Hunting for a cyber-jackal - one of the most dangerous terrorists

Junaid Hussain originally wanted to be a rapper. It turned out, however, that this Pakistani kid from Birmingham, England, lived in an online world with internet speed. In just a decade, between the ages of 11 and 21, he went from playing games to hacking to murder.

His story unfolded faster than anyone could have predicted. For the first half of his virtual life, he acted with impunity as a hacker, bragging in one interview that he had many steps ahead of the authorities: "One hundred percent certain that they have nothing on me. I don't exist for them. I never use my real ones. I never use my real ones. details online. I never buy anything. My real identity doesn't exist - and no, I'm not afraid of getting caught. "

In 2015, at the age of 21, he would rather not repeat these words - he was a man pursued by the United States, number three on the government's list of most wanted people from the Islamic State created in Iraq and Syria.

Living under constant threat in ISIS-controlled eastern Syria, Hussain tried to keep his stepson with him, believing it would save him from an American air strike.

The hunt begins

In the Department of Justice, where I was working as Assistant Attorney General for National Security at the time, neutralizing Hussain was one of the top priorities.

Almost every week of 2015 brought a fresh attempt at the attack on the United States that this man was behind; FBI investigative teams were on their last legs while pursuing dozens of potential terrorists. We were withdrawing agents from the criminal departments to strengthen the anti-terrorist division. Alarm bells rang daily in the government, but we publicly tried to downplay the threat. We did not want Hussain to become another world famous figure identified with the twisted ideology of jihad.

Hussain was an internet threat that we had long known would come one day - a tech-savvy terrorist who uses the tools of modern digital technology to extend his group's reach far beyond its physical location.

In the summer of 2015, he successfully launched one of the most branched cyber-conspiracies the world has ever seen. A British terrorist of Pakistani roots living in Syria recruited a Kosovar hacker who studied computer science in Malaysia to attack US military personnel and women living in the United States.

The birth of a terrorist

Hussain's path to cyber-terrorism began with a simple theme: revenge.

According to an interview he gave in 2012, Hussain - who originally appeared online under the nickname TriCk - said he started hacking when he was 11 years old. He was playing a certain online game when another hacker kicked him off the net.

"I wanted my revenge, so I started to google what I could about hacking," he explained. "I joined several online hacking forums, read articles, started learning the basics of social engineering, and gradually climbed up. I didn't take revenge, but became one of the most hated hackers in the game."

At the age of 13, he decided that games were for children, and at the age of 15, he "went into politics". He was engrossed in Internet videos of children killed in places like Kashmir and Pakistan, and began actively contributing to conspiracy theories, freemasons and illuminati websites.

These secret paths led Hussain to a hacker group of seven friends; they called themselves TeaMp0isoN, in the hacker slang "Poison Team", thus referring to the old hacker forum p0ison.org.

They became famous in 2011 thanks to a specific form of "hacktivism". They demolished websites, often posting pro-Palestinian declarations on them, and attacked the websites of important organizations such as BlackBerry and NATO, or public figures such as former Prime Minister Tony Blair - hacked his personal assistant's account and made his address book public online.

His internet activity did not last long. In September 2012, he was arrested and sentenced to six months in prison for the attack on Blair's account. TeaMp0isoN passed away, but his anger and contempt against Western society by no means subsided.

Shortly after leaving prison, he entered Syria into ISIS-controlled territories and married would-be musician Sarah Jones, who also became a supporter of the Islamic State. There, he became involved in spreading ISIS war propaganda on the Internet, introducing himself as Abu Hussain al-Britani.

In the photo on Twitter, he posed in a mask that covers half his face and with a Kalashnikov in his hand pointing at the lens. Everything he learned about internet culture and the tools to promote it, he used to create what one journalist called "a macabre version of a dating site."

He quickly established himself as the foremost ISIS propagandist in CyberKaliphate, recruiting frustrated and himself-like young people for a global war. "You can sit at home and play Call of Duty, or you can come here and take the real challenge (…) The choice is yours," he encouraged in one of the tweets.

Hussain's tactic was by no means new, but with the ISIS terrorists he took it to an unprecedented level. In some respects, Hussain represented the most dangerous type of terrorism we have encountered so far - he was the master of the nascent digital jihad world.

Terrorists go online

We knew that sooner or later terrorists would get interested in the Internet - for the same reason why the Internet is a great place for all kinds of rebels and niche communities. Its openness, ease of use and global reach make it easy to distribute extremist content online.

While working for the government - first with the FBI, then with the National Security Department of the Department of Justice, and finally as the assistant attorney general overseeing the division - I spent most of my time watching this escalating threat and anticipating when we would first face a "mixed attack". combining a real hit with its sound system in the network.

It was supposed to be, for example, an attack in which terrorists simultaneously detonate a trap car and attack the city's communication system, thus achieving a fear multiplier effect and aggravating the chaos. Terrorists also saw this possibility. Al-Qaida even released a video comparing computer network vulnerabilities to air traffic safety weaknesses prior to 9/11.

Online terrorism presented a whole new challenge - never before had the United States been involved in a conflict with an enemy from abroad who could communicate directly with American citizens.

A few months before I joined the FBI, first as a special adviser and later as head of the cabinet of director Robert Mueller, a new platform called Twitter appeared on the internet. We had no idea how powerful a tool it could become in the hands of internet extremists.

Something else had changed when I moved into my new office on the seventh floor of the heavy J. Edgar Hoover Building on Pennsylvania Avenue. The al-Qaeda threat has become more amorphous. The activities of the terrorist organization Osama bin Laden were initially based on centrally planned actions - such as 9/11 and the attempted attack on transatlantic passenger planes in 2006.

However, the ruthless post-9/11 campaign by NATO and Western intelligence agencies, using all the tools available to the US government, severely limited the ability to organize and direct attacks from a distance. Therefore, the "proper" al-Qaeda actually opted for a "terrorist franchise" - its mission was continued by such groups as al-Qaeda of the Arabian Peninsula (QAP) or al-Qaeda in Iraq.

The latter later evolved into ISIS. It was a next-generation terrorist franchise that took al-Qaeda's online activity to the next level. It used the web to transform the jihadist movement into a global threat, far beyond the war zones in Afghanistan, Iraq and Syria.

Islamic extremism developed mainly in countries where the media was controlled by the state, such as Egypt and Saudi Arabia, so for obvious reasons the movement invested heavily in alternative means of communication from the outset. "Proper" Al-Qaeda relied heavily on face-to-face lectures and fundraising at mosques and community centers around the world - before 9/11 even in the United States itself - making only brief forays into "Web 1.0" technology areas such as forums, online advertisements or mailing lists to promote your idea.

Young terrorists are becoming more and more brutal

In its media activities, al-Qaeda avoided showing the most brutal side of the world's jihad. She believed that the global battle for "hearts and minds" could be most effectively won by spreading ideas, not by chilling scenes.

In the middle of the first decade of the new century, the Iraqi branch of al-Qaeda led by Abu Musaba al-Zarqawi began to spread on the Internet brutal scenes of executions and then terrifying, and now unfortunately all too common, photos of hostages in orange suits. Bin Laden's first deputy, Ayman al-Zawahiri, responded by writing a letter warning an Iraqi group against spreading these nightmares.

"I tell you, we are in a battle and more than half of this battle is fought in the media field. We are in a media battle in the race for the hearts and minds of our Umma (Muslims)," wrote Zawahiri, gently disciplining his hotheaded Iraqi colleagues. "A Muslim society that loves and supports you will never accept hostage murder scenes."

The difference in approach was a sign of a generational divide between older al-Qaeda leaders - such as bin Laden and Zawahiri - and a younger, more tech-savvy generation that understood the power of online communication. It reflected the generation gap we see in every area of ​​our lives. Businesses and institutions around the world also operate along that gap between those who remember the pre-computing era and those who find it as natural to use the iPhone as it is to breathe.

It didn't take long for the new generation to play a leading role in al-Qaeda. At the beginning of the new millennium, Irhabi 07 (irhabi is the Arabic term for "terrorist") became something of a webmaster for all of Al-Qaeda, growing to be the leader of the most important password-protected jihadist forums.

It soon became apparent that a British teenager was hiding behind this pseudonym. Scotland Yard officer Peter Clarke said at the time: "What he was doing showed us to what extent they can conduct operational planning on the internet. It was the first virtual conspiracy we have dealt with."

The first but not the last. Jihadist leaders such as an American named Adam Gadahn - who took the pseudonym Azzam the American - began adopting new media tactics, glittering in Internet videos and becoming something of a press spokesman for the group.

Gadahn's efficiently made recordings presented the group's philosophy and contained English subtitles to reach the widest audience. Other jihadists followed a similar model: in Chechnya, Islamic extremists created a video series titled "Russian Hell" in which they described unexpected attacks on Russian forces and sent out a simple message intended to undermine the morale of the occupying forces that never knew where the next attack might come from.

In East Africa, a 20-year-old Muslim growing up in Alabama who traveled to join Omar Hammami's Ash-Shabab organization - aka Abu Mansoor Al-Amriki - began appearing in terrorist videos and soon became one of the group's most recognizable leaders.

Next in line was the erstwhile American imam, Anwar al-Awlaki, who won a national and then an international audience for his teachings by publishing CDs of lectures, available for purchase through the Islamic bookstore network and websites. Hiding in Yemen, he became the public face of AQAP, the most effective and dangerous arm of al-Qaeda of the first generation.

In addition to giving lectures on the Internet, Awlaki has collaborated with another American, Samir Khan. Together, they helped AQAP reach new audiences by creating neat, attractive marketing materials promoting their cause. These included a well-made PDF magazine called Inspire, which urged extremists around the world not to be afraid of going to places as far away as Pakistan or Yemen.

They were to attack the infidels there - or stay home and run what the magazine called "Open Source Jihad", for example by renting a pickup truck and turning it into a "death vehicle".

"How to make a bomb in your mom's kitchen"

One of the articles in "Inspire" written by "AQ chef" explained, in turn, "how to make a bomb in your mom's kitchen".

By the end of the first decade of this century, Awlaki's fingerprints were on just about every major terrorist plot we discovered in the United States, including the 2007 Fort Dix attack, the shooting at Little Rock recruitment, and the 2010 Times Square bombing. All perpetrators. they subscribed to Awlaki's magazine, listened to his religious lectures, and never met him in person.

Awlaki was killed in a US air raid in September 2011. A few days later, the AQAP announced: "America has killed Sheikh Anwar, may Allah protect him, but he cannot kill our thoughts. The martyrdom of the sheikh will give new life to his thoughts and struggles."

Indeed, in the years that followed, we could observe that his tactics unfortunately turned out to be effective. His lectures inspired the bombers who planted the bombs during the Boston Marathon in 2013, and as a new threat - ISIS - emerged - we continued to see many would-be terrorists benefiting from Awlaki's online teachings.

At the time of Awlaki's death, the terrorist threat in the United States seemed to be waning. We had no idea that we would soon be living in the worst terror period since 9/11.

Brutal online executions

When "al-Qaeda in Iraq" split from the "right" al-Qaeda and evolved into an armed force known as ISIS, group leaders were able to drastically improve the multimedia techniques used by other terrorist organizations, especially when the popularity of social media such as Twitter , exploded all over the world.

As ISIS approached Baghdad in 2014, social media swarmed with photos of black flags flying over the Iraqi capital. The terrorist amia sent 40,000 tweets in just one day.

Viewing videos recorded by ISIS has become a nightmare routine during FBI briefings; Every morning, FBI and Justice Department executives responsible for national security and counter-terrorism gathered at the Hoover Building's state-of-the-art command center to analyze the day's greatest threats - from geopolitical events to individual conspiracies and suspects across the country.

Too many mornings have been spent watching the gruesome executions of hostages, militants captured in Syria, or other ISIS victims.

ISIS's extensive and efficient propaganda department understood how to get the public's attention: by showing the nightmarish details of the executions of Syrian militants, hostages and almost everyone who got in the way of ISIS. The brutality of the Islamic State was unprecedented; barbarism has always been part of the war, but the parties usually put a lot of effort into concealing it.

ISIS boasted of its hideous deeds whenever it had the opportunity, deliberately orchestrating mass murders, filming them from different camera angles, and seeking to catch the "perfect" shot.

The executioners sometimes read their lines from the teleprompter. These recordings were meant to intimidate opponents, give the group a sense of omnipotence and strength, which often could not be justified in reality. According to the recordings, every fight was victorious - and even when the victims on the ISIS side were shown, they were carefully posed and venerated as martyrs for a just cause. It was an honor to die for ISIS.

The "right" al-Qaeda long worshiped bin Laden, and recruitment and propaganda relied on his personal messages. Awlaki's lengthy lectures focused closely on intricate ideological interpretations of Islam. Instead, the latest incarnation of Islamic extremism celebrated individual militants, showing the appeal of jihad less as a religious experience and more - as Junaid Hassan wrote in his tweet - as a chance to experience the adventure and abandon Call of Duty in favor of real combat.

An analysis of 1,300 ISIS videos by Javier Lesac of George Washington University showed that one in five of them referred directly to such American computer game hits as "Call of Duty", "Grand Theft Auto" and "American Sniper".

These terrible recordings, which became ISIS trademarks, were, however, only a narrow part of the entirety of her multimedia productions - most of them aimed at a different audience.

The propaganda used cute kittens and micro-targeting

In a completely manipulated way, it showed potential jihadists how wonderful it is to live in an ISIS-controlled country. At least half of all ISIS messages and messages on social media concerned a "utopia" created in the Middle East.

The recordings showed that living in the territories controlled by ISIS was like a paradise. The fighters posed for photos, fishing in the Euphrates, and in the photos of freshly caught fish, they stood masked and with rifles slung over their shoulder.

Two ISIS fighters have been photographed snorkeling in blue waters. On the Telegram web application, you could see photos of the self-proclaimed "Caliphate" depicting scenes from everyday life: rainbows over beaches, fruit hanging from trees, blooming flowers.

In one of the photos, a masked terrorist is playing with a kitten with one hand and holding a Kalashnikov in the other. (Even terrorists have learned the universal truth of the Internet: cats sell best.)

Like any global company, they paid a lot of attention to micro-targeting: in a video directed to the United States, terrorists licked lollipops or ate cotton candy. In the European version, they ate nutella.

This propaganda was supposed to be just one of the tools in ISIS's digital arsenal - it was intended to attract potential recruits around the world. Those interested in joining the jihad could later contact ISIS recruiters or supporters on Twitter, or other social media platforms and online forums.

From there, the conversation often moved to secure, encrypted messaging, such as Signal, Telegram, or WhatsApp. At one point, ISIS even developed its own communications application, called the Amaq Agency.

Online recruiters

Our behind-the-scenes experience has shown that "lone wolves" did not really exist. Individuals who radicalized themselves online often remained in contact with other extremists, sometimes even in their own community.

Mohamed Abdullahi Hassan, a Somali American from Minnesota who joined the Ash-Shabab organization, was the most important contact and one-man recruiting point for his young fellow Minneapolis fellows.

This approach has proved to be common. There just weren't any people who woke up in the morning, read a Twitter post, and suddenly decided that they would kill Americans from now on. There is no single path to radicalization, and the web does not provide a magic recipe for it.

Radicalization is a process, a journey, but Internet propaganda and dialogue are drastically lowering barriers and removing obstacles to recruiting potential terrorists at a distance. Foreign hunters can communicate directly, privately and in real time with kids who live in the same house as us.

Internet radicals were also difficult to identify for law enforcement and intelligence agencies.

After 9/11, we became very good and effective at taking down conspiracies and identifying potential terrorists by tracking their physical "signatures" - the ways they traveled to Pakistan, Afghanistan, Yemen or other terrorist-friendly places, channels through which money was sent to them from abroad, ways how they made phone calls or sent e-mails to known terrorists abroad, how they tried to procure ingredients for the construction of explosives and other lethal weapons.

"Kill where you live"

The world intelligence community was getting better at obstructing the physical excursions of potential fighters to Syria or places like Yemen, but the danger pupated yet again as these groups began to recruit "kill where you live".

The pace of this change was amazing. What took al-Qaeda the better part of a decade in the case of ISIS took only a few months.

The new tactics of al-Qaeda and ISIS have stripped us of all of our previous strengths. By encouraging potential recruits to stay at home in the US or Europe and launch attacks there, recruiters made it almost impossible for us to spot common behaviors - suspicious travel or money transfers - that could indicate an impending attack.

Most terrorist organizations invested neither time nor money in these people, so they did not care if nine out of 10 of them - or 99 out of 100 - were unsuccessful. "Someone can do it while sitting in their pajamas in their basement," then FBI director James Comey told Congress in the fall of 2014. "These are native extremists who worry us and who can get any poison they need and any training they need to kill Americans in a way that is very hard to trace."

We have created free technology for them ourselves

In examining this problem, I found that in some respects the situation was even more paradoxical. As a country and a society, we provided our opponents with technology - technology developed through our creativity and our investment in education. Technology that allowed them to communicate securely and in real time with each other and with potential recruits. Technology designed to keep their conversations secret and prevent law enforcement from eavesdropping on them, even with a valid court order.

This technology allowed them to reach our schools, shopping malls and children's rooms to spread poison among our children, educate them and provide operational guidance on how to kill compatriots. And we gave them all for free - it only took a few clicks to download the app. It's as if at the height of WWII we were to develop groundbreaking military technology and then pass it on to the Nazis and the Japanese.

It was in these conditions that we began to hear the name Junaid Hussain more and more often.

Junaid Hussain's Cyber ​​Caliphate

Working with over a dozen digital jihad recruiters, Hussain and his colleagues proclaimed themselves heads of the CyberKaliphate in mid-2014 and began employing some of the old TeaMp0isoN tactics at ISIS. They wrecked websites and took control of homepages and social media accounts.

Hussain played cat and mouse all the time with Twitter. The company suspended or closed his accounts, and he opened new ones. On the Internet, he promised that the ISIS flag would fly over the White House and called for the murder of Israelis.

In February 2015, ISIS hackers hijacked accounts belonging to, among others, Newsweek and tweeted threats against First Lady Michelle Obama. They tried hard to inspire attacks far away from the Middle East, putting in March 2015 a "kill list" with the names of 100 airmen from two US Air Force bases.

Throughout this time, Hussain has been in constant contact with dozens of potential ISIS recruits and followers from around the world via his @ AbuHussain_l6 Twitter account.

His internet proclamations kicked off a wave of brutal - and for his recruits fatal - events in 2015 that outgrown FBI agents chasing ISIS recruits across the country.

According to the Los Angeles Times, Hussain "communicated with at least nine people who were later arrested or killed by US law enforcement." "The FBI was after the last of its strength," Director Comey later said. "We've been chasing or trying to prosecute, electronically, with court orders, or physically, dozens, dozens of people we thought were on the verge of being violent."

The needs were so great that the FBI was drawing criminal agents to do counter-terrorism surveillance. For those on the front lines of the fight against terrorism, this was one of the darkest periods since the 9 September attacks.

Scary "flash-to-bang"

In the context of terrorists, we often talk about what is known as "flash-to-bang", the time it takes to move from radicalization to attack. This metaphor refers to a beam of dynamite that first flares up ("flash") and then explodes ("bang").

With a new social media slogan - "kill where you live" - ​​ISIS turned the problem we had with Ash-Shabab, where recruiting aimed at the relatively geographically limited Somali diaspora, into a nationwide challenge, often with dangerously unpredictable results.

There was no geographic center, and potential ISIS recruits were not even particularly religious at first. In 2015, we faced dozens of half-maddened young people who had a short and unpredictable flash-to-bang period.

There was no great conspiracy to unmask, and no journeys to be monitored. The danger transcended geographic and ethnic lines.

Cases were handled by 35 different US District Attorney's Offices. Half of the suspects were under 25, and the statistics I remember particularly well showed that a third were 21 or younger. ISIS has targeted our children.

Many cases involved minors, so we had to issue special instructions to prosecutors on how to deal with this minor terrorism in federal courts - previously such cases were rare.

In April 2015, Hussain persuaded 30-year-old Elton Simpson from Arizona to join his native jihad. As court papers later showed, the two exchanged messages via Surespot's encrypted messenger.

In early May, Simpson and his friend Nadir Soofi traveled to Garland, Texas to attack an exhibition organized by anti-Muslim activist Pamela Geller. It included, among others, pictures of the Prophet Muhammad, whose mere depiction is considered offensive in Islam. Hussain clearly knew that the attack was coming - he tweeted an hour earlier: "Knives sharpened, we will soon be on your streets, bringing death and massacre!"

Two men - one of whom had decorated his Twitter account with a photo of Awlaki - opened fire on the police car that was guarding the entrance to the party. They died when the policemen returned fire. Hussain celebrated the attack on Twitter by saying: "Allah Akbar !!! Two of our brothers just opened fire."

Then there was Munir Abdulkader, a 21-year-old outside Cincinnati, who wrote on the internet that he hoped ISIS would "rule the world." He and Hussain contacted online and Hussain encouraged him to kidnap and behead an American soldier in Ohio - he even provided him with his address. He also suggested that Abdulkader might attack the police station.

The Los Angeles Times later reported that the FBI initially tracked Abdulkader covertly by monitoring Hussain's Twitter messages. The agents, however, found themselves in a dead end when the suspects switched to an encrypted messaging system in which only the sender and recipient can read messages. The FBI had to rely on its informant. As part of his preparations, Abdulkader was observing the police station, and when he went on May 21, 2015 to buy an AK-47 rifle, the FBI arrested him.

Hussain's long hands of recruiting spanned the entire country. Jeden z najkrótszych flash-to-bang, jakie widzieliśmy, wydarzył się w Bostonie: 2 czerwca 2015 r. Agent FBI i lokalny policjant nakryli na parkingu sklepu spożywczego 26-letniego Usaamaha Abdullaha Rahima. Wcześniej Hussain zachęcał Rahima do skierowania się na tę samą wystawę Pameli Geller, by dokonał powtórnego ataku w Garland w Teksasie, ale Rahim niecierpliwił się i postanowił po prostu improwizować.

Rozpoczął działania we własnym w sąsiedztwie, chcąc uderzyć w lokalne służby. Hussain namówił go, by nosił nóż na wypadek, gdyby został osaczony przez "federalnych", a Rahim przechwalał się potem swoim nowym nabytkiem w rozmowie telefonicznej z przyjacielem, mówiąc: "Dostałem niezłe narzędzie. Wiesz, to jest dobre np. do rzeźbienia w drewnie i, wiesz, w ogóle rzeźbienia - i tak dalej, wiesz."

Rahim faktycznie wyciągnął nóż, gdy zbliżyli się oficerowie i został zabity.

Później w tym samym miesiącu FBI aresztowało Justina Nojana Sullivana, człowieka z Północnej Karoliny, który obiecał Hussainowi online, że przeprowadzi masowy atak w imieniu ISIS. Kiedy Sullivan, który działał w sieci pod imieniem TheMuhahid, napisał do Hussaina: "Wkrótce przeprowadzę pierwszą operację Państwa Islamskiego w Ameryce Północnej", Hussain szybko zareagował, aby upewnić się, że ISIS zostanie w sprawie ataku wspomniana w mediach społecznościowych: "Czy możesz przedtem zrobić wideo?"

FBI ledwo nadąża

Z perspektywy rządu wydawało się, że ta fala cały czas wzbiera. Pod wieloma względami działania antyterrorystyczne w USA były dużo lepiej zorganizowane i bardziej przemyślane niż kiedyś w czasach spisków inspirowanych przez al-Awlakiego, ale i tak ledwo nadążaliśmy. Wcześniej podczas mojej pracy w FBI uważaliśmy, że 10 równolegle występujących zagrożeń terrorystycznych to już dużo; w tym momencie mieliśmy ich kilkadziesiąt.

Nie chcieliśmy popadać w alarmistyczne tony, ale zdawaliśmy sobie sprawę, że nie mamy zasobów, by przeciwstawić się tej inspirowanej mediami społecznościowymi fali. Od 2009 roku FBI znacznie wzmocniło swoje możliwości inwigilacyjne.

Wówczas agencja miała problemy z równoległym śledzeniem dwóch spisków terrorystycznych, jednego łączonego z Najibullahem Zazim, który planował atak na nowojorskie metro i drugiego, za którym stał David Coleman Headley, mózg terrorystycznego ataku na hotele w Bombaju w 2008 roku.

Jednak nawet przy zwiększonych zasobach, zagrożenie terrorystyczne wydawało się nas przerastać. Całodobowa obserwacja wymagała dziesiątków ludzi, a my musieliśmy prowadzić kilkadziesiąt spraw w każdym zakątku kraju.

Wydawało się, jak byśmy po prostu czekali na następny atak terrorystyczny. Zbyt często powodzenie zawdzięczaliśmy szczęściu – odkryliśmy ten czy inny spisek, ponieważ potencjalny terrorysta porozmawiał ze złą osobą, albo jego urządzenie zawiodło.

Podsumowując, według analizy George Washington University dotyczącej 117 osób aresztowanych w Stanach Zjednoczonych za związki z Państwem Islamskim pomiędzy styczniem 2014 roku a początkiem 2017, ponad połowa została schwytana w 2015.

Przez ten rok odnosiliśmy taktyczne sukcesy, ale ponieśliśmy strategiczną porażkę – likwidowaliśmy spiski jeden po drugim, ale nie mogliśmy powstrzymać samej fali, inspirowanej działalnością ISIS w mediach społecznościowych.

W niemal każdym przypadku kluczową osobą okazywał się Junaid Hussain lub któryś z jego współpracowników. Podczas codziennych briefingów zastanawialiśmy się, czy powinniśmy publicznie mówić o jego roli – musieliśmy skupić na nim wysiłki rządu, ale jednocześnie nie chcieliśmy robić z niego bohatera.

Nasza bitwa przeciw Anwarowi al-Alwakiemu wyniosła go na globalny piedestał i nie chcieliśmy powtarzać tego błędu z Hussainem. Naciskaliśmy na Pentagon, by ścigając Hussaina i innych internetowych rekruterów, skupili się na swoim "teatrze działań".

Hussain nie był już "tylko" rekruterem, był działaczem operacyjnym, próbującym kierować ataki na swoją ojczyznę. Pentagon zgodził się: rozumieli, że walka z ISIS rozgrywa się na wielu różnych polach.

Junaid Hussain uderza bezpośrednio

Lato 2015 roku przyniosło zapewne najbardziej niepokojącą sprawę ze wszystkich dotychczasowych – niebezpieczne połączenie cyber-przestępczości i terroryzmu, które ujawniło nową twarz globalnej wojny z terrorem.

11 sierpnia 2015 roku Hussain zamieścił serię tweetów, które początkowo wydawały się normalnym przejawem jego wojowniczej retoryki. Ogłosił, że "żołnierze (…) będą strzelać wam w kark na waszej własnej ziemi!". Później przyszła niespodzianka: "NOWE: Amerykańska armia i rząd ZHAKOWANI przez Państwo Islamskie". Załączony link do 30-stronnicowego dokumentu nie pozostawiał wątpliwości, że sprawa jest poważna.

Dokument Hussaina zaczynał się od ostrzeżenia, które mroziło krew w żyłach:

"Jesteśmy w waszych mailach i systemach komputerowych, obserwujemy i rejestrujemy każdy wasz ruch, mamy wasze nazwiska i adresy, jesteśmy na waszych kontach społecznościowych, wyciągamy poufne informacje i przekazujemy wasze dane osobowe żołnierzom kalifatu, którzy wkrótce, z pomocą Allaha, będą wam strzelać w kark na waszej własnej ziemi!".

Kolejne strony dokumentu zawierały nazwiska i adresy 1351 członków amerykańskich sił zbrojnych i innych pracowników rządowych, a także trzy strony nazwisk i adresów pracowników federalnych, a nawet facebookowe konwersacje między amerykańskimi żołnierzami.

Wpis postawił agendy rządowe w stan podwyższonej gotowości. Byliśmy zdeterminowani, by ustalić, skąd pochodzą informacje i chronić zagrożonych wojskowych i kobiety. Odkryliśmy, że podobnie jak w przypadku większości cyber-ataków w minionej dekadzie, także ten zaczął się w mało oczekiwanym miejscu.

Po nitce do kłębka

Pierwsza wskazówka pojawiła się w tydzień po tweecie Hussaina.

Pewien amerykański sklep internetowy z Illinois otrzymał gniewnego maila od kogoś posługującego się adresem khs-crew@live.com. Dziewiętnastego sierpnia autor, który przedstawiał się jako "Albański Haker", narzekał, że sklep skasował na swoich serwerach wirusa, którego używał w celu uzyskania nielegalnego dostępu.

"Cześć Administratorze", zaczynał się mail. "To już trzeci raz, kiedy wymazujesz moje pliki i marnujesz moją hakerską pracę na tym serwerze! Już cię ostrzegałem, że jeżeli zrobisz to jeszcze raz, to opublikuję dane każdego klienta na tym serwerze! Nie chcę tego robić, ponieważ nic na tym nie wygram. Dlaczego więc próbujesz utrudnić mi dostęp do serwera haha?".

Administrator systemu odpisał następnego dnia: "Proszę, nie atakuj naszych serwerów". Wtedy haker zażądał zapłacenia dwóch Bitcoinów – wartych wówczas około 500 dolarów – w zamian za zostawienie serwerów w spokoju, a przede wszystkim za wytłumaczenie, jak się do nich dostał.

Kiedy sklep zawiadomił władze o wymianie maili, FBI było w stanie namierzyć internetowy adres w Malezji, z którego wysłano wiadomość. Układanka zaczęła się wypełniać i wyłonił się z niej obraz głównego podejrzanego: Ardita Feriziego.

Ten etniczny Albańczyk pochodził z Kjakova, regionu Kosowa boleśnie doświadczonego przez wojnę w 1999 roku. Jako nastolatek Ferizi stworzył grupę pod nazwą Kosova Hacker's Security (KHS), promuzułmański, etnicznie albański kolektyw, który atakował firmy w rodzaju IBM czy Hotmail oraz organizacje w rodzaju National Weather Service.

Na początku 2015 roku, tuż po ukończeniu dwudziestego roku życia, Ferizi wyjechał do Malezji na wizie studenckiej, zarówno po to, by studiować informatykę na Limkokwing University, ale, jak się później okazało, także dlatego, że szerokopasmowa sieć w tym kraju oferowała lepsze możliwości przeprowadzania cyber-ataków.

Ferizi używając swojego konta na Twitterze, @Th3Dir3ctorY, w kwietniu zgłosił się na ochotnika do ISIS do pomocy przy serwerach organizacji. Komunikował się również bezpośrednio z innym twitterowym kontem, @Muslim_Sniper_D, które należało do Tariqa Hamayuna, 37-letniego mechanika samochodowego, który walczył w szeregach ISIS w Syrii i przyjął imię Abu Muslim al-Britani.

W jednej z konwersacji Hamayun powiedział Feriziemu, że Hussain "mówił mi wiele o tobie", co wskazywało, że malezyjski haker kontaktował się już wcześniej z brytyjskim rekruterem ISIS. Hamayun zachęcał Feriziego: "Bracie, proszę, chodź do nas i dołącz do Państwa Islamskiego".

Później, 13 czerwca, Ferizi włamał się do serwera internetowego sklepu w Phoenix w Arizonie, kradnąc informacje o kartach kredytowych ponad 100 tys. klientów. Przeanalizował te dane, by zidentyfikować ludzi, którzy w swoich adresach mailowych używali rozszerzenia .gov lub .mil.

Ostatecznie zebrał listę 1351 pracowników wojska lub rządu i przekazał te informacje ISIS. To stało się podstawą do stworzenia "listy śmierci", którą Hussain opublikował w sierpniu na Tweeterze wraz z ostrzeżeniem, że "jesteśmy w waszych mailach i systemach komputerowych".

To, co zaczęło się jako próba kryminalnego wymuszenia, skończyło się mrożącą krew w żyłach terrorystyczną groźbą i śmiertelnie niebezpiecznym spiskiem.

Kiedy śledczy zajęli się działaniami Feriziego i jego związkami z Hussainem, zorientowałem się, że to jest sprawa dla nas. Pod pewnymi względami stanowiła kulminację lat pracy nad zmianą sposobu, w jaki w Departamencie Sprawiedliwości iw rządzie podchodziliśmy do zagrożeń dla cyber-bezpieczeństwa.

Poświęciliśmy lata na uświadamianie wagi tych zagrożeń, szkolenie prokuratorów i agentów oraz stoczenie dziesiątków małych, zakulisowych bitew, by rozwiać nieco atmosferę tajności otaczającą tak wiele działań Ameryki w cyberprzestrzeni. Przekonaliśmy Biały Dom, Narodową Radę Bezpieczeństwa i inne agencje wywiadowcze, że cyber-bezpieczeństwo musi wyjść z cienia – że musimy używać tradycyjnych narzędzi systemu prawnego, by ścigać i nagłaśniać cyber-zagrożenia w ten sam sposób, w jaki zwalczamy tradycyjne zagrożenia terrorystyczne.

Teraz mieliśmy sprawę, która była jednym i drugim.

We wrześniu malezyjska policja zamknęła Feriziego, znajdując przy nim laptopy Dell Latitude i MSI, których używał do hakowania serwerów. Ogłaszając zarzuty, powiedziałem: "Ta sprawa to pierwszy przypadek, kiedy widzimy bardzo realne i niebezpieczne zagrożenie dla bezpieczeństwa narodowego płynące prosto z sieci, które jest efektem połączenia terroryzmu i hakerstwa. To dzwonek alarmowy nie tylko dla tych z nas, którzy pracują w organach ścigania, ale również dla sektora prywatnego".

To był komunikat, który w kolejnych latach przyszło mi wielokrotnie powtarzać firmom i organizacjom:

MUSICIE INFORMOWAĆ, KIEDY WASZE SIECI ZOSTANĄ ZAATAKOWANE, PONIEWAŻ NIGDY NIE WIECIE, JAK TAKIE WTARGNIĘCIE, JAKKOLWIEK NIE WYDAWAŁOBY SIĘ MAŁE, MOŻE WPŁYNĄĆ NA JAKIEŚ WIĘKSZE ŚLEDZTWO. TO, CO DLA WAS MOŻE WYDAWAĆ SIĘ DROBNĄ NIEDOGODNOŚCIĄ, W SZERSZYM KONTEKŚCIE MOŻE STANOWIĆ ZAGROŻENIE TERRORYSTYCZNE, DZIAŁALNOŚĆ GLOBALNEGO SYNDYKATU PRZESTĘPCZEGO LUB WYRAFINOWANY ATAK OBCEGO PAŃSTWA.

Koniec Junaida Hussaina

Podczas procesu Ferizi okazał się zagubionym młodym człowiekiem – tak jak wielu innych potencjalnych rekrutów ISIS, których poznaliśmy. Tłumaczył, że wiosną 2015 roku był wściekły na jednego z kosowskich dziennikarzy, który fałszywie oskarżył go o wstąpienie w szeregi Państwa Islamskiego. Zareagował dziwacznie, kradnąc dane osobowe ze sklepu internetowego w Phoenix i rzeczywiście przekazując je Państwu Islamskiemu. "Brałem dużo narkotyków i całe dnie spędzałem online", tłumaczył później.

Sędzi prowadzącej sprawę nie przekonał ten argument i skazała Feriziego na 20 lat więzienia. "Chcę w ten sposób wysłać komunikat", powiedziała sędzia okręgowa, Leonie M. Brinkema. "Komputer to nie zabawka".

Hussaina także dopadła sprawiedliwość. W Syrii znajdował się poza zasięgiem amerykańskich organów ścigania, przebywając na ziemi niczyjej. W ramach nowego podejścia do walki z terroryzmem, przyjętym po atakach 11 września, rząd zaczął stosować metodę nazywaną przez nas "wielonarzędziową", która obejmowała zarówno postępowania karne, jak i sankcje finansowe oraz bezpośrednie działania zbrojne.

Chodziło o to, by nikt na świecie nie mógł się czuć bezpieczny, jeżeli spróbuje zaatakować Stany Zjednoczone. Działania Hussaina zdecydowanie czyniły z niego bezpośrednie zagrożenie dla Ameryki, a ponieważ nie mogliśmy go sprowadzić w kajdankach, stał się priorytetowym celem dla wojska.

Na kilka tygodni przed aresztowaniem Feriziego, w nocy 24 sierpnia 2015 roku, Hussain był sam po wyjściu z kawiarni internetowej. Następnego dnia główne amerykańskie dowództwo potwierdziło publicznie, że siły zbrojne USA operujące z powietrza, odpaliły pojedynczą rakietę Hellfire, trafiając w jego samochód na stacji benzynowej w Raqqa w Syrii.

Wybuch zabił go na miejscu.

John P. Carlin był asystentem prokuratora generalnego w Wydziale Bezpieczeństwa Narodowego Departamentu Sprawiedliwości oraz szefem gabinetu i starszym doradcą byłego dyrektora FBI, Roberta Muellera. Obecnie przewodniczy Programowi Cyber-bezpieczeństwa i Technologii w Aspen Institute oraz odpowiada za globalny dział oceny ryzyka i zarządzania kryzysowego w firmie Morrison & Foerster. Zgodnie z polityką wobec byłych pracowników artykuł ten został przeanalizowany przez Departament Sprawiedliwości w celu sprawdzenia, czy nie zawiera informacji niejawnych.

Editing: Michał Broniatowski

(pm)