Hundreds of messages posted to Internet discussion groups last week, apparently with encrypted instructions for al-Qaida terrorists, are an obvious hoax, experts said.
The newsgroup postings, which included the words "next al-Qaida attack" in their subject lines, alarmed some Internet users when the messages began showing up in discussion groups around Nov. 25.
"Could this be the forerunner of an Internet attack? Maybe the authorities (Homeland Security, etc.) should be called in on this?" asked one Earthlink user on Nov. 26 in a Jewish culture newsgroup.
Experts said the "dead drop" messages, posted on dozens of Usenet newsgroups with a return address at an account with Demon Internet, an Internet service provider based in the U.K., are bogus and appear to be part of an effort to smear the reputation of an anti-spam crusader.
The body of each message included an Arabic name followed by the words "Allah be praised, here are your orders." The remainder of each posting contained a header that read "Begin PGP Message" and several lines of random letters and numbers characteristic of text that has been encrypted.
Other Usenet participants seemed to view the postings with a mix of annoyance and caution. On Nov. 26, an Internet user responded to the "al-Qaida attack" message in a discussion group for boat builders this way: "This isn't funny, whoever you are. And if it's real: We'll find you and send you to Allah without the parts you need to service the imaginary virgins you think you'll get."
Andrew Gierth, a programmer based in England whose e-mail address was listed in the "From" line of the messages, said he was not responsible for them.
"The posts are not from me. They are forgeries, posted through open proxies to disguise the true origin," said Gierth, who would not comment on who he believes is responsible for distributing the forged messages.
Gierth is a member of a small group of newsgroup administrators who "keep Usenet usable" by deleting thousands of spam postings daily, according to John Levine, a spokesperson for the Coalition Against Unsolicited Commercial E-Mail.
"This is doubtless some Usenet spammer who thinks it's a clever revenge," said Levine.
The subject line of the forged messages stated that the next al-Qaida attack would occur on Buy Nothing Day, an anti-consumerism protest held Nov. 29 this year and every year since 1997 at the start of the Christmas shopping season. The messages also included a hyperlink to a website operated by organizers of the protest.
On Nov. 27, a participant in a newsgroup for discussing role-playing games called the postings a "spurious attempt to link the anti-capitalist movement to al-Qaida" and an effort to "wind people up."
A cryptography expert said the postings included several indications that the encrypted portion was bogus and contained no real information.
"The encrypted message is loaded with CRC errors and bad ASCII armor characters. It's essentially useless junk," said Jay Dyson, a computer security specialist and author of several papers on cryptography.
Gierth said he has received some e-mails from Internet users in response to the postings, but he has not been contacted by his ISP or law enforcement.
While some experts have speculated that al-Qaida may use the Internet to distribute encoded instructions to members, Dyson said it's unlikely terrorists would trust the technology for sensitive communications.
"Only their drone foot soldiers -- like Richard Reid, the shoe bomber -- use the Net with any regularity, and those guys are not the ones giving orders," said Dyson.
