the entire system down involving multiple Web servers, hundreds of user names and passwords, is an astounding feat, especially that it was done within minutes," Mr. Grace said yesterday. The head of the SITE Intelligence Group, an organization that monitors Jihadi Web sites and provides information to subscribers, Rita Katz, said she personally provided the video on September 7 to the deputy director of the National Counterterrorism Center, Michael Leiter. Ms. Katz yesterday said, "We shared a copy of the transcript and the video with the U.S. government, to Michael Leiter, with the request specifically that it was important to keep the subject secret. Then the video was leaked out. An investigation into who downloaded the video from our server indicated that several computers with IP addresses were registered to government agencies." Yesterday a spokesman for the National Counterterrorism Center, Carl Kropf, denied the accusation that it was responsible for the leak. "That's just absolutely wrong. The allegation and the accusation that we did that is unfounded," he said. The spokesman for the director of national intelligence, Ross Feinstein, yesterday also denied the leak allegation. "The intelligence community and the ODNI senior leadership did not leak this video to the media," he said. Ms. Katz said, "The government leak damaged our investigation into Al Qaeda's network. Techniques and sources that took years to develop became ineffective. As a result of the leak Al Qaeda changed their methods." Ms. Katz said she also lost potential revenue. A former counterterrorism official, Roger Cressey, said, "If any of this was leaked for any reasons, especially political, that is just unconscionable." Mr. Cressey added that the work that was lost by burrowing into Qaeda's Internet system was far more valuable than any benefit that was gained by short-circuiting Osama bin Laden's video to the public. While Al Qaeda still uses human couriers to move its most important messages between senior leaders and what is known as a Hawala network of lenders throughout the world to move interest-free money, more and more of the organization's communication happens in cyber space. "While the traditional courier based networks can offer security and anonymity, the same can be had on the Internet. It is clear in recent years if you look at their information operations and explosion of Al Qaeda related Web sites and Web activities, the Internet has taken a primary role in their communications both externally and internally," Mr. Grace said. "It was both unprecedented and chilling from the perspective of a Web techie. The discipline and coordination to take the entire system down involving multiple Web servers, hundreds of user names and passwords, is an astounding feat, especially that it was done within minutes," Mr. Grace said yesterday. Not really, a simple botnet model allows for the command and control of millions of PCs that can be controlled from a single point in real time. I bet each of these sites used a similiar model. The real issue here is someone poked a stick at the prize. The first thing they teach you in incident response is to setup passive monitors. Do not make an active scan of any of the sites, especially do not download the tools or anything on a drop site. I have seen numerous security investigators doing incident response find the Command and Control drop site for malware tools, or the drop site for the trojan's uploads. And what do they do, they go and connect to it to see what is on it. What happens, the bad guy sees something connecting to it outside of its botnet, and it shuts down and moves to another IP. Investigation over. Sloppy investigating is the issue here. And whomever did this should be fired at a minimum. Link to comment Share on other sites More sharing options...
southsider2k5 Posted October 9, 2007 Share Posted October 9, 2007 An extra special thanks to ABC for that one... http://www.nysun.com/article/64163 the disclosure from ABC and later other news organizations tipped off Qaeda's internal security division that the organization's Internet communications system, known among American intelligence analysts as Obelisk, was compromised. This network of Web sites serves not only as the distribution system for the videos produced by Al Qaeda's production company, As-Sahab, but also as the equivalent of a corporate intranet, dealing with such mundane matters as expense reporting and clerical memos to mid- and lower-level Qaeda operatives throughout the world. Link to comment Share on other sites More sharing options...
kapkomet Posted October 9, 2007 Share Posted October 9, 2007 Oh, but the conspiracy theory is that the White House leaked it. Link to comment Share on other sites More sharing options...
EvilMonkey Posted October 9, 2007 Share Posted October 9, 2007 QUOTE(southsider2k5 @ Oct 9, 2007 -> 11:42 AM) An extra special thanks to ABC for that one... http://www.nysun.com/article/64163 Just wait, I am sure there will be a passionate defense of them shortly. Link to comment Share on other sites More sharing options...
sox4lifeinPA Posted October 9, 2007 Share Posted October 9, 2007 Al Qaeda's production company, As-Sahab I'm sorry...what? a production company? their videos suck. Link to comment Share on other sites More sharing options...
Balta1701 Posted October 9, 2007 Share Posted October 9, 2007 Interestingly, the WaPo is running with the same story but with seemingly a totally different timeline (and, if you pay attention, the 2 are actually incompatible; one says that ABC news leaked the file in the morning, the other says it did not begin downloading until about midday). Around 10 a.m. on Sept. 7, Katz sent both Leiter and Fielding an e-mail with a link to a private SITE Web page containing the video and an English transcript. "Please understand the necessity for secrecy," Katz wrote in her e-mail. "We ask you not to distribute . . . [as] it could harm our investigations." Fielding replied with an e-mail expressing gratitude to Katz. "It is you who deserves the thanks," he wrote, according to a copy of the message. There was no record of a response from Leiter or the national intelligence director's office. Exactly what happened next is unclear. But within minutes of Katz's e-mail to the White House, government-registered computers began downloading the video from SITE's server, according to a log of file transfers. The records show dozens of downloads over the next three hours from computers with addresses registered to defense and intelligence agencies. By midafternoon, several television news networks reported obtaining copies of the transcript. A copy posted around 3 p.m. on Fox News's Web site referred to SITE and included page markers identical to those used by the group. "This confirms that the U.S. government was responsible for the leak of this document," Katz wrote in an e-mail to Leiter at 5 p.m. Al-Qaeda supporters, now alerted to the intrusion into their secret network, put up new obstacles that prevented SITE from gaining the kind of access it had obtained in the past, according to Katz. Link to comment Share on other sites More sharing options...
Gregory Pratt Posted October 9, 2007 Author Share Posted October 9, 2007 I look forward to an official sequence in the coming days. Link to comment Share on other sites More sharing options...
southsider2k5 Posted October 9, 2007 Share Posted October 9, 2007 QUOTE(Balta1701 @ Oct 9, 2007 -> 12:21 PM) Interestingly, the WaPo is running with the same story but with seemingly a totally different timeline (and, if you pay attention, the 2 are actually incompatible; one says that ABC news leaked the file in the morning, the other says it did not begin downloading until about midday). This was also interesting... http://mypetjawa.mu.nu/archives/189700.php The US might have had the video a day before this happened... Link to comment Share on other sites More sharing options...
Texsox Posted October 9, 2007 Share Posted October 9, 2007 So we're to believe that ABC managed to crack Qaed's network by themselves? Yah right. Link to comment Share on other sites More sharing options...
Gregory Pratt Posted October 9, 2007 Author Share Posted October 9, 2007 QUOTE(southsider2k5 @ Oct 9, 2007 -> 12:44 PM) This was also interesting... http://mypetjawa.mu.nu/archives/189700.php The US might have had the video a day before this happened... Yes, I saw that and was about to post it. Very good. Link to comment Share on other sites More sharing options...
vandy125 Posted October 10, 2007 Share Posted October 10, 2007 Washington Post says leak came from Bush administration: Post Article Someone should get fired for this... Link to comment Share on other sites More sharing options...
BigSqwert Posted October 10, 2007 Share Posted October 10, 2007 (edited) QUOTE(vandy125 @ Oct 10, 2007 -> 02:09 PM) Washington Post says leak came from Bush administration: Post Article Someone should get fired for this... Or a medal of honor if you look at this administration's history. Edited October 10, 2007 by BigSqwert Link to comment Share on other sites More sharing options...
Texsox Posted October 10, 2007 Share Posted October 10, 2007 QUOTE(vandy125 @ Oct 10, 2007 -> 02:09 PM) Washington Post says leak came from Bush administration: Post Article Someone should get fired for this... Sounds convienent to blame Bush if you are the media. Link to comment Share on other sites More sharing options...
kapkomet Posted October 10, 2007 Share Posted October 10, 2007 What did they have to gain by leaking it? Link to comment Share on other sites More sharing options...
Texsox Posted October 10, 2007 Share Posted October 10, 2007 QUOTE(kapkomet @ Oct 10, 2007 -> 02:39 PM) What did they have to gain by leaking it? Someone is made to feel special. Someone is looking for a job. Someone is looking to be a hero. It could be someone inside the administration but not working under orders. Or it could be the liberal media trying to make the President look bad. But I doubt it in this case, too high profile. Link to comment Share on other sites More sharing options...
vandy125 Posted October 10, 2007 Share Posted October 10, 2007 QUOTE(Texsox @ Oct 10, 2007 -> 02:59 PM) Someone is made to feel special. Someone is looking for a job. Someone is looking to be a hero. It could be someone inside the administration but not working under orders. Or it could be the liberal media trying to make the President look bad. But I doubt it in this case, too high profile. I would bet that is right. I seriously doubt anyone was under orders, but it may be an issue with too many people getting knowledge of this sort of thing. Link to comment Share on other sites More sharing options...
Gregory Pratt Posted October 11, 2007 Author Share Posted October 11, 2007 Many, many leaks come from people telling their wives something or their best friend something or a golf buddy something and that someone telling his wife or a friend and pretty soon they've had a drink at a dinner party and are telling someone who tells a reporter who takes it to the paper and it leaks. Of course there are deliberate leaks, like Watergate or the leaks in the whole Valerie Plame mess, but that isn't how it often happens. It could be someone wanting to be a hero, but I doubt it was anyone in the intelligence services as they know better than that. A bureaucrat? Perhaps. It's all-too-possible that this Administration would want to publicize success, if not directly by the President's order then perhaps with the hope that it would make him happy to see on the news -- or bring him good coverage, even if he is unhappy. I look forward to the coming news. Link to comment Share on other sites More sharing options...
Recommended Posts