Monday, September 24, 2007

The Dark Web and Cyber Jihad

It's interesting to monitor the use and abuse of the buzz word "Dark Web". This press release for instance, tries to imply that the crawlers are actually crawling the Dark Web and analyzing cyber jihadist activities, a bit of an awkward statement given what the Dark Web is at the bottom line - a web that is closed for web crawlers either thought standard measures, or authentication :

"This is where the Dark Web project comes in. Using advanced techniques such as Web spidering, link analysis, content analysis, authorship analysis, sentiment analysis and multimedia analysis, Chen and his team can find, catalogue and analyze extremist activities online. According to Chen, scenarios involving vast amounts of information and data points are ideal challenges for computational scientists, who use the power of advanced computers and applications to find patterns and connections where humans can not. One of the tools developed by Dark Web is a technique called Writeprint, which automatically extracts thousands of multilingual, structural, and semantic features to determine who is creating 'anonymous' content online. Writeprint can look at a posting on an online bulletin board, for example, and compare it with writings found elsewhere on the Internet. By analyzing these certain features, it can determine with more than 95 percent accuracy if the author has produced other content in the past. The system can then alert analysts when the same author produces new content, as well as where on the Internet the content is being copied, linked to or discussed."

I've blogged about this AI project over an year ago, and have been following it ever since while experimenting with link and multimedia analysis of cyber jihadist communities before they were shut down. And while the innovations they've introduced for this period are impressive in terms of drawing social networking maps, the Dark Web's very principle, namely that it's authentication only Web, meaning it's closed for spiders, even human based researchers thought basic invite only or password authentication methods will prompt researchers to adapt in the long-term. Many of the cyber jihadist forums I didn't include in my last external links extraction were great examples of the dark cyber jihadist web, knowing where you crawl doesn't mean there'll be anything publicly available to crawl, and the trend is just starting to emerge. Such VIP clubs represent closed communities where more efforts should be put in taking a peek, thus it's ruining previous efficiency centered approaches of analyzing cyber jihadist communities. The alternatives remain rather contradictive but fully realistic - infecting terrorist suspects with malware, embedding malware within cyber jihadist communities, or unethically pen-testing the cyber jihadist communities to have the AI analyze the data obtained from the closed community, thus the Dark Web, at a later stage.

Meanwhile, after having the Global Islamic Media Front's online presence limited to the minimum, GIMF is making it in the mainstream media :

"On sites easily traceable via search engines, the German-language arm of the "Global Islamic Media Front" (GIMF) appeals for volunteer translators, inviting them to reply to a Hotmail address, and posts links to dozens of al Qaeda videos. "After some brothers and sisters were arrested (may Allah free them) and the Forum and blog of the GIMF were removed, we say this: the GIMF still exists and will continue its work," a statement from the front says. "To the Kuffar (infidels) who try to fight us, we say: you can do what you like, make as many arrests as you like...you will not reach your goal. We will always keep going until we achieve victory or martyrdom."The re-emergence of the GIMF in German highlights the difficulty for authorities of shutting down radical Islamist Web sites, which often simply spring up at new addresses."

Easily traceable mainly because they're not behind the Dark Web, at least not for now. Currently active GIMF URLs :

gimf.12gbfree.com
gimf.22web.net
gimf.cjb.net
gimfupload.blogspot.com with two redirectors gimfupload.notlong.com ; gimfupload.2ya.com

Despite that there're still literally hundreds of cyber jihadist forums and sites, quantity is not always equal to quality, namely, only a few of these will achieve success and mature into potentially dangerous communities. In the long term, however, once the "tip of the iceberg" communities dissapear, efficiency from the cyber jihadists will get sacrificed for improved OPSEC, namely they'll start operating behind the true Dark Web, making them more difficult and time-consuming to assess, track down, and shut down.

UPDATE: Inshallahshaheed (GIMF) has a new home.

No comments:

Post a Comment