Al-Qaida communications knocked offline, says expert

Terror group al-Qaida has been left without a trusted operational channel on the Internet for distributing its media and propaganda, according to a terrorism expert.

"I really can't say for certain how or why this happened, other than that it involved apparently separate attacks on both the domain name and data server used by al-Qaida's trusted forum, Al-Shamukh," Evan Kohlmann of Flashpoint Partners said in an e-mail late Wednesday. That kind of coordinated event doesn't typically occur by happenstance, he added.

Other jihadi forums left online still allow "the rabble" to communicate with others, but none of them are fully trusted by al-Qaida, said Kohlmann who has spent over a decade tracking al-Qaida and other terrorist organizations.

The incident began in earnest about 72 hours ago, he said.

Kohlmann reported earlier this week in a message on Twitter that hackers hijacked the primary web domain used by the Shamukh chat forum, which disseminates propaganda on behalf of al-Qaida. He later reported that the entire website was unavailable, and two more top-tier jihadi web forums had also been mysteriously knocked offline, including the Arabic-language Ansar al-Mujahideen Network.

Kohlmann said on Wednesday that he was certain that al-Qaida has backup copies of the forum database, and there are various mirrors of their material still available online, such as aljahad.com/vb. But there is no other trusted channel left for al-Qaida to release new material through. Either Shamukh must be resurrected, or else al-Qaida must establish a direct relationship with a new forum, he added.

Shamukh is at present the critical linchpin in the network, Kohlmann said. "I'm sure that Shamukh will eventually be replaced by another forum, just as it replaced the former top-tier "al Faloja" forum last year," he added.

The list of potential suspects who may have brought down al-Qaida's online communications channels includes both government-sponsored hackers from the U.S. and the U.K., as well as independent cyber vigilantes, Kohlmann said. One frequent hacktivist who launches these types of attacks is known as th3j35t3r, he said.

Known as the Jester, th3j35t3r describes himself on his Twitter account as a "Hacktivist for good. Obstructing the lines of communication for terrorists, sympathizers, fixers, facilitators, and other general bad guys". Jester did not claim credit for the Shamukh hack on either the Twitter account or on his blog.

John Ribeiro covers outsourcing and general technology breaking news from India for The IDG News Service. Follow John on Twitter at @Johnribeiro. John's e-mail address is john_ribeiro@idg.com

FREE Computerworld Insider Guide: IT Certification Study Tips
Join the discussion
Be the first to comment on this article. Our Commenting Policies