Posted: Sun, 27 Oct 2002 15:09 AEDT

The Al Qaeda terror network has begun using hackers who break into websites to create secret pages that send messages to its followers, Internet specialists say.

An example of this practice came earlier this month when a message purportedly from Al Qaeda chief Osama bin Laden appeared on cenobite.com, a website started by a fan of science fiction writer Clive Barker.

Andrew Weisburd, an online activist who tracks terrorist groups, said he believes Al Qaeda began using this technique to communicate after the rights expired to alneda.com, a website often linked to Al Qaeda.

"Al Neda is continuing its practice of hijacking Web servers and placing their site in obscure subdirectories," Mr Weisburd said.

Mr Weisburd says a number of other websites have been used this way, but he did not want to reveal the names of the sites "in the hopes of sheltering the rightful owners of the victimised websites and servers from the consequences of being linked to Al Qaeda".

David Wray, a spokesman for the FBI's cybercrime arm, the National Infrastructure Protection Centre, said the agency was aware of the reports about Al Qaeda's activity, but says he cannot comment on "its veracity or lack thereof".

Michael Vatis, a former NIPC director who now heads the US Institute for Security Technology Studies at Dartmouth College, said it is plausible Al Qaeda is using the hacking techniques.

"We haven't seen it, but it is a confluence of several things we've been studying," Mr Vatis said.

"It's further evidence of the organisation's increased sophistication in using modern technologies for covert communications and to evade detection."

What is unusual, say security specialists, is the operators of the innocent websites are often unaware of the intrusion until well after the fact, because the data is place on a hidden file that can only be accessed with the correct code.

"I don't consider this a hijack of a website, I'd call it a parasite attack," Mike Sweeney, an Internet security specialist who operates the site packetattack.com, said.

"You break into the website, you get permission to create a folder, you add a file and you cover up your tracks.

"For the rest of the world, the site looks ordinary, but if you know the path you can find it."

Mr Sweeney said it is difficult to know without examining the computers whether Al Qaeda was behind the intrusions, but he said it is a likely scenario because it is an easy way to spread information quickly.

"It's fast, cheap and almost impossible to trace," he said.

Mr Weisburd agreed the messages appear to be real.

"I'm not an expert in this area, but my feeling is the messages are legit, that Osama is alive and well, and the Al Qaeda, while depleted of many of their older and more experienced members, is alive, is well, and is on the offensive," he said.

"They are not just posting a single message, the Al Neda site is huge, roughly 135 megabytes, and mostly text... they can't hide the site, because then it couldn't be found by their own people.

"They can't just send e-mail, because it's being monitored.

"Steganography [hiding information in images] generally requires software support, and if you rely on public computers, at cyber cafes or libraries or universities, that software may not be available."

Mr Weisburd said after he uncovered the technique, Al Qaeda "released a statement decrying our 'unusual' and effective methods and declaring a Jihad against us".

-- Anonymous, October 27, 2002

Answers

They could make a lot of money in our culture with all this knowledge, but they decided to go to the dark side instead.

Pity...

-- Anonymous, October 27, 2002

I wonder if that was all the Zone Alarm attacts for the last 6 weeks..for the last 3 days..NOT ONE alert on ZA!!! that is really strange!

-- Anonymous, October 27, 2002

The web was VERY slow earlier this morning, Netscape and Microsnot browsers both, like around 6-ish, and I couldn't see any reason for it.

-- Anonymous, October 27, 2002