Introduction

At the end of September, 2001, Ronald Dick, Assistant Director of the FBI and Head of the NIPC (National Infrastructure Protection of the United States Centre), declare to the Press that the 11th September attackers used Internet and “had used it well”.
Since the 11th of September, terrorists have evidently improved their Internet expertise and have increased their presence on the Web.
Today, terrorists of different ideological backgrounds – Islamic, Marxist, nationalist, separatists, and racists – have learned the lesson on how to utilize Internet to its maximum effect. The great qualities of Internet – facility of access; lack of a set of regulations; ample public potential; a great flow of information – make it an excellent working instrument for the groups which utilize terrorism to reach their goals.


Internet and the terrorists

It is, therefore, evident that in this global battle against terrorism we must, in the first place, better understand how the terrorists use the Internet and improve our ability to monitor the activities. For years, journalists, scholars and also security agencies have concentrated excessively on the threat of cyber-terrorism (or rather, how the terrorists could attack our informatics networks) devoting little attention to how the terrorists utilize the informatics network for their everyday activities, and to identify weak points that can be exploited for defence and counter-attack.
These uses are many and, from the terrorists’ point of view, of incalculable value. Therefore, it is imperative that the Intelligence and Security Agencies improve their capabilities in studying and monitoring terrorist activities on the Internet and exploring how to do battle on this new field, so that, ultimately, real and effective Internet Centres can be realized, where the best technical and investigative competence is gathered to face this new battle.
In the second place, we must keep very well in mind the qualities and values which merit the defence of our Society and which we cannot endanger in the daily fight against terrorism. Internet embodies the democratic values of free speech and liberty, as never before, in the open communication of ideas.
Unfortunately, this liberty is profusely used by those groups which, paradoxically, combat the liberty of ideas and speech. But if, fearful of further terrorist attacks, we should limit our own liberty of using instruments such as Internet, then we should give a victory to the terrorists and inflict a hard blow on democracy. We must not forget that the fear of terrorism in certain countries, in the past, has been manipulated to approve legislation which has weakened individual rights and liberty.
We also know that the use of advanced techniques for monitoring, research and analysing of the communications brings other risks and dangers.
Although these technologies can be extremely useful in the fight against terrorism and technologically evolved terrorists, they can also be useful to Governments, especially to the authoritarian ones, and to their Agencies subjected to scarce public control, which can violate the civil liberties within the Country and in countries abroad where they operate.
It is easy to understand that the long-term implications of this behaviour could be extremely deep and damaging to the democracies and their values, adding a high price in terms of minor civil liberties to the already heavy cost that terrorism has made us pay.


The scenario of the Net-war:
open Intelligence, virtual communities, terrorism

After the shock of the 11th September, the world of the Intelligence changed, realizing the need for a different Intelligence: diffused; not concentrated; open to numerous sources; willing to share its own analyses with a variety of partners, without holding on too tightly to its own secrets; open to a strong utilization of new technologies of information to take advantage of the information explosion {often contradictory and the volume of which doubles every 24 hours and costs halve every 18 (Lisse, 1998)}; open to the contributions of the best experts available, also outside of the business or governmental world (Treverton, 2001). For example: through a public-private partnership (PPP or P3: a system in which a private or governmental service is financed through a partnership between Government and one or two firms of the private sector).
The new terrorists are typically organized in small units spread throughout the world and coordinate their activities on line, compensating in this way, for their necessity of a central command. Al Qaeda and similar groups use the Internet to contact possible recruits and financers; influence public opinion; train aspiring terrorists; share knowledge and organize attacks (Weimann, 2004).
This phenomenon has been called Net-war: a form of conflict carried on through the utilization of network organizations and relative doctrines, strategies and technologies (Ronfeldt, 1996).
Such groups utilize Internet in the same manner as the normal political organizations do.
This approach reflects the change of paradigm that has come about in the society and economy – by now, almost globally – from a social architecture centred on the organization (that is, with community and social activities organized around large companies and organizations) to a social architecture centred on the individual (with a larger choice and availability of opportunities focused on the will and desires of the individual).
A “social architecture” that has put the Nation-State in crisis – legitimized by its capacity to oppose the violent threats coming from other States, favouring instead the Market-State, legitimized by its capacity to maximize the opportunities of its own citizens (Bobbitt, 2002) – no longer able to guarantee the security and the authority of which is more concentrated, but weaker, given that a part of it has been ceded to other subjects, private and sub-State, including clandestine terrorist and private groups.
A “social architecture” based more on the home than on the factory; on the local community rather than on the national, and centred on the virtual community rather than on the real one: the paradigm is that of the neo-renaissance (Di Gennaro, 2001). This new life-style is practiced by a growing labour force made up of “free-lance professionals” (among whom, for example, the terrorists), connected in a digital way, able to operate from any place and to be hired anywhere on the globe (Goldfinger, 1998).
Due to this growth of the virtual community, a strong interest has also developed for the capacity of automatic analysis of the communications exchanged within this community, analysis directed to the activities of creating profiles of their authors to extract the personal characteristics (Fabris, 2003; Zanasis, 2003, useful also in the investigative activities.
Therefore, in order to combat the Net-war terrorists, the Intelligence must learn how to monitor the terrorist activities, also on line, in the same way it tails terrorists in the real world. To do this requires a re-alignment of the Intelligence forces and the Western Police – which seem far behind the terrorist organizations in adopting the information technologies – and, at least, as far as the NSA and the FBI are concerned, the up-dating of their computers to better co-ordinate their Intelligence information (Mueller, 2006). The Internet structure allows criminal activities to grow and to those who perpetrate them to remain anonymous.
Given that it appears almost impossible to identify and deactivate every terrorist forum present on the web, for reasons of the connected legal and technical problems [there are about 4,500 web sites that distribute the Al Qaeda messages (Riedel, 2007), it would make more sense to leave those sites on line and observe them very carefully. Such sites offer the governmental Intelligence a precious insight into the ideology and motivations of the terrorists.
To decipher these sites requires not only the technological capacity, but also the ability to read exotic languages like Arabic and to understand the cultural background of the terrorists – a capacity which the Western counter-terrorism Agencies, at the present time, are lacking (Kohlmann, 2006).

The ability to utilize Internet has enabled the terrorist networks to extend their capacity of action beyond national frontiers allowing them to diffuse their message to a much vaster public.
The new field of battle is the “cyberspace” and the war has become a war of ideas. Our adversaries control this battlefield better than we do, having prepared a “course of action” which permits them to strengthen and expand their efforts.
The Internet chat rooms are now replacing the mosques, the community centres and the bars as places of enrolment and radicalization by terrorist groups such as Al Qaeda. And the candidates for enrolment are, as in all modern organizations, also informatics experts.

Al Qaeda hiring. In a video message, Abu Al Yazid, an Egyptian ideologist, who has assumed a prominent role in the Bin Laden movement, has launched an appeal for enrolment. The leader has underlined that Al Qaeda needs volunteer “computer experts” who can help the organization in their propaganda work.
(http://www. corriere.it:80/esteri/08- "Corriere della Sera" 8 marzo 2008)
The chat rooms of the two-way dialogue in real time have become a place where extremist ideas can be shared, strengthened, re-affirmed and diffused in an exponential manner.
The utilization of the computer communication has rendered the terrorist operative activities cheaper, faster and secure.

Radicalization is defined as “the process of the adoption of a system of extremist beliefs, including the decision of using, supporting and facilitating violence as a method of changing the society”.
It is more exact to use the term “radicalization”, instead of “Islamic extremism”, insofar as “radicalization” is relative not only to Islam and is not even a new phenomenon.
We must underline that the West is not at war with Islam, and terrorism is not “Islamic”. In a recent survey made in the Moslem Countries, it was found that the great majority of their citizens (65% in Indonesia, 88% in Egypt) see violence against civilians as a violation of the Islamic principles. Furthermore, the extremists have appropriated the concept of jihad, using it – erroneously – to justify their violent actions. Therefore, in consequence, we shall use the term “jihad” between inverted commas.
From London to Madrid to Milan; in Holland, Indonesia, Morocco, America and further a field, the Governments have had to face the effects of radicalization.
In these effects some see glaring examples of the fact that terrorism has made the “national” dimension of terrorism grow, but this is not, according to me, a correct opinion. Internet has created a world without frontiers: a “global” reality. The participants in this terrorist phenomenon are, therefore, preferably included within a trans-national concept, rather than a purely national one.
In this trans-national insurrectional context, for example, the phenomenon represented by the Salaphite “jihadist” movement should be focalized. The principal example of which is Al Qaeda, but it also includes other groups that adhere to the same ideology.

Once, the terrorists used Internet principally to support their operations. Then the Web began to be utilized with another scope: to diffuse ideologies more rapidly, more widely and more efficiently than had ever been possible before.
The radicalization, if facilitated by the use of the computer, by the possible two-way discussion, face to face or through other means, it can create groups of sympathizers which can then swell the ranks of the terrorist movements and of those who plan and commit acts of violence.
The radicalization is the vital lymph of the Salaphite “jihadist” movements, extremist and globalized, to enrol new recruits for the existing groups or to create the right environment in which the new groups can grow and prosper.
The planning and preparation of the September 11th attacks were facilitated by the use of Internet. The operators employed in the attacks used it to communicate among themselves, to identify the best flying schools where they could prepare themselves and the best objectives to attack.
But their use of the Internet progresses, realizing always more shocking propagandist effects – for example, the beheading of Nicholas Berg and Daniel Pearl, circulated on line. The terrorist groups now have their own production centres in the media sector (for example, Al Qaeda works through As Sahab and the Global Islamic Media Front) and produces their own television programmes, web sites, chat lines, forums, on line, radio transmissions and so on.
Through these means of communication the terrorists diffuse the details of an imaginary “clash of civilizations” in which a monolithic West appears involved in a war of aggression against an Islam, also monolithic since the times of the crusades.
These uses of Internet, however effective they may be, are still fundamentally static – or rather, they always concern one-way communication directed to a global public.

The terrorists now make effective use of the many and new varieties of inter-active communications rendered possible by the evolutions of Internet (the so-called Web 2.0), which permits major inter-activity.
By its nature, Internet allows the formation of groups and relations which, otherwise, would not be possible, increasing and strengthening the possibility of social connection.
As a new means of social inter-action, it unites people – friends, family members, foreigners – with similar interests and values, strengthening their sense of belonging, affiliation and identity. The “killer application” of Internet lies not so much in its use as an instrument of ideological diffusion, as its use as a channel of communication which connects people in the cyberspace, people who can then meet and act in the physical world.
Internet facilitates radicalization because it is an instrument that has no equal where active or passive communication is concerned. The extremist global movement, “jihadist” Salaphite has been quick to realize this and, accordingly, has adopted a sophisticated mediatic position. In effect, Al Qaeda, as we

know it, Iis a force of ideological inspiration as well as being directly operative, and the movement spreads, thanks to the propagation of its ideology: propagation realized in many ways, from word of mouth to the use of technically advanced means such as Internet and its innovative developments, like the Web 2.0. Examples of the utilization of the Web by the terrorists - In the planning of the 11th September attacks, the Al Qaeda members sent thousands of messages through a section (protected by a password) of an extremist Islamic Web site. - Hamas received financing through the Holy Land Foundation for Relief and Development

Fig 3 - Clustering

site, based in the United States.
- A message can be prepared which, instead of being sent, is saved as a draft, so that whoever has access to that e-mail address can read it. This system makes interception more difficult.
- Training manuals can be put on legitimate Web sites – hidden within sub-directories - and unbeknown to the proprietor of such sites.


The challenge of terror, the help of
technology and the reaction of Europe

The challenges against citizens and their Governments come from both the “top” (international commerce, which erodes that which is often thought of as an aspect of the national sovereignty) and from the “bottom” (terrorism and organized crime seek to force the States to cede power to them or try to evade control) and they concern drug trafficking, organized crime, proliferation of conventional and non-conventional arms, terrorism and finance criminality (Adams, 1998).
All these challenges can be met and fought through the help of the technology of information which is used both in the prevention phase (Zanasi, 2001) and of protection (Steinberg, 2006).
Technology alone cannot guarantee security, but security cannot be guaranteed without the use of technology.
Aware of this new scenario, the Western Governments and Institutions have begun certain action intended to reinforce the use of technology against the new threats.
The European Union, in particular through the European Commission, stands out with regard to action in the field of research and technological innovation in the service of security.
In 2005, the European Commission constituted ESRAB-European Security Research Advisory Board, a committee of 50 security specialists, including public authorities (several European Ministries, EDA, NATO, BKA …), industries (Finmeccanica, Thales, TNO …), noted researchers and consultants with the objective of delineating the strategic lines of the technological developments and the financing to European research in matters of security, and of giving advisory consultation on such subjects.
One of the results of ESRAB is a Report (ESRAB, 2006), in which hundreds of technologies have been identified and listed in order of importance, indicating their areas of utilization.
In 2007, after having started various financing programmes directed to institutions and companies in the amount of several billion Euro, it constituted ESRIF-European Security Research and Innovation Forum, formed by 60 members representing public authorities, industries and specialists of the 27 EU Countries and of the 9 Countries associated to the EU, whose central objective is, beyond the continuation of the effort made in ESRAB, to develop innovative strategic partnerships between user and supplier (i.e. alliance between research, science, industry, operators of important infrastructure for the security, and responsible authorities of the security in the Member States and in the European Union).


Internet Centres: technological aspects

What has been previously written underlines the necessity that, since the cyberspace is the new battlefield, the Governmental Intelligence prepares itself by strengthening and gathering its expertise into real and functioning Internet Centres – “armoured corps” – of the new war.

The blogs have become one of the fastest growing types of communication among those based on the Web: the bloggers can express their opinions and sentiments with great liberty and facility. In this “blogosphere” many communities have emerged, among which those terrorist ones that try to disseminate their ideology and recruit new terrorists. It is important to be able to analyze these communities, definable on the basis of their members and links to other sites to monitor the activities which could result potentially dangerous for our security.
But these communities, these web sites are so numerous and rich in information which is updated everyday that an accurate manual monitoring would be impossible.
It is for this that technology comes to our aid with instruments of automatic Intelligence such as, for example, data mining (Zanasi, 1997).
We shall illustrate a Web mining scenario which addresses such problems.

Such scenario consists of four methods: crawling, text mining, analyses of the social networks, and visualization. In the crawling method the pages of interest on the Web are downloaded. These pages are then processed by the text mining method which extracts information such as names, places, sentiments and ties for subsequent analysis by the method of analysis of the social networks. Finally, the visualization method gives the results of the analysis in a graphic presentation.
In the Web mining researches (Zanasi, 2000), the Web crawlers have been widely utilized to go through the Web and collect Web pages for subsequent analysis. They are software programmes that navigate in the informative space of the Web, following the hyper-textual links and recuperating the pages. From the first days of the Web, the crawlers were amply used to construct the databases of the research engines, to make personal researches, to archive Web sites (if not the entire Web) or more simply, to compile statistics.
The Web has different characteristics (Qin, 2007). Let us look at some:
• the probability that two junctions (the URLs), chosen at random, are linked is not constant in all of the Web (non-random characteristic);
• the junctions have the characteristic of forming groups and communities (small world characteristic);
• very few junctions have a great many links (free-scale characteristic) and vice versa: certain of them will be of the hub (aim at many sites) or of the authorities (are aimed at by many sites);
These characteristics allow us to utilize the instruments of analysis of the social networks also in the study of the Web, (Degenne, Forsè, 1999).
The analysis of the social networks (SNA) is a sociological methodology to analyse forms of analysis of the relations and interactions between social actors to discover the underlying social structure.
In the social structure not only are the attributes of the social actors important, such as their age, gender, socio-economic and cultural status, but also the type of relation between such actors are important, their nature, the intensity and frequency of such relations and so on.
SNA methods have been used to study organizational comportment, the relations between organizations, the communications via computer, and many other areas – among which the networks between terrorists and criminals (Krebs, 2001). By using the SNA, we can then identify the strategic junctions (either hub or authority ) – neutralizing these, we can more easily neutralize the network.

First of all, it is necessary that a crawling programme downloads the pages of interest. Instead of downloading all the links to the URLs, the crawler can follow only the
links of interest: for example, those directed to the pages of members of a group or to pages of comments and so on.

After the pages have been downloaded, the text mining analyses them to extract the information of interest. This can be structured information (relative to the Web page, to the blog, to its proprietor, to the creation of the data …) or unstructured (for example, relative to the written text contained therein).
In the previously cited ESRAB report, the technology of text mining has been placed in the 6th position, in order of importance, among the technologies judged as important for security.
Due to the presence of natural language, the data preparation step in text mining is longer than usual and requires a linguistic pre-processing phase to clarify, at least in part, the ambiguities connected to the comprehension of the meaning. Obviously, such phase of pre-processing will be different according to the language to be analysed.
The most advanced programmes are now able to analyze up to twenty different languages contemporaneously.
Using electronic dictionaries, syntactic taggers, lemmatizing engines, text mining:
- resolves the principal ambiguities tied to the language; in this phase, for example, the words:
• record, in the English phrase “we record the record”;
• couvent, in the French phrase “les poules du couvent couvent”;
• pesca, in the Italian phrase “pesca la pesca” are recognized in their meaning;
- lemmatizes words/expressions (“International Business Machines” is transformed into “IBM”);
- automatically indexes the documents, linking them to the key concepts contained therein;
- identifies the concepts judged to be interesting (for example: abbreviated partnerships – with the names of the companies that have abbreviated them, even though the word partnership or the name of the company does not appear in an explicit manner in the text).

The method of analysis of the networks allows, at this point, the identification of the role of the entities and the type of connection which links them together.

This last method permits the visualization of what has been extracted and identified in the illustrated figures of the article.