By Eli Lake
Staff Reporter of the Sun
October 9, 2007
WASHINGTON -- Al Qaeda's Internet communications system has suddenly
gone dark to American intelligence after the leak of Osama bin Laden's
September 11 speech inadvertently disclosed the fact that we had
penetrated the enemy's system.
The intelligence blunder started with what appeared at the time as an
American intelligence victory, namely that the federal government had
intercepted, a full four days before it was to be aired, a video of
Osama bin Laden's first appearance in three years in a video address
marking the sixth anniversary of the attacks of September 11, 2001. On
the morning of September 7, the Web site of ABC News posted excerpts
from the speech.
But the disclosure from ABC and later other news organizations tipped
off Qaeda's internal security division that the organization's Internet
communications system, known among American intelligence analysts as
Obelisk, was compromised. This network of Web sites serves not only as
the distribution system for the videos produced by Al Qaeda's production
company, As-Sahab, but also as the equivalent of a corporate intranet,
dealing with such mundane matters as expense reporting and clerical
memos to mid- and lower-level Qaeda operatives throughout the world.
While intranets are usually based on servers in a discrete physical
location, Obelisk is a series of sites all over the Web, often with fake
names, in some cases sites that are not even known by their proprietors
to have been hacked by Al Qaeda.
One intelligence officer who requested anonymity said in an interview
last week that the intelligence community watched in real time the
shutdown of the Obelisk system. America's Obelisk watchers even saw the
order to shut down the system delivered from Qaeda's internal security
to a team of technical workers in Malaysia. That was the last internal
message America's intelligence community saw. "We saw the whole thing
shut down because of this leak," the official said. "We lost an
important keyhole into the enemy."
By Friday evening, one of the key sets of sites in the Obelisk network,
the Ekhlaas forum, was back on line. The Ekhlaas forum is a
password-protected message board used by Qaeda for recruitment,
propaganda dissemination, and as one of the entrance ways into Obelisk
for those operatives whose user names are granted permission. Many of
the other Obelisk sites are now offline and presumably moved to new
secret locations on the World Wide Web.
The founder of a Web site known as clandestineradio.com, Nick Grace,
tracked the shutdown of Qaeda's Obelisk system in real time. "It was
both unprecedented and chilling from the perspective of a Web techie.
The discipline and coordination to take the entire system down involving
multiple Web servers, hundreds of user names and passwords, is an
astounding feat, especially that it was done within minutes," Mr. Grace
The head of the SITE Intelligence Group, an organization that monitors
Jihadi Web sites and provides information to subscribers, Rita Katz,
said she personally provided the video on September 7 to the deputy
director of the National Counterterrorism Center, Michael Leiter.
Ms. Katz yesterday said, "We shared a copy of the transcript and the
video with the U.S. government, to Michael Leiter, with the request
specifically that it was important to keep the subject secret. Then the
video was leaked out. An investigation into who downloaded the video
from our server indicated that several computers with IP addresses were
registered to government agencies."
Yesterday a spokesman for the National Counterterrorism Center, Carl
Kropf, denied the accusation that it was responsible for the leak.
"That's just absolutely wrong. The allegation and the accusation that we
did that is unfounded," he said. The spokesman for the director of
national intelligence, Ross Feinstein, yesterday also denied the leak
allegation. "The intelligence community and the ODNI senior leadership
did not leak this video to the media," he said.
Ms. Katz said, "The government leak damaged our investigation into Al
Qaeda's network. Techniques and sources that took years to develop
became ineffective. As a result of the leak Al Qaeda changed their
methods." Ms. Katz said she also lost potential revenue.
A former counterterrorism official, Roger Cressey, said, "If any of this
was leaked for any reasons, especially political, that is just
unconscionable." Mr. Cressey added that the work that was lost by
burrowing into Qaeda's Internet system was far more valuable than any
benefit that was gained by short-circuiting Osama bin Laden's video to
While Al Qaeda still uses human couriers to move its most important
messages between senior leaders and what is known as a Hawala network of
lenders throughout the world to move interest-free money, more and more
of the organization's communication happens in cyber space.
"While the traditional courier based networks can offer security and
anonymity, the same can be had on the Internet. It is clear in recent
years if you look at their information operations and explosion of Al
Qaeda related Web sites and Web activities, the Internet has taken a
primary role in their communications both externally and internally,"
Mr. Grace said.
CSI 2007 is the only conference that delivers a business-focused
overview of enterprise security. It will convene 1,500+ delegates,
80 exhibitors and features 100+ sessions/seminars providing a
roadmap for integrating policies and procedures with new tools
and techniques. Register now for savings on conference fees
and/or free exhibits admission. - www.csiannual.com