This Sept. 11, Will Terror Sites Get Hacked Again?
For the past two years, Islamic extremists’ online forums have been subjected to a series of attacks around the 9/11 anniversary — just as the jihadists worked to score a propaganda win. Major sites have been shut down, some permanently. Previous reporting has indicated that the United States and its allies have been responsible for some of the attacks.
As Sept. 11 approaches, the United States may or may not go for the hat trick and launch another round of online sabotage. But should it? What do western governments gain from occasionally disrupting jihadi websites?
In September 2008, a number of major jihadi forums were attacked and shut down shortly before the 9/11 anniversary, delaying the release of a feature length al-Qaida 9/11 anniversary video, The Harvest of seven years of the crusade. Eight days later, when the video was finally released, the passwords provided to extract the video files were incorrect. In time, the sites mostly recovered. The video became accessible and remains so today.
A year later, major jihadi websites again were taken offline. This time, Ekhlaas, one of the forums which shut its doors after the 2008 attacks and had remained closed, resurfaced and began advertising itself anew with a hacked user ID used by the al-Fajrmedia network to post media in the forums. Al-Fajr issued a press release denouncing the zombie Ekhlaas as fake, created by hostile intelligence services and warned former users against logging on. The new Ekhlaas eventually gave up and shut down. Major sites like Fallujah and Shumukh (pictured, above) regained functionality. And by Sept. 13, As-Sahab had released Osama Bin Laden’s A Statement to the American People video — albeit two days after the customary anniversary date.
In both cases, the videos were eventually released. The attacks eventually ceased. The forums eventually returned, more or less, to operation. So what is there to show for the efforts?
For one, jihadis’ forums have become more concerned about security. Getting onto the big sites became more cumbersome after the 2008 hack, the Netherlands’ National Coordinator for Counterterrorism noted in a recent report (.pdf). Registration is now required to access the forums. “The details of the parties registering, such as IP address, stated identity, size and nature of contributions, [are now] checked.”
Access to certain parts of forums on the site was restricted to parties known to the webmasters. The forums in question concerned “preparations for the jihadist conflict” and hosted discussions of technical and operational aspects of the jihad and how to deal with weapons, ammunition and explosives…. The contributions by members were critically examined to prevent disinformation and false reporting. Lastly, the sites and participants warned each other in time about reputed infiltration or attempts at disinformation and visitors were given advice about personal security in order to protect their identity.
Of course, the 9/11 shutdowns are by far not the only instances in which jihadi websites have been tampered with, either by governments or private parties. Even if governments were responsible for the majority of such incidents, taken together, they constitute something substantially less than a concerted effort to permanently erase the presence of major jihadi forums from the web.
So why play an intermittent game of whack-a-mole with jihadi websites when it makes them more cautious online and potentially dries up sources of intelligence? That paranoia may be the point, according to Thomas Hegghammer, a leading scholar of jihadism studies and a senior research fellow at the Norwegian Defence Research Establishment.
“Shutdowns are one of several factors that have contributed to a very important development on the forums over the past 6 years, namely the spread of paranoia,” says Hegghammer, who strongly suspects that the shutdowns are government-directed but claims no direct knowledge of their authorship. “In the early 2000s, users would often volunteer personal information and would not discuss the surveillance threat that often. Nowadays you practically never see anybody write anything that might reveal their identity or location, and there is a lot of talk about spying.”
That hesitancy has hindered the forums as a platform for recruitment and social networking, diminishing their intelligence value, argues Hegghammer. And so the trade-off between intelligence collection and action against jihadi websites may be less severe than previously thought. The online disruptions, even if only temporary, serve as a deterrent to using the web for operations.
“Of course they can still use forums for propaganda and ideological debate,” Hegghammer cautions, “but the alternative scenario – in which they could both propagandize and recruit – would have been much worse for us.”
The value of intelligence available on jihadi forums has diminished so much that Hegghammer says he’s now more open to the idea of a campaign to shut down and keep down the major forums — as much as that’s possible, technically. “The cost of losing the source is smaller,” he says. “I don’t think we should dismiss it as an option in the future.”
For the moment, such a campaign faces significant practical obstacles, says Matt Devost, former president of the Terrorism Research Center and currently president of FusionX, a cybersecurity consulting firm.
The volume of hosting options, the multitude of legal regimes governing them and the challenges of securing foreign cooperation against them, means jihadists have a convenient array of hosting alternatives if shut down in a particular country, dimming the chances for keeping a number of sites down indefinitely, Devost believes.
American officials have to convince their foreign counterparts that removing a particular site hosted in their territory is both legal under the host country’s laws and necessary. “You have to make some pretty specific legal arguments,” says Devost. These requests can run up against sensitivities over national sovereignty and complicated issues of free speech, a difficult issue even here in the United States. Some governments simply aren’t receptive to begin with. “You can’t go after every site in every country because some countries just won’t cooperate,” Devost tells Danger Room.
American counterterrorism officials have another, unilateral option: forcibly dismantling jihadi websites from afar using the Defense Department and intelligence community’s offensive cyber capabilities. But such attacks can have unintended consequences. Attacks against a single terrorist website can cause damage to several servers across a number of countries. This is reportedly what happened in 2008 when an interagency task force attacked a U.S.-Saudi-created “honey pot” and took down 300 servers in Saudi Arabia, Germany and America with it. An all-out cyber war on jihadist sites could cause considerably more network collateral damage. It’s one of a number of considerations, as the U.S. continues the online jihadist hunt.