According to Australian media reports, Australian federal law enforcement officials are establishing fake jihadist web sites to track online jihadists. Australian Federal Police Commissioner Mick Keelty stated, “We have worked with some foreign countries through our undercover program, establishing our own websites, to capture some of the activities that are going on on the internet” (source).
Information security professionals have long relied on ‘honeypots’ to detect and identify the source of an unauthorized intrusion. Similarly, these fake jihadist web sites can be used to identify the source of jihadist propaganda and training material circulating the Internet.
Typically, a jihadist sympathizer or operative will upload propaganda or training material to a third-party file upload site like sendspace.com or fileflyer.com (Previous Report). The sympathizer or operative will then post the links to the propaganda or training material on a known jihadist web site. It is not uncommon for members of these sites to copy the links to other jihadist web sites and, in the case of attack video propaganda, to more main stream sites like youtube.com and liveleak.com (Previous Report).
The ‘Fake’ Jihadist Web Site
This modus operandi offers law enforcement officials a number of potential intelligence gathering opportunities. First, law enforcement officials can construct a fake jihadist web site. As demonstrated, jihadist web sites are typically used as a mechanism to distribute propaganda and training materials to the masses. Dedicated jihadist operatives recognize that public web sites are not secure but serve well for propaganda dissemination and indoctrination. Therefore, a successful ‘honeypot’ may aid law enforcement in tracking aspiring lone wolf jihadists with no formal connections to the core al-Qaeda movement and may also generate an overwhelming amount of false positives – i.e. curious jihadist web site visitors with no intention or capability of carrying out an attack.
The ‘Fake’ File Upload Site
It is unlikely that dedicated and trained operatives spend a great deal of time on public jihadist web site and instead conduct their online activities through more secure methods: dead drop email accounts or secure chat rooms (Previous Report and Previous Report). However, operatives do interact with the more public jihadist web sites in at least one crucial way. The knowledgeable and connected operative will typically upload propaganda and training materials to third-party file upload sites and post the links to the material to the popular jihadist web sites. Therefore, if law enforcement can developed a ‘honeypot’ file upload site, officers may be able to track operatives in cyberspace.
Key Loggers
Finally, law enforcement could infect jihadist propaganda with malware designed to monitor a suspected jihadist operative’s communications. Cyber criminals have mastered the ability to infect video files with key logger software used to steal personal information. Therefore, it is possible that law enforcement, with the proper legal guidance, could use the same techniques to monitor jihadist communications.