In secretive chat rooms and on encrypted Internet message boards, al-Qaida fighters have been planning and coordinating attacks — including a threatened if vague plot that U.S. officials say closed 19 diplomatic posts across Africa and the Middle East for more than a week.
It’s highly unlikely that al-Qaida’s top leader, Ayman al-Zawahri, or his chief lieutenant in Yemen, Nasser al-Wahishi, were personally part of the Internet chatter or, given the intense manhunt for both by U.S. spy agencies, that they ever go online or pick up the phone to discuss terror plots, experts say.
But the unspecified call to arms by the al-Qaida leaders, using a multilayered subterfuge to pass messages from couriers to tech-savvy underlings to attackers, provoked a quick reaction by the U.S. to protect Americans in far-flung corners of the world where the terror network is evolving into regional hubs.
For years, extremists have used online forums to share information and drum up support, and over the past decade they have developed systems that blend encryption programs with anonymity software to hide their tracks. Jihadist technology may now be so sophisticated and secretive, experts say, that many communications avoid detection by National Security Agency programs that were designed to uncover terror plots.
“This creates a bit of a cat-and-mouse game between terrorist groups that can buy commercial technology and intelligence agencies that are trying to find ways to continue to monitor,” said Seth Jones, a former adviser to U.S. special operations forces and counterterrorism expert at Rand Corp., a Washington-based think tank that receives U.S. government funding. “Some of the technology you can buy is pretty good, and it evolves, and it is a game that is constantly evolving.”
A U.S. intelligence official said the unspecified threat was discussed in an online forum joined by so many jihadist groups that it included a representative from Boko Haram, the Nigerian insurgency that has loose ties to al-Qaida. Two other intelligence officials characterized the threat as more of an alert to get ready to launch potential attacks than a discussion of specific targets.
One of the officials said the threat began with a message from al-Wahishi, head of the Yemen-based al-Qaida in the Arabian Peninsula, to al-Zawahri, who replaced Osama bin Laden as the core al-Qaida leader. The message essentially sought out al-Zawahri’s blessing to launch attacks. Al-Zawahri, in turn, sent out a response that was shared on the secretive online jihadi forum.
All three intelligence officials spoke on condition of anonymity because they were not authorized to discuss the threat.
Rita Katz, director of the Washington-based SITE Intelligence Group, which monitors jihadist websites, said it’s all but certain that neither al-Zawahri nor al-Wahishi would communicate directly online or on the phone.
Al-Zawahri’s location is unknown, but he was last believed to be in Pakistan, and al-Wahishi is said to be in Yemen. Given the nearly 2,000 miles between the two men, Katz said it’s most likely they separately composed encrypted messages, saved them on thumb drives and handed them off to couriers who disseminated them on secure websites.
Bin Laden, who was killed by U.S. Navy SEALs in May 2011, issued his messages in much the same way.
“These guys are not living in a bubble,” said Katz, who has been watching al-Qaida and other jihadi communications for years. “They live in a reality that is facing the American intelligence interception with the best, most advanced technology that can be created. So they always try to find ways to get away from these interceptions to be able to deliver messages.”
She added: “I am sure they are delivering messages, through the message boards or by sending emails that are encrypted. But there is no way in my mind that Zawahri or Wahishi have access to the Internet, and I think Wahishi, at this stage of his life, is even afraid of going outside.”
Tracking and eliminating al-Qaida operatives in Yemen hasn’t been easy for the U.S. It took years for the CIA finally to kill the cleric Anwar al-Awlaki in a drone strike after an intense manhunt. By staying off the grid, al-Wahishi and other senior al-Qaida leaders in Yemen, such as Qassim al-Rimi and top bomb-maker Ibrahim Al-Asiri, have managed to remain alive. So frustrated was the CIA at one point, the spy agency considered killing the couriers passing messages in an attempt to disrupt the terrorist group’s plans, a former senior U.S. official said.
The idea was dropped because the couriers were not involved in lethal operations.
Exactly how U.S. spy systems picked up the latest threat is classified, and Shawn Turner, spokesman for National Intelligence Director James Clapper, refused to confirm or deny Katz’s analysis on how it might have happened. Intelligence officials have suggested that the plot was detected, in part at least, through NSA surveillance programs that have been under harsh worldwide criticism for privacy intrusions in the name of national security.
It’s not clear, however, that even the powerful U.S. spy systems would be able to crack jihadists’ encrypted messages without help from the inside.
Earlier this year, an al-Qaida-linked extremist propaganda organization known as the Global Islamic Media Front released an encrypted instant-messaging system known as “Asrar al-Dardashah,” or “Secrets of the Chat.” It was a texting version of the organization’s end-to-end encryption program that followers had been using for years. End-to-end encryption means messages are put into code so that only senders and receivers can access the content with secure “keys.”
After the NSA programs were revealed in June by former NSA systems analyst Edward Snowden, jihadi websites began urging followers to also use software that would hide their Internet protocol addresses and, essentially, prevent them from being tracked online. That aimed to add another layer of security to the online traffic.