One Man's Info War on al-Qaida

[InfoSec News <isn () c4i org>]

Forwarded from: William Knowles <wk () c4i org>

http://www.wired.com/news/conflict/0,2100,56896,00.html

By Brian McWilliams
Dec. 18, 2002 

In a case that shows both the risks and rewards of vigilante tactics, 
an American man has hijacked two Web addresses apparently used by 
al-Qaida to laud terrorist attacks. 

The domains, jehad.net and jehadonline.org, are now in the control of 
a manager for a large Minnesota financial services firm. The man said 
he wrested control of the domains from their owners after reading on 
Dec. 8 that al-Qaida used jehad.net to claim responsibility for recent 
attacks on an Israeli airliner and a hotel in Kenya. 

"I believe in free speech, but it upsets me to see people using this 
great medium for such evil purposes," said the man, who asked not to 
be identified but said he was willing to cooperate with U.S. 
investigators. 

But some said the Minnesota man's actions, like those of other 
patriotic hackers, could hinder rather than help the U.S. government's 
war on terrorism. 

"This guy might think he's being a hero, but in fact he's an idiot," 
said an official with DV2, the Atlanta ISP that hosts the sites. "The 
FBI has been closely watching these sites, and by taking the law into 
his own hands he may have screwed that up." 

A spokesman for the FBI's terrorism task force in Atlanta said he 
could not comment on the incident. 

The owners of both jehad.net and jehadonline.org configured the 
domains to point to the same site at DV2. In an October message on the 
site, al-Qaida praised an attack in Yemen on a French oil tanker. Last 
July, the site posted an audio message attributed to an al-Qaida 
leader who threatened new attacks on the United States. 

The Minnesota man said he was able to gain control of the two domains 
last week after breaking into the MSN Hotmail account of someone using 
the name Julliou Armani, a resident of Saudi Arabia listed as the 
contact for jehadonline.org. 

The handful of saved messages in Armani's account included some with 
user names and passwords for managing the domains, the Minnesota man 
said. Armed with that information, the hacker vigilante could have 
modified the domains' records so that they no longer pointed to the 
al-Qaida messages. But he has so far resisted the urge to sabotage the 
sites. 

"If I see a crime taking place, I'm the sort of person who would jump 
in to try to stop it," he said. "I don't like that kind of thing 
happening in my world." 

Eugene Schultz, a security expert with the Lawrence Berkeley National 
Laboratory, said law enforcement has "been burned" in the past by 
trying to collaborate with online vigilantes. 

While Schultz said the government is unlikely to "deal effectively" 
with al-Qaida sites, he added that patriotic hackers might 
unintentionally tip off terrorists or even goad them into retaliatory 
action. 

"When faced with the opportunity to drive the bad guys off the Net, 
the only ethical and legal solution is to contact law enforcement and 
hope for the best," Schultz said. 

To gain access to Armani's e-mail account, the Minnesota man said he 
used a Hotmail feature that provides hints for users who forget their 
passwords. He said he correctly guessed the answer to Armani's 
self-chosen Hotmail "secret question," then he reset Armani's 
password. 

Microsoft representatives were not immediately able to comment on 
whether MSN would officially report the Hotmail account hijacking to 
law enforcement. 

The hacker said he is willing to provide officials with the 
information he got from the account, which included credit card data 
used by the original owners to register one of the domains with 
VeriSign, as well as aliases and addresses used by the site operators. 

But even the organizer of an online effort to shut down terrorist 
sites frowned on hacking al-Qaida. 

"I think information warfare is best left to governments and should 
not be waged by civilians," said Aaron Weisburd of the Internet 
Haganah, which relies exclusively on notifying ISPs and law 
enforcement. 


 
*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.