According to Lance Cottrell, founder and chief scientist at Anonymizer, criminal and terrorist organizations are relying on ?cloaking? technologies to block or mislead intelligence analyst and law enforcement officials. Cloaking was developed as a search engine optimization technique in which the content presented to the search engine spider is different from that presented to the users’ browser. This is achieved by delivering content based on the IP addresses of the originating request. Therefore, should a site detect a request for an IP address that the criminal or terrorist web site operator has identified as an intelligence or law enforcement official, the request would either be blocked or innocuous non-incriminating content would be returned.
While the use of ?cloaking? technologies by criminals and terrorist are entirely possible, this analyst has not seen ?cloaking? tools or techniques employed by al-Qaeda -affiliated web site operators. It should not come as a surprise that al-Qaeda?s web site operators do not appear to use ?cloaking? technology because ?cloaking? known al-Qaeda sites would not serve the organization’s overall goal in cyberspace. Al-Qaeda?s web sites are designed to distribute both ideological propaganda and training materials as far and wide as possible. For example, a recent innovation by al-Qaeda-affiliated web site operators has been the launch of multilingual sites, including in English. Clearly, the launch of English and other non-Arabic language sites seems to further al-Qaeda?s strategy of distributing propaganda and training materials to potential recruits. Conversely, the use of ?cloaking? technology may serve to hide al-Qaeda?s propaganda and training materials from these same potential recruits. Therefore, it appears that the use of ?cloaking? technology would not be in al Qaeda?s interest.
However, there is ample evidence indicating that al-Qaeda makes heavy use of IP spoofing and anonymous web surfing technology. Individual al-Qaeda operatives and sympathizers are very interested in protecting their on-line identities for fear that western law enforcement and intelligence officials might pinpoint their geographic location?and worse, their identities?through an analysis of their surfing habits. As stated in previous TRC analyses (Terror Web Watch), al-Qaeda operatives have generated lists of open proxy servers for use by operatives and sympathizers intent on protecting their on-line identities. A proxy server acts as an intermediary between the originating Internet connection, ie the al-Qaeda operative or supporter, and the destination website. In some cases, the proxy server will strip away the IP address of the originating Internet connection, thereby obscuring the identity of the al-Qaeda operative or supporter.
Additionally, other postings on al-Qaeda-affiliated web sites reveal an interest in Tor, an onion routing software package that protects Internet users privacy by obscuring the users true IP address (Terror Web Watch). According to Tor?s website, ?Tor aims to defend against traffic analysis, a form of network surveillance that threatens personal anonymity and privacy, confidential business activities and relationships, and state security.?
Therefore, it appears that al-Qaeda operatives and supporters are less interested in hiding the content of their websites through ?cloaking? and more interested in protecting their on-line identities through the use of open proxy servers and sophisticated anonymous web surfing technology.