(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for the ‘Counter-Insurgency’ Category

Handwringing, Moralizing, Anonymous, Paedophilia, and Digital Vigilantism

with 2 comments


I recently posted about the Hidden Wiki and its prevalence in hosting paedophilia content. This post may or may not have left an impression on some of the  anonymous collective to take action and perhaps sow good will for their group by hacking into the “Lolita City” site within the DarkNet and releasing thousands of users email addresses and personal data (such as it is on such a site) for the Internet to feast upon. The Anon’s are doing this for their own reasons, but the upshot of it all is that they are causing the paedophiles pain in making it hard for them to get their content as well as potentially outing them online as purveyors and consumers of this wretched content.

Since my post applauding them and giving them some direction as to how to become more of an intelligence gathering apparatus for the LEO community, some in the infosec world have come forward and voiced concerns about this line of thought. All of the talk about the morals, legalities, and philosophical aspects of Anonymous undertaking such actions has gotten me thinking quite a bit.It all raises some interesting questions and philosophical challenges.

Anonymous and Digital Vigilantism:

What I think that most people with reservations about Anonymous taking up such operations as the DarkNet op have are that these people are for the most part kids without training and without any kind of oversight. Oversight in that they could get too big for their britches (one could say that many already have) and think that they are invulnerable to attack never mind the respective laws of our society. That said, it would seem that Anonymous, Antisec, and LulzSec have already decided to take up the mantle of vigilante’s already. However, the targets have been, for the most part, varied parties that could be seen as hapless victims or as malefactors, it all depends on the point of view really.

In the case of Scientology, well, aside from religious freedoms (trust me, they are not a religion) generally the Scientologists have been pretty much seen as getting what they deserved. Today though, years later, Anonymous has begun to take on the governments of the world as well as the likes of Paedophiles online. Once again, generally, people see what they want to concerning whether governments are good or bad. Paedophiles though, pretty much are outlawed universally. So, when Anonymous decided to attack, I could not fault them one bit. However, I could perhaps fault their methods.. Only in that they were bound to only let the paedo’s get away in the end.

I have said it before and I will say it again.. “One man’s freedom fighter is another man’s terrorist” It all depends upon your perspective really. While I do not think all of their targets have been chosen wisely, I cannot fault the true believers out th4ere that they are doing something out of conscience and good. This is not to say that a certain element of the movement is in fact just in it for the lulz (i.e. Antisec and LulzSec) There certainly are factions at play who just want to see the world burn as well as garner themselves digital street cred.

Overall though, the term Vigilante denotes a person or persons (committee’s) who dole out justice summarily when the law is seen as ineffective by them. In this case, the Anon’s have taken up the mantle of vigilante in order to rid the DarkNet of paedophile content because law enforcement seems unable to effectively. Now this is also the crux of the issue in another way, as the police generally are not allowed to hack into sites and dump the dirt so to speak.. The Anon’s are unhindered here. Just as they have felt the same way about other operations where they have denied service to corporations (likening it to a digital sit in) they have crossed the line of the law, but, their methods and motivations are free of it… Until they get caught that is.

The essence of the thing is this.. “Don’t do the crime unless you can do the time” If they believe in it strongly and act upon it, then they must accept the risks of being caught and incarcerated. So far, much of the motivation I have seen by a good deal of anon’s has been motivated by convictions and beliefs. All others have been for Lulz, which is what made LulzSec even more of a problem as they just did not care. The current Antisec movement that LulzSec begat also seems to lack the conviction of their beliefs and seems more driven by ego than anything else by their writings.

And this is the difference between the chaotic Joker like actors and the Batman types.

Anonymous vs. PLA, vs. Patriot Hackers:

Pulling back a bit now, I would like to look at the macroscopic view of Vigilante behaviour versus nation state sanctioned or perhaps, a better word for it would be “condoned” actions and groups. I have written in the past about groups like the Honker Union in China as well as the colourful character known as th3j35t3r. both of these entities have had an effect on the collective consciousness concerning digital vigilante justice and I think it important that they form the contextual base for Anonymous’ actions in Operation DarkNet.

First off, ALL of these entities have been doing what they do (Jester DDOS of Jihadi sites and Anonymous, Honker, hacking against the enemies of China, and Anonymous, attacking sceintology, the gov, and paedo’s) with a mind toward doing “good” In the case of Jester, he thinks DDoS-ing jihadi sites out of a patriotic bent that will stop them from communicating. In the case of the Honker Union, they are patriots to their homeland and attack others who would do their country slight or harm. Anonymous though, started out of /b/ … Which really is a band of miscreants for the most part. However, a core group decided to take on the mantle of doing right somewhere down the line and we find swaths of them today supporting Occupy Wall Street and other political agenda’s.

The basic idea here is that they are all motivated by a belief in some greater good.. Mostly. I am sure there are on individual levels, many more motives (ego, greed, ego… the list goes on) but I will just put it to a gross generality that these people want to effect some kind of change.

At least I hope that this is the case…

What is really different though is that in the case of Jester and the Honker Union, they both are condoned if not outright supported efforts by the countries they reside in. In the case of the PLA and the Honker, there is clear connection between the state and their actions. In the case of Jester, there are allegations (made by him) that his is state sponsored.. But, I think more to the point he is condoned. Either way, the Anon’s may indeed be getting some support (moral or other) from state sponsors and not even know it. In the case of Anon, they could just become the tool of another nation state and not know any better.

Which is pretty scary.

All of these entities though, have had a greater or less effect upon the internet these last few years through their online shenanigans via hacking. The secret is this, they are just the first. There will be others to be sure.. The genie is out of the bottle on this one.

Anonymous vs. LulzSec & Antisec:

Conversely, we have LulzSec and Antisec, who both wreaked havoc on the corporations and the police of the world lately. Their reasons for doing so pretty much have been stated as “because we are bored” At the core though, there seems to be a couple of motives here from postings online. One is the afore mentioned Lulz, the other, seems to be a kind of abject hatred of authority and police. In recent hacks on the police though, there seems to be a bent toward supporting the Occupy movement as the police have had some transgressions against them. So.. They hacked the police and dumped all their data to spite them. Frankly, I see no value to this and once again, even if motivated by supporting the movement, it has no real effect on the police other than to make them more angry and reactive against the protesters.

Basically, I still see Antisec as the Penguin & Joker while Lulz as The Riddler though while Anonymous has become more like The Batman in certain quarters

Anonymous on the other hand has had its lulz, but seems to be growing up a bit and maturing. The social conscience of anon has begun to take shape and within it (movement wise) may well be the lasting component that will be its Raison d’être in the end. Time will tell though, and I hope that this is the case more so than just a bunch of malcontent’s seeking attention and excitement.

The Hand Wringing by The Infosec Community At Large:

Alright, back to the hand wringing and the moralizing post the Op DarkNet…

Certain people in the community wrote that while the empathised with what Anon was trying to do with Op DarkNet, they felt that these people were not the folks they would have doing this to start. Most of this comes from the fact that many of the players are not trained investigators and not LEO’s. I can agree with this from the perspective of legal proceedings later on. If Anonymous hacks a server and then dumps data, it could have an effect on the court case from a few perspectives;

  1. Contamination: The defense could claim that the server was hacked and the data planted
  2. The data could have indeed been tampered with by anon’s
  3. The backend of the server/dbase could in fact be shared and all those who share could be swept up in the legalities/implications
  4. The hack is enough to raise reasonable doubt

So, yes, it could be counter productive to have a vigilante force actually hack a system and report it to law enforcement. However, I would advocate that in the case of Anonymous and the paedo’s at the least, they not just hack and dump data, but instead give that data to law enforcement to start an investigation. For that matter, if Anonymous just located the servers and authenticated (sans hacking) that the content was there, they could in fact just tip off the police.

And this is at least part of what they did with Lolita City in the DarkNet. They tried to locate the server location and this alone could be a great boon for the authorities.

On the other hand, there are moral/ethical objections on the parts of some who think that perhaps letting Anonymous do this type of thing, or even encourage it is setting a bad precedent. To them, Vigilante’s are outside the scope of good behaviour and the law.. They cannot be tolerated. Personally, I think that that is a sanctimonious load of crap, but, that’s just me.

Sometimes when the system cannot function other means need to be taken to effect change. In this case, within a network that is anonymized and the authorities have had little success in catching anyone trading in paedophilia, I see no harm in Anonymous outing them.. Though, I would rather they just passed the intelligence to the LEO’s instead. It is my opinion, that if done correctly, intelligence gathering of this type with a tip off to the police has a better chance at actual arrests and convictions than to just let them go on about their peddling of child pornography.

Just one man’s opinion…

Philosophical and Ethical Stands On Being The Digital Batman:


This is the philosophical and ethical standpoint I take in being the digital Batman. Strict utilitarianism dictates that maximizing overall good is key. In this case and perhaps others, the taking down of the paedophile’s content and capturing their login credentials is enough “good” to allow for the action to be seen as acceptable. This is really the basis of The Batman’s ethics in the comics and ideally, for me on this particular incident with Anonymous.

Now, this does not mean I agree with all of their operations as well as certainly not agreeing with the bulk of the actions carried out by the Antisec movement. However, the perspective is the key I suppose. It’s a slippery slope I admit, but, in this case of OpDarkNet, I agree with the greater good being served in this case.


Here we have the Deontologists like Sam Bowne. Deontology is a nice thing to cling to the ethical rules of a governing system of laws. However, it seems to me, and others here, that this system of laws is not working against these offenders in the hidden wiki. Sure, you could say that the LEO’s have ongoing investigations, but, just how many busts have there been as opposed to the massive amount of content located on the hidden wiki and within i2p, Freenet, and TOR?

So far, I have not seen law enforcement really winning this battle.

Oh well, the Deontologists have their point of view and others have theirs. The key here is that Sammy and others like Packetknife are entitled to their point of view. They are right for themselves, and that is the issue with all philosophy and ethics arguments. Like I said, it’s all about your world view. However, I do not ascribe to a moral absolute unlike someone like Sammy.

There are no right answers. There is only what you are willing to accept for yourself.

Legal Aspects of Digital Vigilantism:

Now, on to the legal aspects here.

18 U.S.C. § 2252 : US Code – Section 2252: Certain activities relating to material involving the sexual exploitation of minors 

The US code on activities related to sexual exploitation of minors alludes to the fact that one has to “knowingly” access such content and to have more than 3 pieces of “content” to be considered guilty of child exploitation/pornography. This of course also alludes to the trafficking thereof etc etc in legalese. Where this is important for the digital Batman is where there are caveats.

(c) Affirmative Defense. - It shall be an affirmative defense to
a charge of violating paragraph (4) of subsection (a) that the
defendant -
(1) possessed less than three matters containing any visual
depiction proscribed by that paragraph; and
(2) promptly and in good faith, and without retaining or
allowing any person, other than a law enforcement agency, to
access any visual depiction or copy thereof -
(A) took reasonable steps to destroy each such visual
depiction; or
(B) reported the matter to a law enforcement agency and
afforded that agency access to each such visual depiction.

So, as I said before, if you are trying to take one of these sites down, then do turn off your browser’s images capabilities.. Hell, why not just use Lynx for that matter so as to negate the issue. However, there is a key point here that you all should take into account. It’s the bit about making the LEO’s aware of the content. This is what I was trying to get at before. If Anonymous or anyone is going to go after this content, then it would be best if you tipped off the LEO’s to the site and the content. Now, the above statement implies that if you make the tip, then you are going to let the police have your system to look at… And we all know Anonymous is not going to do that. So, just be judicious about your tip off’s to the authorities. Do your homework and dump the data to them directly, not on Pastebin.

Of course, then there are the issues of hacking a system in the first place… Well, in the DarkNet, the only thing as I see it that is key would be not leaving a trace that you were there. You know, kinda like the whole hiking ethos of only leaving footprints.. But in this case I would suggest not even a footprint should be left behind. It seems to me, that if you hack a paedo site, even with good intentions, you could get the double whammy from the authorities of hacking as well as accessing child porn…

And that could really be problematic.

So, in the end, I circle back to recommending that you become intelligence gatherers and locate the sources to report. If you locate them, and you get some good details for the authorities without having to SQLi them, all the better. You will be doing a good thing AND you will be satisfying the Deontologists in the room.

Keep your wits about you kids.


The Psychology of “Neo Jihad” Radicalization

with one comment

The Paradigm Pivot:

Soon after the attacks on 9/11 the US and other countries began a “War On Terror” that attempted to disrupt and destroy the Al Qaeda networks. The military and intelligence wars on AQ have been very successful in that they have splintered the group, cut its main lines of C&C, and forced them to scatter into the hills of Waziristan and other places. The intelligence war began with stepped up surveillance technically as well as, after much spin up, getting physical assets on the ground and inserted into the intelligence gathering apparatus. Once the networks were set up, and the AQ infrastructure fractured, it became apparent to the leaders of AQ that they needed to proselytize in a different way to get more “recruits” for the global jihad that they wanted.

Once the realization set in, the AQ leadership began to move online to communicate, radicalize, and recruit new jihadi’s to the cause. As time went by and more of the networks were broken, the ranks of jihad began to thin out. This became a real problem for Al Qaeda and it realized that it needed a new paradigm to reach the “Western” ummah that they could try to sway to jihad. With the creation of GIMF, and AQAP later on, the footprint of jihadi propaganda and radicalization took shape online. Since 2001, we have seen AQ and affiliates grapple with how to get their message across as well as create channels for those who are not in the 2 lands, to radicalize, and then come to jihad.

This post is about not only the means that AQ, AQAP, and others have come up with as a response to the problem, but also a profile of the GEN2 jihadi’s online that are being radicalized and who have acted in the past as well as those who may in the future.

Online Jihad: 10 Years of Internet Jihad

A plethora of sites on the internet have been set up over the years by AQ and its affiliates to propagandize and communicate. many of these sites at first were just simple file upload areas and small bulletin boards. Today we have many mass media style sites including videos, tutorials, online chat areas, and private messaging. The PHP bulletin boards set up on domain named sites or on servers (stealth) that have been hacked, have been the most popular of all. With these sites, the jihad radicalization goes on with postings within pass-worded group sites like Shamukh (AQ) or

For the most part, these sites have only been partially successful in being a command and control mechanism for AQ. They have failed to gather the swelling support that they would have liked on the part of the Western ummah and it is this lack of fervor that has them vexed. I have personally seen this vexation in AQAP’s “Inspire Magazine” as they have been trying to become more “Hip and Western” to get a new audience. All of their efforts though, have had lackluster returns. This lack of response on the part of the young westernized groups that they are targeting is likely to a few factors;

  1. The radicalization process is not in person
  2. The western mindset of the targets is more secular in nature and separate from the core AQ groups experiences
  3. These youths are not living in lands where war is ongoing
So, the target populations that they are aiming at are hard to reach and likely not predisposed to radicalization online easily. However, there are others who they do reach. These are a smaller group of individuals who are outlined below in the GEN2.0 section of this post. First though, there needs to be an explanation of the psychology of radicalization that will backstop the three points above on why the jihad is missing the mark with the western youth.

The Psychology of Radicalization:

Radicalization: The process in which an individual changes from passiveness or activism to become more revolutionarymilitant or extremist. Radicalization is often associated with youthadversityalienationsocial exclusionpoverty, or the perception of injustice to self or others.

Much of the classic radicalizing that happens within movements such as Al Qaeda happens when the like minded get together under the penumbra of a stronger personality that leads them. In the case of Islamic Jihad, there have been many Imam’s and leaders who preach this type of thought within their right wing versions of Islam. This is the core of the idea behind raising the ummah army to fight a jihad, the radicalization of the parishioners through direct proselytizing. Since 9/11 though, much of the Muslim community has come under scrutiny from intelligence gathering groups seeking to find the next cell of terrorists being exhorted to jihad by an imam or another leader.

In other cases secular leaders may arise, this may take shape in the form of someone like Mohammad Atta, or the like who are within a circle of like minded people (What Dr. Marc Sageman calls “a group of guys” theory) who “self radicalize” and either make contact with core AQ, or, they decide to act on their own, using the internet as their guide to jihad techniques and ideals. This may happen with two or more individuals seeking like minded people, or, a leader may inculcate them into their particular brand of thought.

A third and seemingly rising type of radicalization seems to be the Lone Wolf or Loner. This is a person either seeking to belong to something greater than they are, or, someone mentally unbalanced and moving along the lines of their own particular mental illness. The Lone Wolves and the Loner’s are dangerous in that they are now one of the primary targets of AQ and their propaganda/radicalization drive other than the “group of guys” The reason for this is that all of these groups can “self radicalize” without having to step into a mosque by reading online and digitally relating with other like minded jihadi’s online. The major difference being that there is no direct contact and, for most, this method of contact and radicalizing lacks the added social element of being in person as a part of a group.

This is a key feature of radicalization that needs to be understood. Since we are social animals, we need to feel that kinship and the only real way to do this primarily is to be within a social dynamic structure that includes physically being there. Online it seems, just does not cut it for most. However, there are others, the mentally ill, and those who are so socially awkward, that online seems to be the only way that they can relate, that have become the next generation of jihobbyists. This in tandem with the fact that now it is rather hard to make contact with, and access the core AQ group physically (i.e. going to a training camp in Waziristan) has made the online radicalization process the pre-eminent way for the jihadi process to carry on.

Jihad GEN 2.0: Lone Wolves, Wolf Packs, & Loners

  • Lone Wolves: Single actors who radicalize either by self or online groups but act alone
  • Wolf Packs: “The Group of Guys” Who radicalize together as a unit and attempt jihad
  • Loners: The single player who radicalizes online and may have contacts with some but is not a team player
These terms above have been bandied about for a while now in the CT arena. The reason for this is two fold. One, we have been seeing these types radicalizing and acting out. Two, AQ has also seen this trend and they are trying to leverage these small groups or single individuals to action. As stated at the top of this post, the lines of communication and radicalization have had to change since the war on terror began. It is because we have so cornered AQ and their afiliates in the 2 lands, that they have resorted to these tactics, and, they are finding it hard to have any good results. This however, has not stopped them from trying and also trying to innovate new ways to radicalize the Western ummah.

Lone Wolves, or the “Lone Wolf” The most likely candidate for the lone wolf is a second generation immigrant who feels some sort of synergy with their parents homeland. There have been a spate of cases where Al Shebaab had converts sneak off from the US to Somalia to train with them. The majority of these lone wolves in this case, were kids in their teens or early twenties that took off to join the jihad there. The premise though, is that these are people who are not necessarily part of any one group but seek out the jihad on their own. They often connect with the core jihadi groups in some way (Malik Hassan and Anwar Al Awlaki) and then act on their own in a more constructed and supported way from the core AQ groups.

A number of these “lone wolves” were caught here in the US when they were intercepted by the FBI in sting operations. These operations mostly consisted of assets talking to the lone wolf and asking them what they would do for jihad. What operations would they like to pull off, and offer that wolf the means to carry out their intentions. This for some, treads the line of entrapment, but for me, I think it is fair game because either way, the individual, unless being held captive and tortured etc, is not suffering from “Stockholm Syndrome” and thus acting under their own will. Social dynamics aside, these actors sought out the jihad, and in my mind, already have instabilities and predispositions that will inevitably lead them to do something with or without the help of an agent provocateur.

Wolf Packs are groups of like minded individuals who have either come together and then radicalized, or, have formed due to a strong leader. These are the most dangerous of the groups because they tend to be groomed by core AQ and, as a group, not only self radicalize, but they re-enforce their belief and action as a social dynamic. Wolf packs have been seen as the more organized and thus more dangerous element in this behavior model. An example of the wolf pack would be the Lackawana 6 or others who banded together and eventually went to an AQ training camp. Though, in the case of the Lackawanna 6, it seems as though they came back from the trip decidedly lacking the motivation to carry out a mission. This is likely because of their Westernized mind set. They did however provide material support to the jihad, and were convicted of this.

Another wolf pack though are the 19 who carried out the attacks on 9/11. The Hamburg Cell, as they were called, came together in Germany where they self radicalized at a local mosque and eventually made contact with the core AQ group. This group would be considered the progenitor of the wolf pack jihad itself and are lauded by AQ for their success. They are the model for AQ’s blueprint originally on reaching a western audience.

Loners are the last type of jihadi that the AQ core are seeking to incite. The loner tends to be an individual who is socially inept to the degree that some have actually been diagnosed with Aspergers Syndrome. Still others have proven to be mentally ill individuals who latch onto the jihad for whatever reasons are driving their psyche. On average, the loner can be seen as the spree killer of the group that feeds the need of the jihad in that they sow fear and confusion while potentially taking out numbers of people. An example of a loner would be Nidal Malik Hassan (Ft. Hood Shooter) who clearly was mentally unstable and went on a shooting rampage injuring 30 and killing 13.

Loners tend to be more the spree killers with guns than they are bomb makers. Another loner type would be Faisal Shahzad, who attempted to make a propane bomb alone. His training was incomplete or he was inept, because the device failed to go off. In the case of Shahzad, he also spent time in Pakistan (from where he emigrated to the US) with the Pakistani Taliban. His radicalization went on unseen by others around him and his actions became more erratic as time went on. I have not seen a psych evaluation of him, but from all that I have seen, it may well be that he too is mentally unstable.

Another couple of reasons to worry more about the “loner” type of jihadi are these:

  • They are loners, thus unless someone in the family see’s whats going on, it will likely go unseen until its too late
  • They are often here in the US and with guns easily available, make their spree killing scenarios most likely to work
In all, these three types of jihadi’s are the main targets now for the AQ and other core groups to radicalize and energize. The jihad needs recruits to carry out their war and the Qaeda have learned that they need not be the devout and pious to do so. The weak minded and the socially inept will do just fine.

Online Radicalization: Propaganda, Congregation, Synergy & The Online Shadow War

As mentioned above, the radicalization process online has mainly consisted of websites that cater to the newbie to the jihad up to the hard core members. Primarily though, these sites have been a means to gain new recruits for the holy war. These sites had been for a long time, rather blatantly operating online because the governments had not caught up with the technology. Recently though, there has been a change going on within the online jihad. Due to many factors including actions on the part of the hacker community, the propaganda machine that has been the jihadi bulletin board system online has begun to go underground as well as redouble its propaganda efforts.

AQAP’s “Inspire Magazine” releases also have been slowed down and the core’s processes for distribution tightened because of tampering with the files in the past and the worries that they have been compromised as a network online. Spooks and hackers have been infiltrating their networks and websites for a while now and they have caught on. Of course in some ways, the assumption should always have been so. However, attacks on the AQ propaganda sites have increased over the last couple of years to include complete take downs of certain sites through DD0S as well as compromise and destruction of their back ends. Since these occurrences, the smarter of the group have decided that it was time to create a new propaganda jihad.

Abu Hafs alSunni alSunni, is an exemplar of this mindset. He espouses that the propaganda jihad needs to be more layered and secret. His proposal is to hide the online jihad in plain sight, by making pages that have stealth links (gateway sites) that will lead the knowing, to the real sites where content can be obtained and ideas shared. His ideas were a bit ahead of the curve for most on the boards, but now, post 2011, the administrators and the core AQ I think, are taking a closer look at this model. As online sites that are non secret become more and more targeted, it is only natural that they jihad would eventually have to go underground to continue and flourish from a command and control as well as radicalization standpoint. By locking down the content with gateways to it, those who are serious could congregate behind the digital curtain and carry on, while the digital bill boards call to all those thinking about joining the fray.

As the online jihad progresses technically, so too will their followers and this is a concern. With technologies such as TOR (The Onion Router) and their “Hidden Services” one can now easily hide all content behind a network that cannot be tracked or traced. Online chats can be had in total anonymity as well as files can be left within the confines of such networks for only those who have the right address to get them (net/net meet the new digital anonymous dead drops) and it is here that once again the pivot happens within the dynamic of online jihad. Once the technological skills of the jihadi’s come online, so too will the types of attacks online that could be carried out by them as well as the success rates of kinetic attacks because they are using solid methods to transmit and connect with each other to plan operations.

Already we have seen this movement happening on the forums and it really is only a matter of time until some of these guys read the man page on how to configure their own TOR node with hidden services turned on. It is clear that the technologies are making it easier for them to hide in plain site as well as behind the technical curtain, so, it is my proposition that the next iteration of the GWOT have a component of psychological operations more involved. Just as I have said about the Anonymous situation ongoing, the greater successes are likely to come about because we better understand the players motivations and psyche’s.

Countering The Threat:

In conclusion, I see a two pronged method of attack to fight the online jihad:

  1. Psyops: The idea that psychological operations has always been a part of the counter insurgency effort. However, in the digital world this has been more the spooks territory than the digital warfighter. Of course the digital war is new as is the online jihad so it is a natural progression to see this type of warfare as well as detective process being implemented.
  2. Technical Counter-Insurgency Operations: As the technological adroitness grows on the part of the jihadi’s so should the capabilities on the counter insurgency online. It is understood that the US has quite a bit of technical know how online so it is an easier supposition to make that we will be able to step up quickly. However, it is the melding of the two (psyops/pscyhology and technical ops) that must happen to wage this battle well.
We are going to have to step up our online activities to meet the challenge and as far as I have knowledge of, certain areas of law enforcement need to play catch up. The AQ core will continue to reach out to the lonely and dispossessed to radicalize the newcomers as well as use the technologies we have created (privacy/hacking utilities included) to effect the outcomes they desire and we need to be able to counter them.

APPENDIX A:US Cases of Terrorism since 9/11


• José Padilla. José Padilla (32), a native U.S. citizen, convert to Islam, and al Qaeda

operative, was arrested upon his return from the Middle East to the United States.

Although there is no question of his al Qaeda connection, his mission remains unclear.

He was convicted for providing material support to al Qaeda and sentenced in 2008.

A co-defendant, Kifah Wael Jayyousi (40), a naturalized U.S. citizen from Jordan, was

also convicted.

• The Lackawanna Six. Six Yemeni-Americans—Sahim Alwar (26), Yahya Goba (25),

Yasein Taher (24), Faysal Galab (25), Shafal Mosed (23), all born in the United States,

and Muktar al-Bakri (21), a naturalized citizen—were arrested for training at an

al Qaeda camp in Afghanistan.

• The Portland Seven. Seven individuals—Patrice Lumumba Ford (31), Jeffrey Leon

Battle (31), October Martinique Laris (25), Muhammad Ibrahim Bilal (22), Ahmed

Ibrahim Bilal (24), all native U.S. citizens; Habis Abdulla al Saoub (37), a U.S. perma-

nent resident from Jordan; and Maher Hawash (38), a naturalized U.S. citizen from

Jordan—were arrested for attempting to join al Qaeda and the Taliban.

• Earnest James Ujaama. Earnest James Ujaama (36), a native U.S. citizen, was arrested

for providing support to the Taliban.

• Imran Mandhai. Imran Mandhai (20), a U.S. permanent resident from Pakistan, told

an FBI informant that he wanted to wage war against the United States. He planned

to assemble an al Qaeda cell and attack various targets in Florida, including electrical

substations, Jewish businesses, a National Guard armory, and also, improbably, Mount

Rushmore. Under surveillance for a long time, Mandhai was arrested and subsequently

convicted of conspiracy to destroy property.

• Anwar al-Awlaki. Anwar al-Awlaki (31), a U.S. citizen born in New Mexico, studied

engineering in college and motivation in graduate school, then became an increasingly

radical imam. After being questioned by the FBI several times, he left the United States

in 2002 and went to Yemen, where he is now a leading spokesperson for al Qaeda.


• Adnan Gulshair el Shukrijumah. A provisional arrest warrant was issued for Adnan

Gulshair el Shukrijumah (27), a Saudi national and legal permanent resident, who grew

up and worked in the United States. Shukrijumah was suspected of involvement in a

number of terrorist plots. In 2010, he was indicted for his involvement in the 2009 Zazi

plot to blow up New York subways.

• Iyman Faris. Iyman Faris (34), a naturalized U.S. citizen from Pakistan, was arrested

for reconnoitering the Brooklyn Bridge for a possible al Qaeda attack.

• The Northern Virginia Cluster. Eleven men were arrested in June 2003 for training

at a jihadist training camp abroad, intending to join Lashkar-e-Toiba, and planning

terrorist attacks: Caliph Basha Ibn Abdur Raheem (28), a native U.S. citizen; Sabri

Benkhala (27), a native U.S. citizen; Randoll Todd Royer (39), a native U.S. citizen;

Ibrahim al-Hamdi (25), a Yemeni national; Khwaja Mahmood Hasan (27), a natural-

ized U.S. citizen from Pakistan; Muhammed Aatique (30), a legal permanent resident

from Pakistan; Donald T. Surratt (30), a native U.S. citizen; Masoud Ahmad Khan

(33), a naturalized U.S. citizen from Pakistan; Seifullah Chapman (31), a native U.S.

citizen; Hammad Abdur-Raheem (34), a U.S.-born citizen and Army veteran of the

first Gulf War; and Yong Ki Kwon (27), a naturalized U.S. citizen from Korea. Two

other individuals were also arrested in connection with the group: Ali al-Timimi (40), a

U.S.-born citizen, and Ali Asad Chandia (26), a citizen of Pakistan. Six of the accused

pleaded guilty, and another three were convicted. Benkhala was acquitted but was later

charged and convicted of making false statements to the FBI. Al-Timimi was convicted

in 2005. The case against Caliph Basha Ibn Abdur Raheem was dismissed.

• Uzair Paracha. Uzair Paracha (23), a legal permanent resident from Pakistan, was

indicted for attempting to help an al Qaeda operative enter the United States in order

to attack gas stations. He was convicted in 2005.

• Abdurahman Alamoudi. Abdurahman Alamoudi (51), a naturalized U.S. citizen from

Eritrea, was indicted in the United States for plotting to assassinate Saudi Arabia’s

Prince Abdullah.

• Ahmed Omar Abu Ali. Ahmed Omar Abu Ali (22), a native U.S. citizen, was arrested

by Saudi authorities and later extradited to the United States for providing support to

a terrorist organization and plotting to assassinate the president of the United States.


• Mohammed Abdullah Warsame. Mohammed Abdullah Warsame (31), a legal perma-

nent resident from Somalia, was arrested for conspiring to support al Qaeda. He was

found guilty and sentenced in 2009.

Chronology of the Cases

• Ilyas Ali. Ilyas Ali (55), a naturalized U.S. citizen from India, pleaded guilty to provid-

ing material support to the Taliban and al Qaeda. He attempted to sell hashish and

heroin in return for Stinger missiles, which he then planned to sell to the Taliban. Two

other defendants, Muhammed Abid Afridi and Syed Mustajab Shah, both Pakistani

nationals, were also convicted in the case.

• Amir Abdul Rashid. Ryan Gibson Anderson (26)—a native U.S. citizen and convert to

Islam who called himself Amir Abdul Rashid—was a soldier in the U.S. Army at Fort

Lewis, Washington, when he was arrested in February 2004 for contacting Islamic

websites related to al Qaeda and offering information about the U.S. Army.

• Mark Robert Walker. A Wyoming Technical Institute student, Mark Robert Walker

(19), a native U.S. citizen who, according to reports, became obsessed with jihad, was

charged with attempting to assist the Somali-based group, Al-Ittihad al Islami. He

planned to provide the group with night-vision devices and bulletproof vests.

• Mohammed Junaid Babar. Mohammed Junaid Babar (31), a naturalized U.S. citizen

from Pakistan, was arrested in New York for providing material support to al Qaeda.

• The Herald Square Plotters. Shahawar Martin Siraj (22), a Pakistani national, and

James Elshafy (19), a U.S.-born citizen, were arrested for plotting to carry out a terrorist

attack on New York City’s Herald Square subway station.

• The Albany Plotters. Yassin Aref (34), an Iraqi refugee in the United States, and

Mohammad Hossain (49), a naturalized U.S. citizen from Bangladesh, two leaders of a

mosque in Albany, New York, were arrested for attempting to acquire weapons in order

to assassinate a Pakistani diplomat.

• Adam Yahiye Gadahn. Adam Yahiye Gadahn (26), a native U.S. citizen and convert to

Islam, moved to Pakistan in 1998. By 2004, he was identified as a member of al Qaeda

planning terrorist attacks in the United States, and he subsequently became one of

al Qaeda’s principal spokesmen. He was formally indicted in 2006.

• The Abdi Case. Nuradin Abdi (32), a Somali national granted asylum in the United

States, was indicted in June 2004 for plotting with Iyman Faris to blow up a Colum-

bus, Ohio, shopping mall. (He was arrested in November 2003.)

• Gale Nettles. Gale Nettles (66), a native U.S. citizen and ex-convict, was arrested in

August in an FBI sting for plotting to bomb the Dirksen Federal Building in Chi-

cago and for attempting to provide al Qaeda with explosive material. His motive was

revenge for his conviction as a counterfeiter, but he wanted to connect with al Qaeda,

which he figured would pay him for his excess explosive materials. He was convicted

on the terrorist charge in 2005.

• Carpenter and Ransom. Two New Orleans men, Cedric Carpenter (31), a convicted

felon, and Lamont Ransom (31), both native U.S. citizens, intended to sell fraudulent

identity documents to the Philippine jihadist terrorist group Abu Sayyaf in return for

cash and heroin. Ransom, who had previously served in the U.S. Navy, was familiar

with the group. Both were convicted and sentenced in 2005.


• The New York Defendants. Three defendants—Mahmud Faruq Brent (32), a U.S.-

born citizen who had attended a training camp in Pakistan run by Lashkar-e-Toiba;

Rafiq Abdus Sabir (50), a U.S.-born citizen and medical doctor who volunteered to pro-

vide medical treatment to al Qaeda terrorists; and Abdulrahman Farhane (52), a natu-

ralized U.S. citizen from Morocco who agreed to assist in fundraising for the purchase

of weapons for insurgents in Chechnya and Afghanistan—were linked to defendant-

turned-informant Tarik Shah (42), a U.S.-born citizen who was arrested in May 2005

for offering to provide training to insurgents in Iraq. Shah identified his co-defendants,

and all four were convicted.

• The Lodi Case. Hamid Hayat (22), a native-born U.S. citizen, and his father, Umar

Hayat, a naturalized U.S. citizen from Pakistan, were arrested in June 2005 for secretly

attending a terrorist training camp in Pakistan. Umar Hayat ultimately pleaded guilty

of lying to federal authorities.

• The Torrance Plotters. Kevin James (29), Levar Washington (21), and Gregory

Patterson (25), all native U.S. citizens and converts to Islam, and Hammad Riaz Samana

(21), a permanent resident from Pakistan, were charged in August 2005 with planning

to carry out terrorist attacks on National Guard armories, a U.S. military recruiting

center, the Israeli consulate, and Los Angeles International airport. (This case is some-

times referred to as the Sacramento Plot.)

• Michael Reynolds. Michael Reynolds (47), a native U.S. citizen, acquired explosives

and offered them to an informant whom he believed was an al Qaeda official to blow

up the Alaska Pipeline in return for $40,000.

• Ronald Grecula. Ronald Grecula (70), a native U.S. citizen, was arrested in Texas in

May 2005 for offering to build an explosive device for informants he believed to be

al Qaeda agents. He pleaded guilty to the charge in 2006.


• The Liberty City Seven. Seven men—Narseal Batiste (32), a native U.S. citizen;

Patrick Abraham (39), a Haitian national illegally in the United States after over-

staying his visa; Stanley Grunt Phanor (31), a naturalized U.S. citizen; Naudimar

Herrera (22), a native U.S. citizen; Burson Augustin (21), a native U.S. citizen; Rothschild

Augustin (26), a native U.S. citizen; and Lyglenson Lemorin (31), a legal permanent resi-

dent from Haiti—were charged in June 2006 with plotting to blow up the FBI build-

ing in Miami and the Sears Tower in Chicago. Herrera and Lemorin were acquitted.

Chronology of the Cases

• Syed Hashmi. Syed “Fahad” Hashmi (30), a Pakistani-born U.S. citizen, was arrested

in London on charges of providing material support to al Qaeda.

• Derrick Shareef. Derrick Shareef (22), a native U.S. citizen and convert to Islam, was

arrested for planning a suicide attack on an Illinois shopping mall. He intended to

place hand grenades in garbage cans, but the plot also involved handguns.

• The Fort Dix Plotters. Six men—Mohammad Ibrahim Shnewer (22), a naturalized

U.S. citizen from Jordan; Serdar Tatar (23), a legal permanent resident from Turkey;

Agron Abdullahu (24), a U.S. permanent resident from Kosovo; and Dritan Duka (28),

Shain Duka (26), and Elljvir Duka (23), three brothers from Albania living in the

United States illegally—were charged with plotting to carry out an armed attack on

soldiers at Fort Dix, New Jersey.

• The Toledo Cluster. Mohammad Zaki Amawi (26) and Marwan El-Hindi (43), both

naturalized U.S. citizens from Jordan, and Wassim Mazloum (25), a legal permanent

resident from Lebanon, were arrested in Toledo, Ohio, for plotting to build bombs to

use against American forces in Iraq. Two additional persons were also charged in this

case: Zubair Ahmed (26), a U.S.-born citizen, and his cousin Khaleel Ahmed (25), a

naturalized U.S. citizen from India.

• The Georgia Plotters. Syed Harris Ahmed (21), a naturalized U.S. citizen, and Ehsanul

Islam Sadequee (20), a U.S.-born citizen from Atlanta, Georgia, were arrested in April

2006 for discussing potential targets with terrorist organizations and receiving instruc-

tion in reconnaissance.

• Daniel Maldonado. Daniel Maldonado (27), a native U.S. citizen and convert to

Islam, was arrested for joining a jihadist training camp in Somalia. He was captured

by the Kenyan armed forces and returned to the United States.

• Williams and Mirza. Federal authorities charged two students at Houston Commu-

nity College—Kobie Diallo Williams (33), a native U.S. citizen and convert to Islam,

and Adnan Babar Mirza (29), a Pakistani national who had overstayed his student

visa—with aiding the Taliban. According to the indictment, the two planned to join

and train with the Taliban in order to fight U.S. forces in the Middle East.

• Ruben Shumpert. Ruben Shumpert (26), also known as Amir Abdul Muhaimin, a

native U.S. citizen who had been convicted for drug trafficking, converted to Islam

shortly after his release from prison. When the FBI came looking for him in 2006, he

fled to Somalia and joined al-Shabaab. He was reportedly killed in Somalia in Decem-

ber 2008.


• Hassan Abujihaad. Hassan Abujihaad (31), formerly known as Paul R. Hall, a native

U.S. citizen and convert to Islam who had served in the U.S. Navy, was arrested in

April 2007 for giving the locations of U.S. naval vessels to an organization accused of

supporting terrorists.

• The JFK Airport Plotters. Russell Defreitas (63), a naturalized U.S. citizen from

Guyana; Abdul Kadir (55) a Guyanese citizen; Kareem Ibrahim (56), a Trinidadian;

and Abdal Nur (57), another Guyanese citizen, were charged in June 2007 with plot-

ting to blow up aviation fuel tanks at John F. Kennedy Airport in New York. Defreitas

was arrested in Brooklyn. The other three plotters were arrested in Trinidad and extra-

dited to the United States.

• Ahmed Abdellatif Sherif Mohamed. Ahmed Abdellatif Sherif Mohamed (26), a U.S.

permanent resident from Egypt, was arrested for providing material support to terror-

ists by disseminating bomb-making instructions on YouTube. He pleaded guilty to the


• Omar Hammami. Now known as Abu Mansour al-Amriki, Omar Hammami

(23), a native-born U.S. citizen, left Alabama some time not later than 2007 to join

al-Shabaab in Somalia. He later appeared in the group’s recruiting videos. Hammami

was indicted in 2010 for providing support to al-Shabaab.

• Jaber Elbaneh. Jaber Elbaneh (41), a naturalized U.S. citizen from Yemen, was con-

victed in absentia by a Yemeni court for plotting to attack oil and gas installations in

Yemen. He had previously been charged in the United States with conspiring with the

Lackawanna Six. He was one of a number of al Qaeda suspects who escaped from a

Yemeni prison in 2006. He subsequently turned himself in to Yemeni authorities.

• The Hamza Case. Federal authorities charged the owner and several officials of Hamza,

Inc., a financial institution, for money laundering and secretly providing money to

al Qaeda. Those charged included Saifullah Anjum Ranjha (43), a legal permanent U.S.

resident from Pakistan; Imdad Ullah Ranjha (32), also a legal permanent resident from

Pakistan; and Muhammed Riaz Saqi, a Pakistani national living in Washington, D.C.

Also charged in the case were three Pakistani nationals living in Canada and Spain.


• Christopher Paul. Christopher “Kenyatta” Paul (43), a native U.S. citizen and convert

to Islam living overseas, was arrested upon his return to the United States in April 2008

for having plotted terrorist attacks on various U.S. targets. He later pleaded guilty.

• Bryant Vinas. Bryant Vinas (26), a native U.S. citizen and convert to Islam, was

arrested in Pakistan and extradited to the United States for having joined al Qaeda in

Pakistan. He also provided al Qaeda with information to help plan a bombing attack

on the Long Island Rail Road.

• Somali Recruiting Case I. As many as a dozen Somalis may have been recruited in

the Minneapolis, Minnesota, area by Shirwa Ahmed (26), a naturalized U.S. citizen

Chronology of the Cases from Somalia, to fight in Somalia. Ahmed subsequently was

killed in a suicide bomb- ing in Somalia.

• Sharif Mobley. Sharif Mobley (26), a native U.S. citizen of Somali descent, moved

to Yemen in 2008, ostensibly to study Arabic and religion, but in reality, authorities

believe, to join a terrorist organization. He was later arrested by Yemeni authorities in

a roundup of al Qaeda and al-Shabaab militants. In March 2010, he killed one guard

and wounded another in an attempt to escape.


• The Riverdale Synagogue Plot. Native U.S. citizens James Cromite (55), David

Williams (28), Onta Williams (32), and Laguerre Payen (27), a Haitian national, all con-

verts to Islam, were arrested in an FBI sting in New York in May 2009 for planning to

blow up synagogues.

• Abdulhakim Mujahid Muhammad. In June 2009, Abdulhakim Mujahid

Muhammad (23), also known as Carlos Bledsoe, a native U.S. citizen and Muslim con-

vert, killed one soldier and wounded another at an Army recruiting station in Arkansas.

• The North Carolina Cluster. Daniel Boyd (39), a native U.S. citizen and convert to

Islam who fought against the Soviets in Afghanistan in the late 1980s, was arrested

in July 2009 along with his two sons, Zakarlya Boyd (20) and Dylan Boyd (22), also

converts to Islam, and four others, including three U.S. citizens—Anes Subasic (33), a

naturalized U.S. citizen from Bosnia; Mohammad Omar Aly Hassan (22), a U.S.-born

citizen; and Ziyad Yaghi (21), a naturalized U.S. citizen—and Hysen Sherifi (24), a

legal U.S. resident from Kosovo, for plotting terrorist attacks in the United States and

abroad. Jude Kenan Mohammad (20), a U.S.-born citizen, was also a member of the

group. He was arrested by Pakistani authorities in 2008. Boyd reportedly reconnoi-

tered the Marine Corps base at Quantico, Virginia.

• Betim Kaziu. Betim Kaziu (21), a native U.S. citizen, was arrested in September

2009 for traveling overseas to join al-Shabaab or to attend a terrorist training camp in


• Ali Saleh Kahlah al-Marri. Ali Saleh Kahlah al-Marri (38), a U.S. permanent resi-

dent and dual national of Qatar and Saudi Arabia, was charged with attending an

al Qaeda training camp in Pakistan. He pleaded guilty to providing material support

to a terrorist group.

• Michael Finton. Michael Finton (29), a native U.S. citizen and convert to Islam, was

arrested in September 2009 in an FBI sting for planning to blow up a federal court-

house in Springfield, Illinois.

• Hosam Maher Smadi. Hosam Maher Smadi (19), a Jordanian citizen living in the

United States, was arrested in September 2009 in an FBI sting for planning to blow up

an office building in Dallas, Texas.

• Najibullah Zazi. Najibullah Zazi (25), a permanent U.S. resident from Afghanistan,

was arrested in September 2009 for receiving training in explosives at a terrorist train-

ing camp in Pakistan and buying ingredients for explosives in preparation for a ter-

rorist attack in the United States. Indicted with Zazi were his father, Mohammed Zazi

(53), a naturalized U.S. citizen from Afghanistan, and Ahmad Afzali (38), a U.S. per-

manent resident from Afghanistan, both for making false statements to federal inves-

tigators; neither was involved in the terrorist plot. In January 2010, authorities arrested

Adis Medunjanin (24), a naturalized U.S. citizen from Bosnia, and Zarein Ahmedzay

(25), a naturalized U.S. citizen from Afghanistan, and charged them with participat-

ing in the plot.

• Tarek Mehana. In October 2009, federal authorities in Massachusetts arrested Tarek

Mehana (27), a dual citizen of the United States and Egypt, for conspiring over a seven-

year period to kill U.S. politicians, attack American troops in Iraq, and target shopping

malls in the United States. Two other individuals, including Ahmad Abousamra (27), a

U.S. citizen, were allegedly part of the conspiracy. Abousamra remains at large.

• David Headley. In an increasingly complicated case, David Headley (49), a U.S.-born

citizen of Pakistani descent and resident of Chicago, was arrested in October 2009

along with Tahawar Rana (48), a native of Pakistan and a Canadian citizen, for plan-

ning terrorist attacks abroad. Headley was subsequently discovered to have partici-

pated in the reconnaissance of Mumbai prior to the November 2008 attack by the ter-

rorist group Lashkar-e-Toiba. He pleaded guilty in March 2010.

• Colleen Renee LaRose. Calling herself “Jihad Jane” on the Internet, Colleen Renee

LaRose (46), a native U.S. citizen and convert to Islam, was arrested in October 2009

for plotting to kill a Swedish artist whose drawings of Muhammad had enraged Mus-

lims and for attempting to recruit others to terrorism. Her arrest was concealed until

March 2010. LaRose pleaded guilty to the charges.

• Nidal Hasan. In November 2009, Nidal Hasan (38), a native U.S. citizen and Army

major, opened fire on fellow soldiers at Fort Hood, Texas, killing 13 and wounding 31.

• The Pakistan Five. In November 2009, five Muslim Americans from Virginia—

Umar Farooq (25), a naturalized U.S. citizen from Pakistan; Ramy Zamzam (22), who

was born in Egypt, immigrated to the United States at the age of two, and became a

citizen by virtue of his parents becoming citizens; Waqar Hassan Khan (22), a natu-

ralized U.S. citizen from Pakistan; Ahmad Abdullah Mimi (20), a naturalized U.S.

citizen from Eritrea; and Aman Hassan Yemer (18), a naturalized U.S. citizen from

Ethiopia—were arrested in Pakistan for attempting to obtain training as jihadist guer-

rillas. Khalid Farooq, Umar Farooq’s father, was also taken into custody but was later

released. The five were charged by Pakistani authorities with planning terrorist attacks.

• Somali Recruiting Case II. In November 2009, federal authorities indicted eight

men for recruiting at least 20 young men in Minnesota for jihad in Somalia and rais-

ing funds on behalf of al-Shabaab. By the end of 2009, a total of 14 indictments had

been handed down as a result of the ongoing investigation. Those indicted, all but

one of whom are Somalis, were Abdow Munye Abdow, a naturalized U.S. citizen from

Somalia; Khalid Abshir; Salah Osman Ahmad; Adarus Abdulle Ali; Cabdulaahi Ahmed

Faarax; Kamal Hassan; Mohamed Hassan; Abdifatah Yusef Isse; Abdiweli Yassin Isse;

Zakaria Maruf; Omer Abdi Mohamed, a legal permanent resident from Somalia; Ahmed

Ali Omar; Mahanud Said Omar; and Mustafa Salat. No age information is available.

• Abdul Tawala Ibn Ali Alishtari. Abdul Tawala Ibn Ali Alishtari (53), also known as

Michael Mixon, a native U.S. citizen, was indicted and pleaded guilty to attempting to

provide financing for terrorist training in Afghanistan.


• Raja Lahrasib Khan. Raja Lahrasib Khan (57), a naturalized U.S. citizen from Paki-

stan, was charged with sending money to Ilyas Kashmiri, an al Qaeda operative in

Pakistan, and for discussing blowing up an unidentified stadium in the United States.

• Times Square Bomber. Faisal Shazad (30), a naturalized U.S. citizen from Pakistan,

had studied and worked in the United States since 1999. In 2009, he traveled to Paki-

stan and contacted the TTP (Pakistan Taliban), who gave him instruction in bomb-

building. Upon his return to the United States, he built a large incendiary device

in a sport utility vehicle (SUV) and attempted unsuccessfully to detonate it in New

York City’s Times Square. He was arrested in May 2010. Three other individuals were

arrested in the investigation but were never charged with criminal involvement in the


• Jamie Paulin-Ramirez. The arrest of Colleen R. LaRose (“Jihad Jane”) in 2009 led to

further investigations and the indictment of Jamie Paulin-Ramirez (31), also known as

“Jihad Jamie.” Paulin-Ramirez, a native-born U.S. citizen and convert to Islam, alleg-

edly accepted an invitation from LaRose to join her in Europe in order to attend a

training camp there. According to the indictment, she flew to Europe with “the intent

to live and train with jihadists.” She was detained in Ireland and subsequently returned

to the United States, where she was arraigned in April 2010.

Wesam el-Hanafi and Sabirhan Hasanoff. Wesam el-Hanafi (33), also known

as “Khaled,” a native-born U.S. citizen, and Sabirhan Hasanoff (34), also known as

“Tareq,” a dual U.S.-Australian citizen, were indicted for allegedly providing material

In September 2010, Sami Samir Hassoun (22), was arrested in an FBI sting in Chicago

for attempting to carry out a ter-rorist bombing. Hassoun expressed anger at Chicago

Mayor Richard Daley. It is not clear that the case is jihadist-related.

In December 2010, Awais Younis (26), a naturalized U.S. citizen from Afghanistan, was

arrested for threatening to bomb the Washington, D.C., Metro system. He made the threat on

Facebook, and it was reported to the authorities. Neither of these cases is included in the chronology.

support to a terrorist group. The two men, one of whom traveled to Yemen in 2008,

provided al Qaeda with computer advice and assistance, along with other forms of aid.

• Khalid Ouazzani. Khalid Ouazzani (32) pleaded guilty in May to providing material

support to a terrorist group. Ouazzani, a Moroccan-born U.S. citizen, admitted to rais-

ing money for al Qaeda through fraudulent loans, as well as performing other tasks at

the request of the terrorist organization between 2007 and 2008.

• Mohamed Mahmood Alessa and Carlos Eduardo Almonte. Two New Jersey men,

Mohamed Mahmood Alessa (20), a native U.S. citizen, and Carlos Eduardo Almonte

(24), a naturalized citizen from the Dominican Republic and convert to Islam, were

arrested in June at New York’s JFK Airport for conspiring to kill persons outside the

United States. The two were on their way to join al-Shabaab in Somalia.

• Barry Walter Bujol, Jr. Barry Walter Bujol, Jr. (29), a native U.S. citizen and convert

to Islam, was arrested as he attempted to leave the United States to join al Qaeda in

Yemen. He had been under investigation for two years and was in contact with an

undercover agent he believed to be an al Qaeda operative.

• Samir Khan. In June 2010, the Yemen-based affiliate of al Qaeda began publishing

Inspire, a slick, English-language online magazine devoted to recruiting Western youth

to violent jihad. The man behind the new publication was Samir Khan (24), a Saudi-

born naturalized U.S. citizen who moved to the United States with his parents when

he was seven years old. He began his own journey to violent jihad when he was 15. He

reportedly left the United States in late 2009, resurfacing in Yemen in 2010.

• Rockwood’s Hitlist. Paul Rockwood (35), a U.S. citizen who served in the U.S. Navy

and converted to Islam while living in Alaska, was convicted in July 2010 for lying

to federal authorities about drawing up a list of 15 targets for assassination; they were

targeted because, in his view, they offended Islam. He was also accused of research-

ing how to build the explosive devices that would be used in the killings. His wife,

Nadia Rockwood (36), who has dual UK-U.S. citizenship, was convicted of lying to


• Zachary Chesser. Zachary Chesser (20), a native U.S. citizen and convert to Islam, was

arrested for supporting a terrorist group in July as he attempted to board an airplane to

fly to Somalia and join al-Shabaab. Chesser had earlier threatened the creators of the

television show South Park for insulting Islam in one of its episodes.

• Shaker Masri. A U.S. citizen by birth, Shaker Masri (26) was arrested in August 2010,

allegedly just before he planned to depart for Afghanistan to join al Qaeda or Somalia

to join al-Shabaab.

• Somali Recruiting Case III. As part of a continuing investigation of recruiting and

funding for al Qaeda ally al-Shabaab, the U.S. Department of Justice announced four

indictments charging 14 persons with providing money, personnel, and services to the

terrorist organization. In Minnesota, 10 men were charged with terrorism offenses for

leaving the United States to join al-Shabaab: Ahmed Ali Omar (27), a legal permanent

resident; Khalid Mohamud Abshir (27); Zakaria Maruf (31), a legal permanent resident;

Mohamed Abdullahi Hassan (22), a legal permanent resident; Mustafa Ali Salat (20), a

legal permanent resident; Cabdulaahi Ahmed Faarax (33), a U.S. citizen; and Abdiweli

Yassin Isse (26). Three were new on the list and had been the subject of previous indict-

ments: Abdikadir Ali Abdi (19), a U.S. citizen; Abdisalan Hussein Ali (21), a U.S. citi-

zen; and Farah Mohamed Beledi (26). A separate indictment named Amina Farah Ali

(33) and Hawo Mohamed Hassan (63), both naturalized U.S. citizens, for fundraising

on behalf of al-Shabaab. A fourth indictment charged Omar Shafik Hammami (26),

a U.S. citizen from Alabama, and Jehad Sherwan Mostafa (28) of San Diego, Califor-

nia, with providing material support to al-Shabaab. (Hammami’s involvement is listed

in this chronology under the year 2007, when he first left the United States to join

al-Shabaab; Mostafa is listed separately in the next entry.)

• Jehad Serwan Mostafa. In August 2010, Jehad Serwan Mostafa (28), a native U.S.

citizen, was indicted for allegedly joining al-Shabaab in Somalia. He reportedly left

the United States in December 2005 and was with al-Shabaab between March 2008

and June 2009.

• Abdel Hameed Shehadeh. Abdel Hameed Shehadeh (21), a U.S.-born citizen of Pal-

estinian origin, was arrested in October for traveling to Pakistan to join the Taliban

or another group to wage jihad against U.S. forces. Denied entry to Pakistan, then

Jordan, Shehadeh returned to the United States and subsequently attempted to join

the U.S. Army. He allegedly hoped to deploy to Iraq, where he planned to desert and

join the insurgents. When that did not work out, he tried again to leave the country

to join the Taliban.

• Farooque Ahmed. Farooque Ahmed (34), a naturalized U.S. citizen from Pakistan, was

arrested in October for allegedly plotting to bomb Metro stations in Washington, D.C.

FBI undercover agents learned of Ahmed’s intentions by posing as al Qaeda operatives.

• Shabaab Support Network in San Diego. Saeed Moalin (33), a naturalized U.S. cit-

izen from Somalia, Mohamed Mohamed Mohamud (38), born in Somalia, and Issa

Doreh (54), a naturalized U.S. citizen from Somalia, all residents of San Diego, were

arrested for allegedly providing material support to al-Shabaab. The investigation of

this network is continuing, and a fourth man from Southern California, Ahmed Nasir

Taalil Mohamud (35), was subsequently indicted.

• Al-Shabaab Fundraising II. In November, federal authorities arrested Mohamud

Abdi Yusuf (24), a St. Louis resident, and Abdi Mahdi Hussein (35) of Minneapolis,

both immigrants from Somalia. The two are accused of sending money to al-Shabaab

in Somalia. A third person, Duane Mohamed Diriye, believed to be in Africa, was also


• Nima Ali Yusuf. Nima Ali Yusuf (24), a legal permanent resident originally from Soma-

lia, was arrested in November for allegedly providing material support to a terrorist

group. She was accused of attempting to recruit fighters and raise funds for al-Shabaab.

• Mohamed Osman Mohamud. Mohamed Osman Mohamud (19), a naturalized U.S.

citizen originally from Somalia, was arrested in December for attempting to detonate

what he believed to be a truck bomb at an outdoor Christmas-tree-lighting ceremony

in Portland, Oregon. He reportedly had wanted to carry out some act of violent jihad

since the age of 15. His bomb was, in fact, an inert device given to him by the FBI,

which set up the sting after it became aware of his extremism through a tip and subse-

quent monitoring of his correspondence on the Internet.

• Antonio Martinez. Antonio Martinez (21), also known as Muhaamed Hussain, a nat-

uralized U.S. citizen and convert to Islam, was arrested in December for allegedly plot-

ting to blow up the Armed Forces Career Center in Catonsville, Maryland. The car

bomb he used to carry out the attack was a fake device provided to him by the FBI,

which had been communicating with him for two months.

APPENDIX B: Research Materials



Wk 6-3 Terrorism background psychology Sageman



Yes Virginia, There Are Hackers and Spooks On Militant Boards…

leave a comment »

A prominent poster on the elite password-protected jihadi web site Shumukh has told fellow forum members his account on the site has been hacked to send spyware to fellow forum participants.

The user, who goes by the handle “Yaman Mukhadab,” posted on August 28 that “it seems that someone is using my account and is somehow sending messages with my name to the members,” according to Flashpoint Partners, which translated the discussion for Danger Room. Shumukh uses software from vBulletin, which allows members to send private messages to each other.

Mukhadab’s handiwork has attracted attention beyond the forum. He was one of the contributors to the site’s lame recent attempt at creating a fantasy target wishlist comprised of American security industry leaders, defense officials and other public figures.

From Wired

Yeah, yeah, yeah, once again Wired got a little tidbit from Evan Kohlmann to keep his Flashpoint company relevant and in the news. Blah blah blah. Look, Adam is it? Yeah, Adam, there is much more that goes on on this site and the myriad others that Evan isn’t telling you. Sure, this guy Yaman got a little twitchy and he is right to be so lately. There has been A LOT of other things going on on both sides of the fence lately that ol’ Evan hasn’t let you in on, or more likely, has no clue of.

  • There are hackers, both at the behest of the government and those not avowed going at these sites. Some are just knocking them down for periods of time (Jester etc)  Some who are auditing the sites and actually interacting at times with the players after owning them, and SOME who are just hacking the shit out of the sites and wreaking havoc. The latter was seen back a month or two ago with the take down of Ansar. They just RM’d that sucker, but, the jihadi’s had a backup and they were online within days. (which you mentioned.. good)
  • Most of these sites have sections where the the newbies are being taught hacking skills. Some of these tutorials are low level (like the lulz types we saw not too long ago *protect your MACIP’s) Others are quite well versed in hacking and have tutorials on the level of something to worry about. In fact, some of these sites contain the works of friends of mine in the security community that they have posted as research. Within these sections we have areas where the jihadi’s have an assortment of upload/download sites for malware (mostly these are older packages) but some of the newer posts have malware and creation kits that are up to today’s standards (which you failed to mention)
  • The version of AQAP’s “Inspire you talk about was tampered with *cupcakes* as well as one version did in fact have a trojan. (which you failed to mention)
  • The list of targets wasn’t so much lame as it was a new call to the “lone wolves” on these boards to act on it. There is a change in the way these guys are waging jihad that is not really covered by Evan and you. Did you know for instance that there is a Facebook Jihad (propaganda war) that is ongoing? As well as guys like Abu Hafs Al Suni Al Suni are advocating for a ‘stealth jihad’ ? Yeah, they are, and they have been busy trying to propagandise and get the word out to those lone nutjobs that might in fact try something like say, pick a name off of that ‘lame’ list as you called it. It wouldn’t be so lame after they actually whacked someone would it?

Sure, a good deal of this and the other jihobbyist sites are full of dreck, but, there are pockets of true believers, and your little piece in Wired downplays it all.

For more:

GCHQ/SIS AQ Media PSY-OP: Messin With Jihobbyists

Also try this little Google Search for spyware posts on the board. They have been busy.

As a side note, the Jihadi’s also went further and opted to go after the MEMRI organization as well. In a later post by Yaman, they list out the leaders of the org as targets as well. What makes me wonder is which one of them has a log and pass for MEMRI (hint hint MEMRI check your logs)




All in all, another bang up job Wired… *sarcasm implied*


DEFCON PANEL: Whoever Fights Monsters: Confronting Aaron Barr, Anonymous, and Ourselves Round Up

with 2 comments

A week before this year’s DEFCON, I got a message that I was being considered to replace Aaron in the the “Confronting Aaron Barr” panel discussion. It was kind of a surprise in some ways, but seemed like a natural choice given my tet-e-tet with Anonymous, LulzSec, and even Mr. Barr. After coming to BlackHat and seeing the keynote from Cofer Black, it became apparent that this year, all of these conferences were about to see a change in the politics of the times with reference to the hacking/security community and the world of espionage and terrorism. Two things that I have been writing about for some time and actually seeing take place on the internet for more than a few years with APT attacks on Defense Base contractors and within Jihadist propaganda wars.

“This is a very delicate window into our future,” he told the hackers. “Cold war, global war on terrorism and now you have the code war — which is your war.”

Going into the planning for the panel discussion, I was informed that I was hoped to be the stand in for Aaron in that I too see the world as very grey. Many of my posts on the Lulz and Anonymous as well as the state of affairs online have been from the grey perspective. The fact is, the world is grey. There is no black and white. We all have varying shades of grey within our personalities and our actions are dictated by the levels to which our moral compasses allow. I would suggest that the example best and most used is that of torture. Torture, may or may not actually gain the torturer real intelligence data and it has been the flavor of the day since 9/11 and the advent of Jack Bauer on “24” face it, we all watched the show and we all did a fist pump when Jack tortured the key info out of the bad guy to save the day. The realities of the issue are much more grey (complex) and involve many motivations as well as emotions. The question always comes down to this though;

If you had a terrorist before you who planted a dirty nuke in your city, would you ask him nicely for the data? Give him a cookie and try to bond with him to get the information?

Or, would you start using sharp implements to get him to talk in a more expedient fashion?

We all know in our darkest hearts that had we families and friends in that city we would most likely let things get bloody. Having once decided this, we would have to rationalize for ourselves what we are doing and the mental calculus would have to be played out in the equation of “The good of the one over the good of the many” If you are a person who could not perform the acts of torture, then you would have to alternatively resolve yourself to the fates as you forever on will likely be saying “I could have done something” Just as well, if you do torture the terrorist and you get nothing, you will also likely be saying “What more could I have done? I failed them all” should the bomb go off and mass casualties ensue.

I see both options as viable, but it depends on the person and their willingness to either be black and white or grey.

Within the security community, we now face a paradigm shift that has been coming for some time, but only recently has exploded onto the collective conscious. We are the new front line on the 5th battlespace. Terrorists, Spies, Nation States, Individuals, Corporations, and now ‘collectives’ are all now waging war online. This Black Hat and Defcon have played out in the shadow of Stuxnet, a worm that showed the potential for cyber warfare to break into the real world and cause kinetic attacks with large repurcussions physically and politically. Cofer Black made direct mention of this and there were two specific talks on SCADA (one being on the SYSTEM7’s that Iran’s attack was predicated on) so we all ‘know’ that this is a new and important change. It used to be all about the data, now its all about the data AND the potential for catastrophic consequences if the grid, or a gas pipeline are blown up or taken down.

We all will have choices to make and trials to overcome… Cofer was right.

“May you live in interesting times” the Chinese say…

Then we have the likes of Anonymous, Wikileaks, and the infamous ‘LulzSec’ Called a ‘Collective’ by themselves and others, it is alleged to be a loose afiliation of individuals seeking to effect change (or maybe just sew chaos) through online shenannigans. Theirs and now their love child ‘LulzSec’ ideas on moral codes and ethics really strike me more in line with what “The Plague” said in “Hackers” than anything else;

“The Plague: You wanted to know who I am, Zero Cool? Well, let me explain the New World Order. Governments and corporations need people like you and me. We are Samurai… the Keyboard Cowboys… and all those other people who have no idea what’s going on are the cattle… Moooo.”

Frankly, the more I hear out of Anonymous’ mouthpieces as well as Lulzs’ I think they just all got together one night after drinking heavily, taking E, and watching “Hackers” over and over and over again and I feel like Curtis exclaiming the following;

Curtis: If it isn’t Leopard Boy and the Decepticons.”

So, imagine my surprise to be involved in the panel and playing the grey hat so to speak. The panel went well and the Anon’s kept mostly quiet until the question and answer after, but once they got their mouths open it was a deluge. For those of you who did not see the panel discussion you can find the reporting below. My take on things though boils down to the following bulletized points:

  1. Anons and Lulz need to get better game on if they indeed do believe in making change happen. No more BS quick hits on low hanging fruit.
  2. Targets need recon and intelligence gathered has to be vetted before dumping
  3. Your structure (no matter how many times you cry you don’t have one) can be broken so take care in carrying out your actions and SECOPS
  4. Insiders have the best data… Maybe you should be more like Wikileaks or maybe an arm of them.
  5. Don’t be dicks! Dumping data that can get people killed (i.e. police) serves no purpose. Even Julian finally saw through is own ego enough on that one
  6. If you keep going the way you have been, you will see more arrests and more knee jerk reactions from the governments making all our lives more difficult
  7. Grow up
  8. The governments are going to be using the full weight of the law as well as their intelligence infrastructure to get you. Aaron was just one guy making assertions that he may or may not have been able to follow through on. The ideas are sound, the implementation was flawed. Pay attention.
  9. If you don’t do your homework and you FUBAR something and it all goes kinetically sideways, you are in some deep shit.
  10. You can now be blamed as well as used by state run entities for their own ends… Expect it. I believe it has already happened to you and no matter how many times you claim you didn’t do something it won’t matter any more. See, all that alleged security you have in anonymous-ness cuts both ways…
  11. Failure to pay attention will only result in fail.

There you have it, the short and sweet. I am sure there are a majority of you anonytards out there who might not comprehend what I am saying or care.. But, don’t cry later on when you are being oppressed because I warned you.


Not So 3R337 Kidz

with 5 comments

Once again we find ourselves following the story of a new uber dump of data on a Friday (Fuck FBI Friday’s) as they have been dubbed by the skiddies. It seems that 4cid 8urn, C3r3al Kill3r, and Zer0C00l once again have failed to deliver the goods in their #antisec campaign with their ManTech dump. ManTech, for those who don’t know, is a company that handles defense and government security contracts for such things as secure networks etc. The skiddies decided to try and haxx0r the Gibson and get the goods on the bad bad men at ManTech.

Once again, they failed.

The files are mostly UNCLASS (kids, that means UN-CLASSIFIED mmkay?) with a few SBU (Sensitive but UNCLASSIFIED) as well. Many of the files are just documents of finances, bills, resume’s and email addresses that frankly you could get with a good Googling session. Again, we are not impressed by this crap Lulz skiddies. I have told you once, and now I till tell you again, you are failing to deliver anything of interest really.

Now, if you were real APT, then you would have used the data in the excel sheets to create some nice phishing exploits and then gone on to root some good shit. But no, you aren’t that advanced are you? You just want to do the quick hit and dump your ‘booty’ to collect the love from your adoring, albeit stupid, fans. I am sure some of them are at home now wanking off to the idea that you have really stuck it to ManTech and by proxy ‘the man’

Well, you haven’t.. Not so 3r337 as Raz0r and Bl4d3 say.

What you keep failing to understand are sever key things here:

  1. The good shit is in more protected systems, ya know, like the ones Manning had access to
  2. You have no idea what you are taking or what you are dumping! Bitch please, understand the classification markings!
  3. It’s only important to your ‘movement’ if the data actually uncovers bad behavior on the part of the government!

And it’s on that last point I want to harp a little more on. You guys say you are exposing fraud and devious behavior (other than your own subversive tendencies?) and yet, you keep missing the mark. There have been no cohesive plots outed by you other than Aaron and HB Gary’s little foray into creating 0day and programs for propaganda tools online.

Yay you!… ehhh… not so much.

You certainly did spank Aaron though, and for that my top hat and monocle are off to you. He rather deserved what he got for being so God damned stupid. However, you must all understand that these are the standard operating procedures in warfare (PSYOPS, INFOWAR, PROPAGANDA) every nation plays the game and its just the way of life. So, unless you get some real data of a plan to use this type of tech by the US on the US, (other than Rupert & Co.) Once again, I am not really so impressed.

Of course, you have to know that you are now the target of all of those tools right? Not only by the US, but other nations as I have mentioned before. Do you really think that you have not opened the door for other nation states to attack using your name? No one mentioned yet that you are now considered domestic terrorists and could even be considered non domestic after you get caught? You have opened Pandora’s box and all the bad shit is coming.. And much of it is going to be aimed straight at you.

The ironic thing is this.. You have delivered shit. It’s the idea and the cover you have given other nation states or individuals that is key here. You say you can’t arrest an idea… I say certainly not! BUT They can arrest YOU and then make that IDEA not so appealing to the other skiddies once your prosecutions begin on national TV.

So keep it up.. That hornets nest won’t spew hundreds of angry wasps…


ウェブ忍者が失敗する : Dox-ing, Disinformation, and The Fifth Battlespace

leave a comment »

Digital Ninja Fail: ウェブ忍者が失敗する

The recent arrests of alleged key members of LulzSec and Anonymous have been called into question by the ‘Web Ninja’s‘, a group of would be hackers who have been ‘DOX-ing” the anonymous hierarchy for some time now. Yesterday, they posted the following on their page concerning the arrest of a man from the Shetland Islands who is purported to be ‘Topiary‘ by the Met and SOCA.

Now, this is a bold statement for anyone who really knows what they are doing in the intelligence analysis field. So, it is my supposition that these guys have no clue about what they are doing by making bold assertions like this. The data they have is tenuous at best and by making such bold statements, I have to wonder if indeed the so called ‘Ninja’s” themselves might not be a tool of anonymous to in fact sow that disinformation.

Here are the facts as I see them;

  • To date, the federal authorities have not questioned anyone who was DOX’d by the Ninja’s that I am aware of
  • The individuals who were DOX’d that were investigated by the authorities were in fact outed by LulzSec/Anonymous themselves
  • Adrian Chen has spoken to the person that the Ninja’s have fingered and claims that he (said person) went to the authorities himself. So far he is still not a suspect.

So, taking into account these facts, I would have to say that the Ninja’s have failed in their stated mission so far and I would suffice to say that if they are indeed a part of a disinformation campaign, then that too has failed. After all, the police seem to be ignoring the data put on the interent by the likes of the Ninja’s in favour of other tried and true tactics. The primary tactic as I see it, is grab one individual and then get them to roll over on their compatriots in the face of massive jail time.

This pretty much works all the time as we, as human beings, are most willing to sacrifice others for the self. In the case of the likes of LulzSec skiddies, I would have to say that the ages of the players, and their generational tendencies will allow them to cut deals pretty quickly. It’s my assessment that they are in it for the self gratification and lulz, not for the altruism that the LulzSec and Anonymous press releases have been trying to have one believe. My assumption is that if indeed the 19 year old guy they popped in Scotland is involved with LulzSec, and is in fact Topiary, he will roll over soon enough.

I also believe that these are all untrained operatives and they have made and will make more mistakes. I am pretty sure that the alleged “leaderless” group has leaders AND that unlike a true guerrilla warfare cell, will know the other players personal details. Essentially, they have had no compartmentalisation and they will all fall eventually though interrogation and deal making. As I said before, the insider threat to the organisation is key here, and it was this idea I think the Ninja’s had.. Well, at least that was the original idea of the Ninja Warrior. They were spies who infiltrated the ranks and destroyed from within.

So far with these guys.. Not so much.

Welcome To Spook World: Disinformation Campaigns and Intelligence Analysis

Now, on the whole disinformation thing, I know that the Lulz and Anonymous have said that they are using disinformation as well to try and create a smoke screen. Frankly, all of the intelligence out there that is open source is suspect. Maltego map’s of end user names as I have shown in the past can be useful in gathering intelligence… Sometimes. For the most part, if a user keeps using a screen name in many places and ties that name to real data, then they can be tracked, but, it takes a lot of analysis and data gathering to do it. Though, many of the foot soldiers within the Anon movement are young and foolish enough to just keep using the same screen names for everything so there is a higher likelihood that the data being pulled up on Maltego and with Google searches is solid enough to make some justified conclusions.

With the more experienced people though, there has been some forethought and they have protected their identities as best they could. What became their real downfall was that they could not rise above petty infighting and dox-ing each other. Thus you have the start of the potential domino effect on the core group as well as anyone who has any peripheral affiliation with the Lulz. Be assured, those who have been pinched are giving up as many names as possible as well as whatever is on their hard drives, Anon hacker manuals or not. All of these scenarios lead to the conclusion of more arrests by the authorities and even more skiddies getting into legal trouble around the globe. Meanwhile though, if the core group has been smart, then perhaps the leaders will skate for a time, using the masses as canon fodder.

Gee kids.. Did you know that you were all expendable?

On another tac, I would like to speak about the potential of the disinformation campaigns being perpetrated by the authorities as well. Consider that the trained professionals out there who are hunting these characters (Topiary, Sabu, et al.) are also adept at using not only the technologies of the fifth battlespace, but also the training afforded them in ‘spook world’ This means disinformation campaigns, mole hunts, and insurgencies of their own, getting to the inner core of Anonymous and Lulz. Now, that there were six (alleged) lulzer’s it would be more difficult to do, especially if those LulzSec folks really do know one another (as they claim they do not, which, I just don’t buy.. Remember the compartmentalisation issue) The agent provocateur’s are out there I am sure and with each rung of the ladder, they get closer to the core group.

That is unless the core group falls apart on their own and DOX’s each other out. In the end, I am going to suggest that the authorities will use all of the tricks of the trade on the Anon/Lulz folks to bag them… And with concerted effort by government resources, they will get their men/women.

Untrained, Unruly, and Unprofessional Operators:

“Discretion is the better part of valour” as they say, and in the case of the Lulz and Anon crews, they seem to not have a clue. Perhaps the Lulz think that by being unruly and unpredictable to a certain amount, will be just the cover they need, but, I think that their lack of discretion will be their undoing as well as their hubris. Had many of these folks had some real training, they might have just stood down for a while (not just a week or so) after setting sail into the sunset.

As I have said before, it was a bad idea to recruit and have comm’s out in the open on IRC servers even if they had ‘invite only’ channels. As is being seen now, someone (jester perhaps) has taken down their servers again after other outages due to Ryan Cleary’s attack and pressure from the government on those connection sources that the Anon’s were using. I am sure the idea was to have a movement that could also serve as diversion for the core users as well as to LOIC, but this all failed in the end didn’t it? The LOIC is what has given the FBI the 1,000 IP addresses as a hit list, so to speak, that they are now using to collect people and charge them for the DD0S attacks.

Had these people been trained or not been so compulsive, they might have had more of a chance to keep this up for a much much longer time. As I write, the Lulz do continue, but they have slowed quite a bit since the arrests started again. This I think is because the cages are starting to get rattled and people are finally coming to the conclusion that some discretion is needed to not end up Bubba’s play pal in prison. It’s a learning curve, and likely going to be a painful one for the kiddies.

Unprofessional actions within this area of battle will end up with your being put in jail kids.

To end this section I would also like to add this thought. My assessment of the Lulz core group is this;

  • They were drunk on the power of their escapades
  • The more followers they had and more attention, the less risk averse they became
  • They seem to have compulsion disorders (don’t say it.. Aspergers!) that seem to not allow them to lay low (until now it seems)
  • The ego has eaten their id altogether
  • Base ages are within the teens with a couple over 20

Technical Issues Within The Fifth Battlespace:

Another BIG issue within this battlespace is the technology. The Anon’s and Lulz have been ascribing to the idea of “Proxies, we haz them! So we’re secure!” and to a certain extent they are right. There are always ways around that though and certainly leaks in data (such as the TOR leaks that have happened) that could lead someone to locate the end user behind the proxy, so they are not fool proof. Certainly not if the fool in question is some skiddie 12 year old using LOIC un-proxied and not obfuscated while they D0S Paypal.

The problem is that the technology could fail you as well as the untrained operative could make small and large mistakes that could lead authorities right back to their IP and home accts. On the other side of that equation is that when properly done, it is damn hard to prove a lot in hacking cases because of obfuscation, as well as mis-configured end systems that have been hit. I cannot tell you how many times I have seen incidents play out where the target systems had no logging on as well as being completely un-secured, thus leaving practically nothing for a forensics team to find and use.

Once again, this brings us back to the insider threat, whether they be the insider who decides to go turncoat, or, the agent provocateur (i.e. Jester and the Ninja’s as well as others from the authorities) who infiltrate the Lulz and then gut them from the inside. What it really boils all down to is that in the end, it will be the foibles of the Lulz core and the actions of spooks that will bring them down.. And I think they are learning that very fact now.

JIN; One Must Know The Enemies Mind To Be Victorious:

As a last note, I would like to say to the Ninja’s, you need to learn and practice your Kuji-in. It is obvious to me that you have failed on the ‘Jin’ (knowing the opponents mind) with your dox attempts. Until such time as I see people being hauled in that directly relate to your documents posted, then I am going to consider the following to be the case:

  1. DOX-ing is mostly useless and takes quite a bit of analysis before just releasing names
  2. The Feds are not taking your data as gospel, nor should the general public or media
  3. You yourselves may in fact be a tool of Anonymous/Lulz and as such, spewing disinformation
  4. You could be right, but by releasing it to the public at large, you are letting the Lulz know to destroy evidence and create obfuscation that will hinder arrests later.

Ninja’s got results.. Not so much for ‘Web’ Ninjas. At least Jester, if his claims are true, is breaking their C&C channels lately.. Which has its own problematic issues.. Just like his meddling in the Jihadi area, but, that’s a story for another time.


Team Inject0r: The Multinational Connection

with 6 comments

The recent compromise of a NATO server by “Team Inj3ct0r” has recently made the news, but, as the media usually do, they did not look any deeper than the website for Inj3ct0r and perhaps a little data as to what the team said in a text doc on the compromised server. A further examination of the group shows that Inj3ctor has been around since 2008, and has ties to Chinese hackers as well as Russia, Turkey and other countries.

This could change the paradigm on the “hacktivism” moniker that Team Inj3ctor has branded themselves with recently (post the goings on with Anonymous and LulzSec/Antisec movements) Before these movements, this site and the teams all were loosely linked and purveyors of 0day, and not so much in it for any political means. What has changed? Who might benefit here to use the hacktivism movement as a cover for hacking activities that could cause a stir?

… Maybe the PLA? Maybe the FSB?…Some other political orgs from Gaza? or Turkey?

Or, perhaps they are just a bunch of hackers who like the cause celebre of hacktivism? It’s hard to say really, but, when you get China into the mix, the lines blur very very fast.

Below I am outlining the data I collected on the main inj3ct0r site, its owner, and two of the players who are on both teams of hackers that span China and Russian hacking. This makes for a new wrinkle in the Anonymous/Lulz movement in that the NATO hack was claimed by someone using the name “Team Inj3ct0r” and this site seems to fit the bill as the source of the attack since it has been quoted by the hackers that they used 0day on the NATO server to crack it and keep access. If indeed there are connections to state sponsored hacking (as the China connection really does lead me to believe) then we have a new problem, or perhaps this has been the case all along that the state sponsored hackers have been within Anonymous, using them as cover.

Another interesting fact is the decision to attack NATO. Was it a hack of opportunity? Or was there a political motive here? As I have seen that these groups are multi-national, perhaps this attack had a overall political agenda in that NATO is supposed to be the worlds policeman. I am still unsure.

Teams and Members:

In looking at the sites and the members, it came to light that two members belong to each of the teams (inj3ct0r and DIS9) The two are “knockout” and “Kalashinkov3” The teams are tied together in the way they present their pages and the data they mirror so it is assumed that they have a greater connection underneath. In fact, more of them may be working together without being named in the teams listed below. Each of these people have particular skills and finding 0day and posting them to this site and others for others to use.

Team Inj3ct0r:

Team Inj3ct0r’s site is located in Ukraine and is registered to a Matt Farrell ( My assumption is that the name given as well as the address and phone numbers are just bogus as you can see they like to use the netspeak word “1337” quite a bit. A secondary tip on this is that the name “Matt Farrel” is the character name for the hacker in “Live Free or Die Hard” Someone’s a fan…

Team Inj3ct0r

r0073r – r0073r is the founder of inj3ct0r and I believe is Russian. The site owned by Mr. Czeslaw Borski according to whois. However, a whois of comes up with a Anatoly Burdenko of 43 Moskow Moskovskaya Oblast RU. Email:

  • The domain owned by a Mr. Czeslaw Borski out of Gdansk Poland (another red herring name) domain hosted in Germany with a .ru name server
  • The domain created in 2008 belongs to Anatoly Burdenko and has been suspended
  • The domain was hosted in China – on China net
  • Another site confirms that r0073r is the founder of team inj3ct0r aka l33tday
  • Another alias seems to be the screen name str0ke
  • Also owned domain details:

Inj3ct0r LTD
r0073r        (
Burdenko, 43
Moskovskaya oblast,119501
Tel. +7.4959494151
Creation Date: 13-Dec-2008
Expiration Date: 13-Dec-2013
Domain servers in listed order:
Administrative Contact:
Inj3ct0r LTD
r0073r        (
Burdenko, 43
Moskovskaya oblast,119501
Tel. +7.4959494151                     


  • Alleged to be Turkish and located in Istanbul
  • Member of the Turkish cyber warrior site last access July 4rth 2011

Kalashinkov3 is a hacker group that is linked to and shares two members with Team Inj3ct0r (Kalashinkov3 and KnocKout) Both sites are very similar in design and content. resolves to an address in China and is registered to a YeAilin ostensibly out of Hunan Province in China. The owner/registrar of the site has a familiar email address of also a domain registered and physically in China.

A Maltego of this data presents the following interesting bits: A connection to the site a now defunct bbs which lists the yeailin225 account and other data like his QQ account. This site also lists another name attached to him: Daobanan ( 版主 ) had hacking discussions that involved 0day as well. The domain of was registered to jiang wen shuai with an email address of and listed it out of Hunan Province.

The connections from DIS9 to other known hackers who are state actors was found within the Maltego maps and analogous Google searches. As yet, I am still collecting the data out there because there is so much of it. I have been inundated with links and user names, so once I have more detailed findings I will post them. Suffice to say though, that there is enough data here to infer that at the very least, hackers who work for the state in China are working with others on these two sites at the very least, sharing 0day and perhaps hacking together as newly branded “hactivists”

DIS9 Team:
Rizky Ariestiyansyah
Blackrootkit – 

: Team Exploit :

Backdoor Draft aka DIS9 Team

Another interesting fact is that a link to the site itself shows that the DIS9 team is the umbrella org for Inj3ct0r and other teams. This is a common practice I have found with the Chinese hacking groups to have interconnected sites and teams working together. This looks to be the case here too, and I say this because of the Chinese connections that keep turning up in the domains, sites, and team members.

Other Teams within the DIS9 umbrella:

In the end, it seems that there is more to the inj3ct0r team than just some random hackers and all of this data bears this out. I guess we will just have to wait and see what else they hit and determine what their agenda is.

More when I have it…