WASHINGTON (AP) — In secretive chat rooms and on encrypted Internet message boards, al-Qaida fighters have been planning and coordinating attacks — including a threatened if vague plot that U.S. officials say closed 19 diplomatic posts across Africa and the Middle East for more than a week.
It’s highly unlikely that al-Qaida’s top leader, Ayman al-Zawahri, or his chief lieutenant in Yemen, Nasser al-Wahishi, were personally part of the Internet chatter or, given the intense manhunt for both by U.S. spy agencies, that they ever go online or pick up the phone to discuss terror plots, experts say.
But the unspecified call to arms by the al-Qaida leaders, using a multilayered subterfuge to pass messages from couriers to tech-savvy underlings to attackers, provoked a quick reaction by the U.S. to protect Americans in far-flung corners of the world where the terror network is evolving into regional hubs.
For years, extremists have used online forums to share information and drum up support, and over the past decade they have developed systems that blend encryption programs with anonymity software to hide their tracks. Jihadist technology may now be so sophisticated and secretive, experts say, that many communications avoid detection by National Security Agency programs that were designed to uncover terror plots.
“This creates a bit of a cat-and-mouse game between terrorist groups that can buy commercial technology and intelligence agencies that are trying to find ways to continue to monitor,” said Seth Jones, a former adviser to U.S. special operations forces and counterterrorism expert at Rand Corp., a Washington-based think tank that receives U.S. government funding. “Some of the technology you can buy is pretty good, and it evolves, and it is a game that is constantly evolving.”
A U.S. intelligence official said the unspecified threat was discussed in an online forum joined by so many jihadist groups that it included a representative from Boko Haram, the Nigerian insurgency that has loose ties to al-Qaida. Two other intelligence officials characterized the threat as more of an alert to get ready to launch potential attacks than a discussion of specific targets.
One of the officials said the threat began with a message from al-Wahishi, head of the Yemen-based al-Qaida in the Arabian Peninsula, to al-Zawahri, who replaced Osama bin Laden as the core al-Qaida leader. The message essentially sought out al-Zawahri’s blessing to launch attacks. Al-Zawahri, in turn, sent out a response that was shared on the secretive online jihadi forum.
All three intelligence officials spoke on condition of anonymity because they were not authorized to discuss the threat.
Rita Katz, director of the Washington-based SITE Intelligence Group, which monitors jihadist websites, said it’s all but certain that neither al-Zawahri nor al-Wahishi would communicate directly online or on the phone.
Al-Zawahri’s location is unknown, but he was last believed to be in Pakistan, and al-Wahishi is said to be in Yemen. Given the nearly 2,000 miles between the two men, Katz said it’s most likely they separately composed encrypted messages, saved them on thumb drives and handed them off to couriers who disseminated them on secure websites.
Bin Laden, who was killed by U.S. Navy SEALs in May 2011, issued his messages in much the same way.
“These guys are not living in a bubble,” said Katz, who has been watching al-Qaida and other jihadi communications for years. “They live in a reality that is facing the American intelligence interception with the best, most advanced technology that can be created. So they always try to find ways to get away from these interceptions to be able to deliver messages.”
Tracking and eliminating al-Qaida operatives in Yemen hasn’t been easy for the U.S. It took years for the CIA finally to kill the cleric Anwar al-Awlaki in a drone strike after an intense manhunt. By staying off the grid, al-Wahishi and other senior al-Qaida leaders in Yemen, such as Qassim al-Rimi and top bomb-maker Ibrahim Al-Asiri, have managed to remain alive. So frustrated was the CIA at one point, the spy agency considered killing the couriers passing messages in an attempt to disrupt the terrorist group’s plans, a former senior U.S. official said.
The idea was dropped because the couriers were not involved in lethal operations.
Exactly how U.S. spy systems picked up the latest threat is classified, and Shawn Turner, spokesman for National Intelligence Director James Clapper, refused to confirm or deny Katz’s analysis on how it might have happened. Intelligence officials have suggested that the plot was detected, in part at least, through NSA surveillance programs that have been under harsh worldwide criticism for privacy intrusions in the name of national security.
It’s not clear, however, that even the powerful U.S. spy systems would be able to crack jihadists’ encrypted messages without help from the inside.
Earlier this year, an al-Qaida-linked extremist propaganda organization known as the Global Islamic Media Front released an encrypted instant-messaging system known as “Asrar al-Dardashah,” or “Secrets of the Chat.” It was a texting version of the organization’s end-to-end encryption program that followers had been using for years. End-to-end encryption means messages are put into code so that only senders and receivers can access the content with secure “keys.”
After the NSA programs were revealed in June by former NSA systems analyst Edward Snowden, jihadi websites began urging followers to also use software that would hide their Internet protocol addresses and, essentially, prevent them from being tracked online. That aimed to add another layer of security to the online traffic.
An Aug. 5 discussion about the U.S. embassy closings on a jihadi forum that is directly linked to al-Qaida underscored the need for “complete secrecy” in plotting attacks even while jeering at the American response to the message between al-Zawahri and al-Wahishi.
In a post on the Shumukh al-Islam online forum, a writer who identified himself as Sayyed al-Mawqif noted American news reports that said the terror threat possibly was intercepted though phone calls or surveillance of jihadist chat rooms or message boards. Shumukh al-Islam is not an encrypted site, but it requires a password to access and does not frequently accept new visitors.
“Even if there will not be a jihadi operation, it is sufficient that the mujahideen brothers succeeded in putting fear in the hearts of the disbelievers and the human devils,” al-Mawqif wrote, according to a SITE translation of the transcript. “We hope to hear more about psychological wars like this one if there are no actual jihadi operations on the ground.”
Encryption technology was once regulated by the U.S. for national security purposes, but it has been available to the public and used globally since the 1990s, including by human rights and free speech advocates.
Other technology experts believe the government could access encrypted messages with the help of Internet providers.
Depending on what software is used, Internet providers theoretically could be compelled to send the coded messages and their decryption keys to the government instead of to the intended recipient. Unknown vulnerabilities in software may also make it possible for hackers to break into computers and obtain messages.
It’s also possible that U.S. intelligence officials used a decidedly low-tech method to intercept the message between al-Zawahri and al-Wahishi — by planting a spy in the online forum. ___
Associated Press writer Raphael Satter in London contributed to this report.