Archive for the ‘CTC Sentinel’ Category

My latest for the CTC Sentinel, this time looking at UK’s online counter-jihad. Some more detail on this story is going to appear in my forthcoming book. It is also the subject of a much bigger publication which I will eventually get around to doing. Understanding how to counter online terrorist activity is going to be a key question that needs answering.

The UK’s Efforts to Disrupt Jihadist Activity Online

Sep 26, 2011

The desire to find ways to moderate the internet as a tool for the spread of violence and radical ideas is not new or unique to the United Kingdom. This fight, however, is becoming more important as networks involved in terrorist activity increasingly turn to the internet as a vehicle through which to conduct planning, operations and radicalization.[1]

This article maps out this fight within a British context to shed light on how the problematic nexus of the internet and radical ideas is evolving, as well as how its importance has grown as traditional al-Qa`ida networks find themselves under even heavier pressure.

Historical Roots
The United Kingdom has long been a hub of online jihadist activity.[2] One of the earliest networks was the http://www.azzam.com family of sites that from 1994 to early 2002 provided interested people with a way of reaching out to jihadist groups fighting in Afghanistan, Bosnia and Chechnya.[3] Its believed webmaster, a British Pakistani named Babar Ahmad who has admitted to engaging in militant activities in Bosnia, is currently in a British prison fighting extradition to the United States.[4]

A couple of years after Ahmad was arrested, police in London disrupted a group of three young men who appeared to be involved with a cell of Bosnian extremists planning an attack on a NATO base in the former Yugoslavia. The men were in fact part of a much wider network that stretched across the United Kingdom, and had links in Canada, Denmark, Sweden and the United States. Key cells in the United Kingdom were using the internet to draw in recruits and provide connections to extremist camps in Pakistan, while also acting as an online media center for al-Qa`ida in Iraq.[5] This network particularly alarmed British security planners who had never seen anything like it before, with then-Metropolitan Police counterterrorism head Peter Clarke saying “it was the first virtual conspiracy to murder that we had seen.”[6]

Yet the larger menace seems to be the way that the internet is able to act as a catalyst for information dissemination to extremists who have then gone on to conduct terrorist attacks. Two specific cases stand out as particularly worrying. First, Roshonara Choudhry, the seemingly well-integrated East London woman who self-radicalized online listening to Anwar al-`Awlaqi and then tried to kill a Member of Parliament for voting in support of the Iraq war. Second, Nicky Reilly, the mentally challenged young man who was persuaded by extremists he encountered online to attempt a suicide attack in an Exeter chain restaurant; diners were only saved by the fact that the bomb blew up in his face as he attempted to assemble it in the restaurant’s toilet.

The United Kingdom’s Reaction
In the face of this threat, the United Kingdom has launched a string of counter operations that seek to address the problem of terrorists using the internet from upstream disruption, to downstream arrests and trying to develop a strategy that is able to focus on this problem in a new way. In the recently refreshed Contest counterterrorism strategy, the British government identified that terrorists used the internet for “propaganda,” “radicalization and recruitment,” “communication,” “attack planning” and “cyber attack.”[7] The last of these, “cyber attack,” was identified as being of “low” probability, with the document identifying an incident in 2010 as the “first recorded incident of a terrorist ‘cyber’ attack on corporate computer systems.”[8] In that incident, a computer worm called “here you have” spread a virus that crashed computers and provided its creators with backdoor access to infected systems.[9] While security planners continue to watch this threat and expect it to grow “as the tools and techniques needed for cyber attack become more widely available,” it is largely the other ideological and operational aspects of support that the internet provides that British planners are targeting.[10]

According to the annual report by the parliamentary committee with oversight of Britain’s intelligence agencies, the Government Communications Headquarters (GCHQ, the United Kingdom’s version of the American National Security Agency) spent a third of its efforts during the past two cycles on counterterrorism. The “bulk of this effort” was spent in “Pursue…namely, to stop terrorist attacks.” As with much of the British intelligence community, the focus shifted from solely “British Pakistani operations” to growing threats in Yemen and East Africa. The report also mentions that GCHQ’s work helped disrupt al-Qa`ida in the Arabian Peninsula’s (AQAP) plans in the previous year as well as specific “hostage-taking plans” by an anonymous group.[11]

In a particularly notable incident from mid-2010, British government-supported hackers penetrated AQAP systems and were able to insert a garbled code into the first edition of Inspire magazine, delaying its release by a few weeks.[12] In the operation, which was apparently separately considered by Pentagon planners but rejected by the Central Intelligence Agency,[13] British intelligence operatives inserted a code later revealed to be a list of cupcake recipes.[14] In a separate AQAP linked operation earlier in the year, British officers had arrested a Bangladeshi national named Rajib Karim who was working in information technology at British Airways while in direct contact with AQAP ideologue Anwar al-`Awlaqi. It is unclear how Karim was first picked up, but his electronic communications with al-`Awlaqi were one of the main planks of the prosecution’s case against him—showing as they did his intent to help the group launch attacks against aviation.[15]

In January 2008, British officers launched a more traditional operation in the wake of a posting on the al-ekhlaas.com forum proclaiming the creation of an al-Qa`ida branch in the United Kingdom.[16] After investigation, MI5 identified the source as a Blackburn native named Ishaq Kanmi, who local officers were able to video as he openly downloaded information off extremist forums at the local library.[17] Connected to Kanmi was a pair of local brothers convicted on other charges and Krenar Lusha, an Albanian immigrant who was identified from online chats he had been having with Kanmi. The conversations were enough to alarm officers who investigated further. When they burst into his home in August 2008, they found large amounts of radical material (including documents about how to build bombs and detonators), 71 liters of petrol, two kilograms of potassium nitrate and 14 mobile telephones.[18] While police and prosecutors were unable to ascertain exactly what Lusha was planning, they concluded that he was likely a “lone wolf” that they had happened to catch early.[19] His only connections to extremists came from his online contacts—similar in many ways to Nicky Reilly, the young man who attempted to detonate a bomb in an Exeter restaurant in May 2008.

This sort of approach was again seen in November 2010, when about a week after Roshonara Choudhry was convicted of attempting to kill a Member of Parliament, police in Wolverhampton arrested Bilal Zaheer Ahmad for posting inflammatory comments on a variety of English-language forums praising Choudhry and calling for others to emulate her. A long-time extremist, Ahmad went so far as to post lists of other MPs who had voted for the war, as well as providing their contact information and a link to buying knives at Tesco (a British retailer). He pled guilty and was jailed for 12 years.[20]

More significant in many ways, however, was the case against Mohammed Gul, a London-based student who was active on extremist forums and created videos that he published on YouTube celebrating the deaths of U.S. soldiers, highlighting the plight in Gaza and demonstrating how to make IEDs. While it took two attempts to convict him (the first jury was unable to reach a verdict), he was in the end jailed for five years in a case that was described by a senior officer as being “one of the first successful prosecutions relating to disseminating terrorist publications via the internet.”[21] Unlike many of the cases listed in this article that involved the internet as the main plank of the prosecution’s case to show the individual’s involvement in terrorism, Gul did not plead guilty. His successful conviction is likely to be followed by a further set of cases as police and prosecutors now see it is possible to convict individuals on such charges.

On the other end of the scale, there has been an effort by British security services to find ways of countering the spread of radical ideas using the internet. This has been met with mixed success. In one instance, the Foreign and Commonwealth Office (FCO) sponsored the production of a short film that was to be released online that was intended to provide a dissuading narrative for young people drawn toward jihadist ideas. Called Wish You Waziristan, the film told the story of two young British-Pakistanis who end up in a training camp in Waziristan.[22] Independently produced with £33,000 of government funds, clips from the animated short were released onto YouTube in April-May 2011 with endings telling people to come back on May 29 to see the entire story. When a British Sunday newspaper discovered the provenance of the film’s funding, however, the FCO suddenly became concerned and instead put the film’s release on hiatus.[23] In a separate case, the FCO funded British online activists to go into jihadist forums such as al-Shamouk and challenge radical messages.[24]

The United Kingdom has also created a number of organizations that try to help counter the spread of radical ideas online by either providing a counternarrative through the Research, Information and Communications Unit (RICU), or through trying to get the public to help alert them to extremist material they find online through the Counterterrorism Internet Referral Unit (CTIRU), a specialist police unit. Success, however, has been mixed, with Contest branding the four year old RICU’s work “not…as successful as we want.”[25] Only created in 2010, CTIRU remains a young organization, although it has removed unidentified material from the internet on 165 occasions between July 2010-July 2011.[26]

Conclusion
Britain’s cyber-spooks and cyber-cops are highly adaptive and active in trying to counter the threat from Islamist radicalization online.[27] In doing so, they have conducted disruption operations, helped U.S. authorities (most notably with the case of Najibullah Zazi where it is understood that British intelligence agencies provided the key first hint of danger to New York authorities), and have now started to arrest some of the many online extremists that live in the United Kingdom. The successful prosecution of Mohammed Gul is instructive in this regard as it carves a path that British authorities are likely to increasingly use in the future to counter this threat.

The larger significance of this increasing focus on the online threat is two-fold. On the one hand, it demonstrates the growing level of concern about online extremists. As President Barack Obama and others have said, it is increasingly the threat of “lone wolf” extremists that concern them most—individuals who tend to be spurred to violence by material they find online rather than by traditional terrorist recruitment networks. Yet this is taking place as the general assessment about the capacity of traditional violent Islamist terrorist groups is going down. The open question that remains is whether these two trends are linked—and whether al-Qa`ida and affiliated groups are trying to increasingly turn to an online jihad as they see their efforts offline continuing to be disrupted.

Supporting the notion of the shift online being the product of increasing entropy among al-Qa`ida and affiliated groups is the fact that the British government is increasingly willing to expend its scarce counterterrorism resources on individuals like Mohammed Gul. While it was later revealed that Gul was in contact with more dangerous extremists in Germany, his case would unlikely have received any particular attention if security forces had large-scale plots to focus on instead. Consequently, while it would be unwise to conclude that Britain’s jihad has been wrapped up (and recent arrests in Birmingham indicate it remains a live concern), it does seem clear that it has moved into a new phase that is going to be characterized by plots with a strong online presence like many of those listed in this article. It is safe to conclude that Britain’s jihad is increasingly shifting online.

Raffaello Pantucci is an Associate Fellow at the International Center for the Study of Radicalisation (ICSR) and the author of the forthcoming We Love Death As You Love Life: Britain’s Suburban Mujahedeen (C.Hurst & Co.).

[1] “Contest: The United Kingdom’s Strategy for Countering Terrorism,” HM Government, July 2011, available at http://www.homeoffice.gov.uk/publications/counter-terrorism/counter-terrorism-strategy/contest-summary?view=Binary.

[2] For an excellent early primer on British Muslim identity online that includes a discussion on the more extreme elements, see Gary R. Bunt, “ten.niatirb@malsi: ‘British Muslim’ Identities in Cyberspace,” Islam and Christian-Muslim Relations 10:3 (1999).

[3] For information on azzam.com’s illegal activities, see U.S.A. v. Babar Ahmad, “Affadavit in Support of Request for Extradition of Babar Ahmad,” District Court of Connecticut, 2004.

[4]  “Terror Suspect Babar Ahmad is ‘No al Qaeda Rambo,’” BBC, May 9, 2011.

[5]  Raffaello Pantucci, “Operation Praline: The Realization of al-Suri’s Nizam, la Tanzim?” Perspectives on Terrorism 2:12 (2008).

[6] “The World’s Most Wanted Cyber-Jihadist,” BBC, January 16, 2008.

[7] “Contest: The United Kingdom’s Strategy for Countering Terrorism,” p. 73.

[8] Ibid., p. 34.

[9] “Cyber Jihad Group Linked to ‘Here You Have’ Worm,” IDG News Service, September 10, 2010.

[10] “Contest: The United Kingdom’s Strategy for Countering Terrorism,” p. 74.

[11] “Annual Report 2010-2011,” UK Intelligence and Security Committee, July 2011.

[12] “MI6 Attacks al Qaeda in ‘Operation Cupcake,’” Telegraph, June 2, 2011.

[13] “List of Cyber-Weapons Developed by Pentagon to Streamline Computer Warfare,” Washington Post, June 1, 2011.

[14] “Al Qaeda Magazine is a Cupcake Recipe Book,” PublicIntelligence.net, July 12, 2010.

[15] “Rajib Karim: The Terrorist Inside British Airways,” BBC, February 28, 2011. For more on what Karim was actually plotting, it is instructive to read his e-mails with al-`Awlaqi, available at http://www.thenorthernecho.co.uk/news/8880903.Excerpts_from_Rajib_Karim_terror_plot_messages/?ref=rss.

[16] “Skepticism Greets ‘Al Qaeda in Britain’ Founding,” Reuters, January 16, 2008.

[17]  “Man Jailed for Urging Blair and Brown Assassinations,” Press Association, June 24, 2010.

[18] “Would-be Terrorist who had Positively Reveled in Violence, Death and Destruction,” Derby Evening Telegraph, December 16, 2009.

[19] Ibid.

[20] “Blogger Who Encouraged Murder of MPs Jailed,” BBC, July 29, 2011.

[21] “Man Jailed for Creating Extremist Videos and Uploading Them to the Internet,” Metropolitan Police Press Release, February 25, 2011.

[22] The film’s website is available at http://www.wishyouwaziristan.com, although it remains devoid of much content.

[23] “Foreign Office Faces Flak over Axed Counter-Terrorism Video,” Guardian, May 30, 2011.

[24] Personal interview, British activist, London, September 2011.

[25] “Contest: The United Kingdom’s Strategy for Countering Terrorism,” p. 64.

[26] Ibid., p. 76.

[27] Additionally, this article does not touch on the United Kingdom’s ongoing fight against online right-wing extremists.

Back on the topic of terrorism in the West, my latest for the CTC Sentinel of West Point, exploring the network of plots from apparently send out by Al Qaeda in late 2008 – the Pathway group in Northern England from April 2009, the Najibullah Zazi cell in New York (who I have already covered a bit here), and the recently disrupted cell in Oslo. The Oslo one is the least clear – though admittedly the Brits were unable to convict anyone for Pathway – fortunately, others from Norway have a good detailed article in this edition of the Sentinel about it in addition to mine. There is also a good article about the emergence of Al Muhajiroun in the US from Paul Cruickshank.

Am trying something new here trying to link a pdf, as CTC have not put it up on their website yet. Do please drop me a note through the contact sheet if you have any problems or want a copy. If it works you should find it here: CTCSentinel-Vol3Iss8-1

UPDATE: And just to make sure every base is covered, here is the link on their website: http://www.ctc.usma.edu/sentinel/CTCSentinel-Vol3Iss8.pdf

My latest article for a new outlet, the Combating Terrorism Center at West Point, which explores the current state of radicalization in London. It should be found at this link, though it does not appear to be up yet: http://ctc.usma.edu/sentinel/CTCSentinel-Vol3Iss2.pdf

I also have the pdf for anyone who cannot find it. Here is the first couple of paragraphs to give you a taster….

The Changing Scene in Londonistan

By Raffaello Pantucci

In the first month of 2010, the world was reminded of the terrorism threat in the United Kingdom. Umar Farouk Abdulmuttalab’s partial radicalization in London, the decision to finally proscribe the extremist group al-Muhajiroun and the ratcheting up of the terrorism threat level ahead of the Summit on Afghanistan all highlighted once again how the United Kingdom remains the focus of the terrorism threat to the West. The nature of this threat, however, has changed since the days before 9/11, when London was often called “Londonistan” due to the heavy presence of extremist groups in the city. Today, radicalization and extremist activity in the United Kingdom no longer occurs at the level it once did. Nevertheless, the activity still taking place is harder to legislate against and more difficult to combat.

This article will explain how “Londonistan” has changed during the last decade. Overtly violent extremist preaching has become much more discrete, while the internet has become a major feature in radicalizing young people. The article will also show how old and new threats have melded together to create a threat matrix that presents a new set of legislative challenges for British authorities.