Glass etching hobbyist and webmaster son shocked to find that Islamic extremists had intruded on their website.
Michael Levenson / The Boston Globe
A plumber who loves glass etching, Andrew Roberge had crafts to sell. His son, Mike, knew Web design. Carriage House Glass is the marriage of their talents, an online catalog of sandblasted vases and goblets that “caters to those who love beautiful and unique gifts,” the site proclaims.
But the website, which they started four years ago, offered more than just beautiful baubles, specialists in terrorism say. The site contained hidden files filled with the radical writings of a top aide to Osama bin Laden, including “The International Islamic Resistance Call,” Abu Musab al-Suri’s 1,600-page manifesto advocating jihad.
The website was hacked a year ago by followers of Suri, a Syrian-born Al Qaeda leader, who turned the Roberge’s labor of love into an online reading room for aspiring mujahadeen, the specialists said. The revelation came as a shock to the Roberges, who said they had no idea that Islamic extremists had intruded on their website.
“We got hacked! Unbelievable!” exclaimed Mike Roberge, when told last week of the hidden content on his site.
His startled father added, “Believe me, I wouldn’t let this [expletive] get on my site. I don’t need that. I don’t need none of that. I’m a firm believer in minding my own business.”
The father and son from Lawrence, Mass., vowed to delete the postings and replace them with images of eagles and American flags, “something wicked patriotic,” Mike Roberge said.
A link to the hidden files on the website was circulated on bulletin boards frequented by Muslim extremists for a year, said Jarret Brachman, director of research at the Combating Terrorism Center at the US Military Academy in West Point, N.Y.
Regular visitors to www.carriagehouseglass.com could never see the hidden material, specialists said. Only visitors who knew the address of the pages inside could access the cache of downloadable Arabic writings, and see the flash animation featuring the Kaaba, the black stone cube that Muslims face when they pray in Mecca.
Brachman and other researchers had been aware of the files, but said the intrusion onto the site was not unusual in the burgeoning world of online Islamic extremism.
“This is a very tangential, very peripheral site that only those who are actively following this sort of literature would be accessing,” Brachman said.
“It doesn’t cause me alarm: these guys are pests in terms of this stuff,” he said. “This is standard procedure for these guys to post this kind of material.”
FBI spokeswoman Gail A. Marcinkiewicz declined to comment on whether the agency knew of the website or was monitoring it. She said the FBI would investigate a website only if it directly advocated violence. Specialists said Suri’s writings advocate violence, but Marcinkiewicz said, “unless …. there’s something very urgent in that paper, it’s not that we wouldn’t take a look at it, it’s just that we have to prioritize. There’s no quick and easy answer here.”
“Without knowing what it’s saying, it may go the bottom of the pile of all the 101 things we have to do over here,” she added.
Piggybacking on Carriage House Glass, which is password-protected, allowed extremists to avoid using a credit card or other traceable data needed to start a new website, said Rita Katz, director of the Search for International Terrorist Entities in New York.
“Of course, it’s a disturbing phenomenon, but we know that Al Qaeda and the jihadist online community is quite sophisticated, and they use our own techniques against us,” Katz said. “It’s disturbing because it could happen to anyone.”
As more terrorist training grounds shut down globally, more extremists are going online, said Steven R. Corman, an Arizona State University professor who has studied the shift.
Im a networking student and all round super-geek, so I know just whats happened here. It happens all the time actually – I could run a scanner and break into a site myself easily, if I didn’t care what I broke into. But usually its a technique of copyright infringers searching for free bandwidth – this is the first time Ive seen it used by terrorist propagandaists.
Breaking in is easy, but doing so in a way that wouldn’t tip off the FBI or CIA when it was inevitably discovered… need someone who can at least disable logging for that. And if I was really good, I would look for an apache server so I could make a few changes to the source and upload a new copy – one that didn’t log anything at all concerning the concealed files, and actually aliased a hidden directory on the site into one burried in a very obscure part of the filesystem where its unlikely to ever be found. Unless they have a very good techie, they wouldn’t be able to do that. Probably just ran a quick password dictionary attack on the FTP used to upload new pages.
Which means lots of logfiles for the appropriate inteligence agencies to view, containing the IP address and time viewed for everyone who has looked at the material. I wonder what they will do with it.
Suricou Raven just a gut feeling I have that the FBI etc. don’t want to say what they are doing about it. But I could be wrong.Their reply in the story is one of not getting that involved unless violence but maybe they are watching the ips or addresses on a list they might have or something.
Thanks for commenting on this Suricou Raven. It made me think that the days of James Bond types has moved much more into the world of the internet then in person as a one on one kind of thing.
Its not as glamorous as it sounds 🙂 Terrorists are not the most technologically skilled of people. Though they are active online, its only for propaganda purposes – ive never heard of any terrorist-motivated hacking except for website defacements and concealing propaganda. Those are crimes of opportunity. Encryption is actually a very rare thing to encounter in an investigation, and stenography is completly ineffective in a real situation.
In general, terrorist hacking is on around the skill level of any knowledgeable 16-year-old. The nightmares of terrorists remote shutting down power grids, flooding dam vallys and such are pure fiction.
Well, they could shut down large areas of power grid… but with explosives on pylons, not computers.