Senior Threat Researcher
François Paget is a senior threat research engineer and one of the founding members of McAfee Labs, where he conducts a ...
This week, I’m attending the Francopol conference on cybercrime, in Montreal. Francopol is the international training network of French-speaking police forces. Several speakers greatly impressed me, especially Dominique Dudemaine, Canadian Crown Prosecutor, who presented “Does cyberterrorism exist in Canada?” The answer is Yes; several lawsuits for Internet-related terrorist activities have been filed in Canada since September 2001.
One of the first concerned Momin Khawaja, a 30-year-old Canadian software engineer found guilty in a case known as the U.K. fertilizer bomb plot. The events occurred between 2002-2004. Khawaja reportedly experimented with remote-controlled detonation devices. On March 12, 2009, he was sentenced to 10 years and six months in prison.
Next was the “Toronto 18″ case. Zakaria Amara, considered the ringleader of the Toronto 18 extremist Muslim group, planned Al-Qaeda-style bombings of Toronto landmarks in 2006. Amara stated he had learned how to construct a fertilizer bomb over the Internet and planned to use it on the Toronto Stock Exchange. On January 18, he was sentenced to life in prison.
The last case concerns SaÃ¯d Namouh, sentenced to life in prison on February 17. Namouh participated with zeal and enthusiasm in the planning of terrorist acts and the distribution of jihadist propaganda. He was a video maker working for the Global Islamic Media Front (GIMF). Namouh, described as an al-Qaeda member,Â was found guilty of conspiring to commit a bombing attack in Europe, attempting to extort the governments of Austria and Germany with video threats (in March 2007), participating in a terrorist group, and aiding terrorist activities. He also helped in the making of a video related to the Alan Johnston ransom demand (May 2007). Experts demonstrated how he took part in hundreds of projihad discussions on the Internet. Under the name Ashraf, he was one of 73 members of the Khidemat forum, an online workshop for the GIMF. A few days after his arrest, his 640 contributions disappeared.
This next picture is a screenshot of Namouh’s computer desktop as the investigators found it during their search. (All images are courtesy of Dominique Dudemaine.)
The investigative work was difficult because many of the folders, filenames, and contents were in Arabic characters. However, they easily discovered maps and flag pictures of the United States that the defendant used in some of the videos he helped create. They also found a photo of a terrorist jailed in Great Britain; Al Qaeda had requested his release. This photo was used in the Alan Johnston ransom demand.
To understand how Islamic terrorists use Internet, we have to understand what the GIMF is. The Media Front is one of the most important jihadist virtual groups acknowledged by the Al-Fajr Media Center. Both of these entities are prominent online groups providing logistical, media, and advertising services on behalf of mujahideen–including al-Qaeda–around the world. These organizations recruit and propagate their ideology and, according to Dudemaine, they wish to replace in-the-field training camps with online military training.
Thus along with real-world activities, the jihadists use the Internet to pursue a psychological war, communicate and coordinate, finalize their strategies, and obtain financing. With structures such as the GIMF, they also distribute the necessary tools to see the jihad through to the end. They wish to create a “jihad virtual university” with the creation of a worldwide caliphate as its ultimate objective. Through the Internet they attempt to indoctrinate and encourage people to commit themselves to violent activities against their enemies.
One activity the GIMF is working on is the Caliphate Voice Channel (CVC) for video distribution. Another is the development and distribution of their own VPN and encryption software. The jihadist movements are reluctant to use standard encryption software such as PGP because they fear a backdoor within the implementation.
To conclude his talk, Dudemaine urged the audience: