FBI taps ISPs in hunt for attackers

The hunt for suspects in Tuesday's terrorist attacks has moved online.

On Wednesday, both America Online and EarthLink acknowledged that they were working with the FBI to turn over specific information that may be relevant to the case.

"We are cooperating with them in this ongoing investigation," said Nicholas Graham, spokesman for Virginia-based AOL, a division of AOL Time Warner. Although Graham wouldn't provide details, he denied reports that the company had agreed to install a Carnivore surveillance system.

"We are able to provide them with information on an immediate basis," he said, stressing that such an ability made Carnivore unnecessary. The FBI developed Carnivore, now renamed DCS1000, to allow it to wiretap communications that go through Internet service providers.

EarthLink's vice president of communications, Dan Greenfield, confirmed that the Atlanta-based ISP was served with a warrant under the Foreign Intelligence Surveillance Act (FISA) to turn over information.

FISA limits the ability of intelligence and law enforcement agencies -- essentially the FBI, the CIA and the military information-gathering National Security Agency -- from spying on the American public. The warrant covers investigations relating to the leakage of information to a foreign government and requires less burden of proof than a warrant in a criminal case. The directors of the FBI and the CIA as well as the secretaries of state and defence are the only government officials allowed to request a FISA warrant.

Calling the warrant "equivalent to a wiretap," Greenfield also denied that the company had let the FBI install a Carnivore system.

"We are not installing any equipment," he said. "We are cooperating with a very specific request. There are concerns from our customers that we are giving arbitrary access to our network, and we are not."

Most of the clues that have turned up so far in the hunt for suspects have been dug up through typical investigative footwork, not high-tech sleuthing.

Authorities are searching for the accomplices of a well-organised group of suicide hijackers who commandeered four commercial jets Tuesday, effectively turning them into flying bombs. Two flattened the World Trade Center, while a third seriously damaged the Pentagon. The fourth plane crashed in a field.

Some of the victims on hijacked aircraft used cell phones to describe the attacks to people on the ground. In addition, a review of the passenger lists has offered some leads.

So far, five Arab men have been identified by Massachusetts authorities as suspects, according to two Boston newspapers. Authorities have also seized a rental car containing Arabic-language flight-training manuals at the city's Logan International Airport, where two of the hijacked planes originated, the papers reported.

US agents served warrants on homes and searched businesses in south Florida; they also issued alerts for two cars in connection with the attacks, local media reported.

Jack Mattera, director of computer forensics for The Intelligence Group, which specialises in corporate investigations and crisis management, stressed that information technology will likely play a crucial role in finding out who planned the suicide attacks.

"Using high-tech to investigate is critical," he said. "There are some things that gumshoe work is just not going to find."

Security experts described Tuesday's attack as low-tech, with reports of knives being used as the primary weapons in the hijackings. Nevertheless, many suspect computers and the Internet may have played a critical role in planning the complex and highly coordinated operation.

In February, George Tenet, the director of the CIA, warned members of the Senate Select Committee on Intelligence that terrorists were using the Internet and high-tech tools to communicate.

"International terrorist networks have used the explosion in information technology to advance their capabilities," he told the committee.

Mark Mansfield, spokesman for the CIA, declined to explain what tools the agency was bringing to bear, saying "it would be ill-advised for us to talk about [our methods]. It would not be a prudent thing to do."

Both the NSA and the FBI declined comment as well.

However, The Intelligence Group's Mattera said he believed that the requests for online information may be to check out the people who posted suspicious information in public chat rooms or online.

"I think there is some indication that there may have been some information posted to different groups that didn't specifically alert people at the time, but now they may be able to go back and connect it to the suspects," he said.

"Two days ago, a [virulent] email may not have meant anything," he said, "but today they will run it down and see if it's a clue."

Reuters contributed to this report.

See the Internet News Section for full coverage.

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Telecoms forum.

Let the editors know what you think in the Mailroom. And read other letters.