Buried inside hundreds of pages of heavily redacted court documents from the case of a man accused of being one of al Qaeda's chief recruiters, is evidence that the terrorist group has launched successful cyberattacks, including one against government computers in Israel. This was the first public confirmation that the terrorist group has mounted an offensive cyberattack. The attacks were relatively unsophisticated and likely occurred before November 2001, when the prisoner who described them was arrested.
The terrorism suspect, Mohamedou Ould Slahi, was ordered freed from the prison at Guantánamo Bay last month by a federal judge who found that the government had insufficient evidence to continue detaining him. The Justice Department has appealed that decision. Military investigators concluded several years ago that Slahi had been both physically and psychologically tortured at Gitmo, which could have tainted evidence and likely prompted the judge's release order. The court records do not specify when and under what circumstances Slahi discussed al Qaeda's venture into cyberwar.
Though the vast majority of the court records dealing with the case remain classified, some details escaped redaction. For instance, Slahi told interrogators that al Qaeda "used the Internet to launch relatively low-level computer attacks." Al Qaeda "also sabotaged other websites by launching denial-of-service attacks, such as one targeting the Israeli prime minister's computer server," court records show. The Israeli embassy in Washington had no comment on the information published in the court records.
Denial of service attacks are common and relatively easy and cheap to coordinate. They aim to overload and temporarily disable websites for the duration of the attack. Al Qaeda's interest in the tactic, however, has received little discussion and attention.
Slahi, like many al Qaeda recruits, was highly educated and knowledgeable about computers, according to court filings. A citizen of Mauritania, he says he worked as a systems administrator for an Internet service provider there from May 2000 until July 2001. Slahi told interrogators that bin Laden's group posted hacking instructions "on specific websites that directed the date and time of the attack."
Even though al Qaeda's cyberattack was relatively minor and unsophisticated, other, more complicated attacks can be far more dangerous. Catastrophic cyberattacks such as crippling the power grid or breaching the air traffic control system are more the purview of nation states rather than terrorist groups. "To date, al Qaeda has not used its own hackers or rented hackers to damage, disrupt, or destroy important systems like banks, electric power grids, trains," says former presidential counterterrorism adviser and current consultant Richard Clarke. "We should expect that at some point a terrorist group might engage in low-level cyberwar, but the real threat is nation state action."
Although nation states are the primary concern, there are fears in the counterterrorism community that future terrorist attacks could be compounded if carried out in conjunction with cyber mischief. "Al Qaeda is focused more on attacking innocent civilians than computer networks," says one senior U.S. counterterrorism official. "That's not to say they're uninterested in cyberspace. But their capabilities in this area seem to be relatively unsophisticated, and there doesn't appear to be a concerted effort on their part to enhance them. Sure, some computer-savvy terrorist sympathizers try to make trouble from time to time, but at this point we're talking about things that cause more of a nuisance than lasting harm."
In some ways, a fight in cyberspace is one the United States welcomes. "When someone from al Qaeda jumps online, then we can jump on them," says another counterterrorism official.