Before September 11, 2001, al Qaeda was known to exist, was seen as a dangerous organization, but thought of as one that the FBI and CIA could keep an eye on and eventually round up. After September 11, 2001, al Qaeda suddenly became a bunch of Islamic superspies and assassins. In the past six months, as the world's intelligence and police agencies have gone after al Qaeda in a big way, a different picture has emerged.

While more than 20,000 Islamic terrorists flocked to Afghanistan (and other countries where training camps existed), most of them were trained as infantry and used as ground troops to fight the Northern Alliance for the Taliban. If they survived that, they were sent home to "do what they could" to strike a blow for Islam. Most of these lads restricted their militant activities to a lot of lively talk at the local coffee shop or mosque.

How do we know this? It seems that among the subjects taught at the al Qaeda terrorist schools, operational security was not the big favorite. OPSEC (operational security) is doing what is needed to keep the enemy from finding out what you're up to.

The al Qaeda trainees understood the need for OPSEC, but many did not understand how much OPSEC had to be applied to remain undetected. The biggest weakness among al Qaeda was careless use of telephones (especially cell phones) and e-mail. These two items are very popular with young folks everywhere, and the younger al Qaeda zealots are no exception. It turns out that the ease of use that makes cell phones and e-mail so popular also creates many situations where al Qaeda business is conducted without proper OPSEC safeguards. Even though most e-mail systems make available strong encryption, al Qaeda members have been caught using the weak old 40-bit encryption. Organizations like the U.S. NSA can easily crack 40-bit encryption. Worse yet, much al Qaeda e-mail gets sent with no encryption at all.

And then, still worse. Al Qaeda members are picked up carrying address books and computer files that use no encryption at all. If these lads expected Allah to see to their encryption needs, perhaps they should be told they are undergoing a religious crisis. No point in having faith in encryption unless you use it. One could understand this sloppiness in Afghanistan, where a lot of unencrypted material (hard disk drives, paper documents) was found in al Qaeda strongholds. The collapse of the Taliban was so swift, that one would expect a lot of stuff to be left behind as everyone rushed for the exit. Religion may also have something to do with it. When you believe you have God on your side, you tend to believe the Lord will provide (security for your data, or whatever.) But the al Qaeda outside of Afghanistan should have been better trained. They weren't. The "terrorist training" provided in Afghanistan was often haphazard and concentrated more on military, religious and anti-West indoctrination than about the details of running secret operations.

Al Qaeda probably was unaware that there are a relatively small number of Internet (IP) addresses in Pakistan, a favorite place for al Qaeda to take care of their e-mail. If the U.S. was not checking every item coming out of Pakistani Internet connections before September 2001, it probably has been since.

Actually, there apparently was a lot of surveillance of al Qaeda email and Internet operations before September 11, 2001, but this was unable to catch the elite al Qaeda agents. Although some 20,000 recruits went through the al Qaeda training camps between 1996 and 2001, only a few hundred were selected as elite agents. These guys did pay attention to OPSEC, or at least did so a lot more than lesser agents. It is these elite agents that are being sought all over the world. Some were killed in the Afghanistan fighting; some are still loose in Afghanistan. Others are captives in Afghanistan and Guantanamo Bay.

The remaining agents, perhaps 100-200, are on the loose outside of Afghanistan. Without the al Qaeda organization back in Afghanistan, these agents are largely on their own. Apparently they are contacting the less capable graduates of the al Qaeda camps, and this is where some of them are getting caught because of careless use of e-mail. Adding to their problems are the thousands of documents being collected in abandoned houses, apartments, camps and caves. These identify many who have been through the camps and are now elsewhere.

While the al Qaeda agents on the loose are extremely dangerous, they are also vulnerable. And we owe a lot of that to the Internet.

"Dirty Little Secrets" is syndicated by: