It's latest tweets, posted yesterday on @hsmpress, include photos and descriptions of two Kenyan government officials they've kidnapped, Fredrick Irungu Wainaina and Mule Edward.

The terrorist organization, known in full as Harakat Al-Shabaab Al Mujahideen, had been accused of kidnapping tourists from coastal Mombasa and other locations in the lead-up to the October invasion. One of the tourists, a French national, died.

Al-Shabaab has been using Twitter since early December.

Kenya-based TechMtaa commented:

"The account seems to be run by someone who is taking lots of caution on how he/she logs in. The language looks so American stoking the fear that some US Islamic extremists are aiding the organisation in its terror activities. The account is mostly active at night and the user does not posts for a long time before abruptly logging off."

The New York Times reported that the U.S. government was considering an attempt to shut the organization's Twitter down. That has not happened. Whether holding off is a function of the ease with which a new account could be started, legal issues with a shut-down or because the account is a source of intelligence is unclear. I think the latter might be most likely.

While there is no denying that Facebook, Twitter and other social networks help spread critical information when emergencies strike, they can still be problematic and ineffective when compared to other forms of communication. Even the Bangkok terror alert was met with initial skepticism, and while the embassy has close to 40,000 Twitter followers, many of those were not in the area of the threat.

The main road block to studying how effective Twitter is in spreading messages is that Twitter's Search API is so small that researchers would have to be researching an event as it's happening. "That would mean that we a) knew about it beforehand, and b) could predict the keywords and topics people were going to talk about," Davis said.

In yesterday's incident, the U.S. Embassy used Twitter, Facebook, email, and SMS to direct people to its Web site, where a more detailed description of the threat and an advisory on precautions people should take was posted. The problem with the social media messages -- particularly those sent on Twitter -- was that many recipients questioned the authenticity. That forced US Ambassador Kristie Kenney onto her own Twitter account to assure people the threat was real, and that was time that presumably could have been better spent addressing other aspects of the embassy's response.

None of this diminishes the potential of social networking as a public safety tool. Davis estimates news could be spread around the worlds within minutes via social media. What public safety officials have to figure out is how to make sure recipients can quickly determine the validity of an alert, how they can encourage recipients to pass along critical information, and how to convey all of the important details in a tweet.

"The U.S. Embassy was able to reach nearly 40,000 people immediately with this one Tweet," said J.D. Ross of Syracuse University's School of Information Studies. "In addition, if an attack or incident were to occur, the Embassy's Twitter account would be seen as a trusted source of information, and the Embassy would have the ability to pull or aggregate information from other social channels that could be valuable during an emergency or crisis period."

Noah Reiter, a former assistant city manager in the city of Sandy Springs, Ga., who now works for Smart911, a technology company focusing on improving responses by emergency personnel, notes that many agencies are now monitoring social media, and they need to be aware that even if they don't actively use it, news they disseminate will eventually find its way onto Facebook and Twitter.

"While most emergency notification systems are opt-in, if a governmental agency has a strong and active social media presence, their followers will help spread the message and do it considerably faster than through other communications platforms," Reiter said. "One last benefit of social media - it's free. If I'm not mistaken, reports indicate that most relied on social media during" last month's shooting of a police officer at Virginia Tech University.

"(Such an attack is) a breach of sovereignty comparable to a terrorist operation and must be treated as such," Deputy Foreign Minister Danny Ayalon said in a speech quoted by BBC . "Israel has active capabilities for striking at those who are trying to harm it, and no agency or hacker will be immune from retaliatory action."

Reuters quoted Hamas spokesman Sami Abu Zuhri as calling the hack "a new form of resistance" and encouraged "Arab youth to ignore these cowardly Israeli threats and to use all means available in the virtual space to confront Israeli crimes."

The Arab news network Al Arabiyya has reported that Saudi banks are tightening their security against an anticipated attack by Israeli hackers.

"The security systems departments in several Saudi banks embarked on an extensive campaign on Saturday to increase security on their transactions and guarantee wider monitoring of their websites."

If retaliation comes, whether it will be prosecuted by Israeli government technicians or by independent, or semi-independent, hackers is hard to say. Over the last several years, responsibility for country-to-country cyber-attacks has been hard to track, with some orchestrated by governments directly and others being amateur efforts.

Ayelet Noff, founder of Israeli PR firm Blonde 2.0, whose father was a member of parliament in the Knesset, told ReadWriteWeb she doesn't believe any attack will be conducted directly by the government.

"Israel as a country will not retaliate," she said, "however, it is more than likely that Israeli hackers will retaliate in the cyber space."

Although the hacker claimed to have compromised 400,000 online identities by hacking a sports website, Naked Security said the credit card companies claim the figure is closer to 6,000. Only a couple of hundred dollars was charged on the hacked cards before they were cancelled.

Israeli communications base photo by Adam Jones

In a letter sent to Twitter last week, Nitsana Darshan-Leitner, director of the Shurat HaDin Israel Law Center, threatened legal action and said Twitter and its officers could also face criminal charges if the accounts in question are not taken down.

Matt Graves, a spokesperson for Twitter, declined comment.

"Your provision of social media and associated services to Hezbollah and other foreign terrorist organizations would constitute the type of seemingly innocuous material support that would render your company and you personally criminally and civilly liable," Darshan-Leitner wrote.

The case seems weak at best. The Supreme Court has not directly addressed whether speech supportive of a designated terrorist group is unlawful. But Aden Fine, an attorney for the American Civil Liberties Union, told CNN "the government can't force private companies to censor lawful speech just because the government doesn't like the speech or the people making the speech."

And Joe Sellers, a First Amendment lawyer at Cohen Milstein Sellers & Toll in Washington, told the Washington Post that Twitter can be compared to a newspaper that provides advertising space: the company is, Sellers said, "providing a public forum" that is "content-neutral."

"I don't see how Twitter's provision of a forum would constitute providing aid and support of a terrorist group," Seller says.

As reported last month, the U.S. government has also put pressure on Twitter to shut down the account used by the Shabab militant group of Somalia. The group has been using its Twitter account to taunt the Kenyan military, which was dispatched to Somalia in October to combat the Shabab.

Noted for its brutality, the Islamic group is considered a terrorist organization by the U.S. The group has been using its Twitter account to taunt the Kenyan military, which was dispatched to Somalia in October to combat the Shabab.

Any such move to pressure Twitter to close the account, however, would pit free speech concerns against anti-terrorism efforts. "I was kind of shocked by the statement that story was making - I honestly thought it was a joke when I first saw it," said Joshua King, general counsel at Avvo.com. "There's really no legal authority they can use in this instance."

A Twitter spokesperson declined comment to the newspaper. The company's Web site does not specifically address law enforcement and government requests to shut down user accounts, but the law enforcement policy section on its help site does say it will only turn over private user information if subpoenaed.

American officials told the newspaper that they fear the group is using its Twitter account - which is mostly written in English - to reach recruits in the West. The officials said they were exploring legal options for closing down the account out of fear that Americans would travel to Somali to train with the Shabad then return to the U.S. to commit acts of domestic terrorism.

The U.S. government "can certainly put pressure on companies like Twitter to do what they want, as we saw with WikiLeaks," King said. "But Twitter has generally shown themselves to be a staunch defender of the First Amendment, so I doubt they'd be pressured in this case."

The account was opened earlier this month and already has more than 5,000 followers. Many of the Tweets boast of military victories in ongoing skirmishes with the Kenyan army.

It's not much of a stretch to see the messages are being targeted at outsiders, given how few Somali's have access to the Internet. The Shabab operate in an area where many people live in poverty, and they have banned Western practices, including Western haircuts, music and bras. The group has blocked Western famine aid as well, and is perhaps best known for chopping off the hands of dissidents.

While some Twitter posters likened it to Tokyo Rose and wondered how the famed voice of Japanese propaganda during World War IOI would have fared in the age of Twitter, there are stark differences. Most notably, Tokyo Rose broadcast on Japanese airwaves; in the case of the Shabad, the group is using a means of communication owned and operated by a U.S.-based company.

The Taliban have usually been described, rather euphemistically, as "medieval" in outlook and they have not had a public relationship to communications technology, unlike the late Bin Laden. However, the group has been tweeting since December 19 of last year. In that time, they have posted 773 tweets. They have 2,970 followers but only follow 12. So not exactly a robust back-and-forth there.

The overwhelming majority of the tweets are in Pashto, the Iranian language spoken in southern Afghanistan and northwestern Pakistan. However, they started posting in English on May 11, less than two weeks after their former guest was killed by U.S. forces. The English tweets have been concerned with announcing alleged killings of the Taliban's "enemies."

"8 local minions killed, 7 wounded in Kunduz province," "US invaders spy plane shot down in Wardag," "Fifth US tank obliterated in Nawzad" and so forth.

The feeds @alemarahweb follows include @afghanheroesuk, a charity to help British troops in Afghanistan and @afghantim, a U.S. Army logistics officer. No doubt both follows are in the hopes of tracking movements of supplies and troops.

Other sources: Guardian, The Envoy.

Federally funded through the National Science Foundation, the Dark Web's spiders have been crawling through the web for the past five years. As of 2007, they estimated there were about 50,000 sites of extremist/terrorist content when they looked beyond just traditional web pages. This number was a great increase from Dr. Gabriel Weimann of the University of Haifa's estimate that there were only 5000 terrorist web sites in 2006. From 2006-2007, the lab found the greatest increase in terrorist activities was on various new "web 2.0" sites, (a term they use to describe any new-generation web site including video sites, blogs, virtual worlds, etc.)

Currently, the Dark Web collection consists of the complete contents of only 1000 web sites in Arabic, Spanish, and English and the partial contents of 10,000 other sites. This collection is 2 TBs in size making it the largest open-source extremist/terrorist collection in the academic world. Researchers who would like to use this data in their own studies can contact the research center for access.

Where the Bad Guys Are

So far, the Dark Web has determined the following:

• Forums: 300 terrorist forums found, some with more than 30,000 members; nearly 1,000,000 messages posted.
• Blogs, social networking sites, and virtual worlds: Many transient sites have been identified before they disappear; more than 30 (self-proclaimed) terrorist or extremist groups in virtual world sites, though they have yet been unable to determine who is just "playing terrorist" vs who is for real.
• Videos and multimedia content: 1,000,000 images and 15,000 videos from web sites and specialty multimedia file-hosting third-party servers; more than 50% of of videos are related to Improvised Explosive Devices.

Second Life Griefers - A "Terrorist Attack?"

How They Find the Data

The Dark Web project uses various tools for collection, analysis, and visualization:

• Web site spidering: Their focused spiders can access password-protected sites and perform randomized (human-like) fetching. The spiders are trained to fetch all html, pdf, and word files, links, PHP, CGI, and ASP files, images, audios, and videos in a web site. Selected web sites are spidered every 2 to 3 months.
• Forum spidering: The specialized forum spidering tool recognizes 15+ forum hosting software types and their formats. The spiders collect the following info from the forums: authors, headings, postings, threads, time-tags, etc., all of which allow them to re-construct participant interactions. They have collected and processed forum contents in Arabic, English, Spanish, French, and Chinese using selected computational linguistics techniques.
• Multimedia (image, audio, & video) spidering: They use specialized techniques for spidering and collecting multimedia files and attachments from web sites and forums and perform stenography research to identify encrypted images in the collection and multimedia analysis (video segmentation, image recognition, voice/speech recognition) to identify unique terrorist-generated video contents and styles.
• Social network analysis (SNA): They use topological metrics (betweeness, degree, etc.) and properties (preferential attachment, growth, etc.) to model terrorist and terrorist site interactions. Techniques involving clustering and projection are used to visualize the data. The focus here is on "Dark Networks" and their unique properties.
• Content analysis: Several coding schemes have been created to analyze the contents of terrorist and extremist web sites including content involving recruiting, training, sharing ideology, communication, propaganda, etc.
• Web metrics analysis: They examine technical features and capabilities (e.g., their ability to use forms, tables, CGI programs, multimedia files, etc.) of such sites to determine their level of “web-savvy-ness.”
• Sentiment and affect analysis: Sentiment (polarity: positive/negative) and affect (emotion: violence, racism, anger, etc.) analysis allows them to identify radical and violent sites that warrant further study. They also examine how radical ideas become “infectious” based on their contents, and senders and their interactions. Recent advances in Opinion Mining – analyzing opinions in short web-based texts - has aided their work.
• Authorship analysis and Writeprint: They have developed a technique called (cyber) Writeprint to uniquely identify anonymous senders based on the signatures associated with their forum messages. They have expanded the lexical and syntactic features of traditional authorship analysis to include system (e.g., font size, color, web links) and semantic (e.g., violence. racism) features of relevance to online texts. Inkblob and Writeprint visualizations to help visually identify web signatures. Writeprint can achieve an accuracy level of 95%.
• Video analysis: A unique coding scheme has been created to analyze terrorist-generated videos based on the contents, production characteristics, and meta data associated with the videos. A semi-automated tool allows human analysts to quickly and accurately analyze and code these videos.
• IEDs in Dark Web analysis: A smaller number of sites are responsible for distributing a large percentage of IED related web pages, forum postings, training materials, explosive videos, etc. They have developed unique signatures for those IED sites based on their contents, linkages, and multimedia file characteristics
.

Image Credit: Yale.edu

Privacy Concerns

The researchers want you to know that you're not a target of their research (unless you are, of course, a terrorist).

From their web site, they state the following: "This is not a secretive government project conducted by spooks. We perform scientific, longitudinal hypothesis-guided terrorism research like other terrorism researchers...our contents are open source in nature (similar to Google’s contents) and our major research targets are international, Jihadist groups, not regular citizens...our research goal is to study and understand the international extremism and terrorism phenomena. Some people may refer to this as understanding the root cause of terrorism."