How Hizballah Hijacks the Internet

  • Share
  • Read Later
What do a small south Texas cable company, a suburban Virginia cable provider and Web-hosting servers in Delhi, Montreal, Brooklyn and New Jersey have in common? Since fighting broke out in Lebanon, they all have had their communications portals hijacked by Hizballah. Hackers from the militant Lebanese group are trolling the Internet for vulnerable sites to communicate with one another and to broadcast messages from Al-Manar television, which is banned in the U.S. In the cyberterrorism trade it is known as "whack-a-mole" — just like the old carnival game, Hizballah sites pop up, get whacked down and then pop up again somewhere else on the World Wide Web.

"As the Israelis tighten the noose on Hizballah in Lebanon, these communication nodes become critical," said Fred Burton, a former U.S. counterterrorism official and now vice president of Stratfor, a security consulting and forecasting company in Austin, Tex. In today's asymmetrical warfare, the Internet is vital to groups like Hizballah who use it to recruit, raise money, communicate and propagandize, Burton said, including transmissions from Hizballah leader Sheikh Hassan Nasrallah.

The recent hijacking of a South Texas cable operator is a case study in how Hizballah moves in. The Texas cable company has an agreement with a New York-based satellite communications aggregator, which moves feeds to a variety of customers from throughout the world, including Lebanon. A technician in New York made an "improper connection," according to an official with the cable company's communications provider who detailed the hijack for TIME. That opening was detected by Hizballah.

Al-Manar, widely considered a mouthpiece for Hizballah and categorized as a terrorist group by the U.S., linked to the small cable company's IP (Internet Protocol) address, which can be thought of, in simple terms, as a telephone number. Hizballah essentially added an extension on that telephone line allowing their traffic to flow. Hizballah then gets the word out through e-mail and blogs that it can be found at that IP address and the hijack is complete. If the hijack is not detected, the IP address can be linked to a new domain name and that opens up the site to anyone who might search online for Al-Manar content. Hizballah uses these Web sites to run recruitment videos and post bank account numbers where supporters can donate funds.

Hijackings are normally quickly discovered by the Society for Internet Research, an informal consortium of self-described "freelance counterterrorists" who sit in home offices and dens tracking jihadist activity on the Internet. In turn, they alert the media or simply call the hijacked company. Alerted to the south Texas hijack, the cable company's communications provider reported the incident to U.S. authorities and the IP address was shut down.

Perhaps, the most famous player of the "whack-a-mole" game is Aaron Weisburd, 42, a computer programmer who operates one of the Society's projects from his home office in southern Illinois. His Web site, Internet Haganah — the name is an homage to Israeli paramilitary fighters — tracks Hizballah and other groups as they wander the Web. Weisburd's hijack logs go back for several years and include the latest Hizballah hijacks since fighting began. "Notice to the jihadis in the audience," he writes on his site. "You can't hide."

Burton said shutting the sites down is a "double-edged sword." As a former U.S. counterterrorism official, he sees the value of keeping the sites up so intelligence services can collect "forensic" evidence. "It's important to see what they are saying," he says, noting that Hizballah has resource bases in Indonesia and the tri-border area (Brazil, Argentina, Paraguay) of South America. Given Hizballah's links to Iran, which offers its operatives diplomatic cover around the world, according to Burton, monitoring Hizballah's Internet presence is vital as part of the "cat and mouse" game with Western intelligence. But shutting them down also limits their fundraising, recruiting and propaganda efforts, Burton said.

In March, the whack-a-mole players gained a new weapon in their fight when the U.S. Treasury announced that any U.S. company found to be doing business with Al-Manar will be subject to sanctions and possible prosecution. The new rules mean that freelance counterterrorists can remind slow-moving, reluctant or even compliant Web hosters that they face financial sanctions if they do not act to shut down Al-Manar. The south Texas cable company's communications provider was quick to alert U.S. authorities and the portal closed, but Hizballah was just as quick to play the whack-a-mole game and a new site sprang up from an Indian Web-hosting company within hours. Said Burton: "As long as the war drags on, these communication portals will be critical as Hizballah tries to get its global message out across the world."