[liberationtech] hey, sounds familiar

[Eugen Leitl]

“People who radicalise under the influence of jihadist websites often go
through a number of stages,” the Dutch report said. “Their virtual activities
increasingly shift to the invisible Web, their security awareness increases
and their activities become more conspiratorial.”

http://www.bloomberg.com/news/2013-06-23/u-s-surveillance-is-not-aimed-at-terrorists.html

U.S. Surveillance Is Not Aimed at Terrorists

By Leonid Bershidsky Jun 24, 2013 12:00 AM GMT+0200

The debate over the U.S. government’s monitoring of digital communications
suggests that Americans are willing to allow it as long as it is genuinely
targeted at terrorists. What they fail to realize is that the surveillance
systems are best suited for gathering information on law-abiding citizens.

People concerned with online privacy tend to calm down when told that the
government can record their calls or read their e-mail only under special
circumstances and with proper court orders. The assumption is that they have
nothing to worry about unless they are terrorists or correspond with the
wrong people.

The infrastructure set up by the National Security Agency, however, may only
be good for gathering information on the stupidest, lowest-ranking of
terrorists. The Prism surveillance program focuses on access to the servers
of America’s largest Internet companies, which support such popular services
as Skype, Gmail and iCloud. These are not the services that truly dangerous
elements typically use.

Read More: Leonid Bershidsky on Snowden's Moscow Layover

In a January 2012 report titled “Jihadism on the Web: A Breeding Ground for
Jihad in the Modern Age,” the Dutch General Intelligence and Security Service
drew a convincing picture of an Islamist Web underground centered around
“core forums.” These websites are part of the Deep Web, or Undernet, the
multitude of online resources not indexed by commonly used search engines.

No Data

The Netherlands’ security service, which couldn’t find recent data on the
size of the Undernet, cited a 2003 study from the University of California at
Berkeley as the “latest available scientific assessment.” The study found
that just 0.2 percent of the Internet could be searched. The rest remained
inscrutable and has probably grown since. In 2010, Google Inc. said it had
indexed just 0.004 percent of the information on the Internet.

Websites aimed at attracting traffic do their best to get noticed, paying to
tailor their content to the real or perceived requirements of search engines
such as Google. Terrorists have no such ambitions. They prefer to lurk in the
dark recesses of the Undernet.

“People who radicalise under the influence of jihadist websites often go
through a number of stages,” the Dutch report said. “Their virtual activities
increasingly shift to the invisible Web, their security awareness increases
and their activities become more conspiratorial.”

Radicals who initially stand out on the “surface” Web quickly meet people,
online or offline, who drag them deeper into the Web underground. “For many,
finally finding the jihadist core forums feels like a warm bath after their
virtual wanderings,” the report said.

When information filters to the surface Web from the core forums, it’s often
by accident. Organizations such as al-Qaeda use the forums to distribute
propaganda videos, which careless participants or their friends might post on
social networks or YouTube.

Communication on the core forums is often encrypted. In 2012, a French court
found nuclear physicist Adlene Hicheur guilty of, among other things,
conspiring to commit an act of terror for distributing and using software
called Asrar al-Mujahideen, or Mujahideen Secrets. The program employed
various cutting-edge encryption methods, including variable stealth ciphers
and RSA 2,048-bit keys.

The NSA’s Prism, according to a classified PowerPoint presentation published
by the Guardian, provides access to the systems of Microsoft Corp. (and
therefore Skype), Facebook Inc., Google, Apple Inc. and other U.S. Internet
giants. Either these companies have provided “master keys” to decrypt their
traffic - - which they deny -- or the NSA has somehow found other means.

Traditional Means

Even complete access to these servers brings U.S. authorities no closer to
the core forums. These must be infiltrated by more traditional intelligence
means, such as using agents posing as jihadists or by informants within
terrorist organizations.

Similarly, monitoring phone calls is hardly the way to catch terrorists.
They’re generally not dumb enough to use Verizon. Granted, Russia’s special
services managed to kill Chechen separatist leader Dzhokhar Dudayev with a
missile that homed in on his satellite-phone signal. That was in 1996.
Modern-day terrorists are generally more aware of the available technology.

At best, the recent revelations concerning Prism and telephone surveillance
might deter potential recruits to terrorist causes from using the most
visible parts of the Internet. Beyond that, the government’s efforts are much
more dangerous to civil liberties than they are to al-Qaeda and other
organizations like it.

(Leonid Bershidsky is an editor and novelist based in Moscow. The opinions
expressed are his own.) To contact the writer of this article: Leonid
Bershidsky at bershidsky at gmail.com.

To contact the editor responsible for this article: Mark Whitehouse at
mwhitehouse1 at bloomberg.net.