The Washington Post
Monday, April 09, 2012
Al-Qaida's main Web forums have been offline for the past 11 days in
what experts say is the longest sustained outages of the sites since
they began operating eight years ago.
No one has publicly claimed responsibility for disabling the
sites, but the breadth and the duration of the outages have prompted
some experts to conclude the forums have been taken down in a
cyberattack — launched perhaps by a government, government-backed
organization or hacking group.
The first website, Shumukh al-Islam, a primary source for al-Qaida
videos and messages, went down on March 22, and since then four others
have gone dark. The administrator of a second-tier al-Qaida site
recently posted a message on an online forum saying that “the media
arena is witnessing a vicious attack by the cross and its helpers on the
jihadi media castles.”
Officials in the United States and elsewhere have long been
concerned by sites associated with al-Qaida. Those sites have been used
to call for violence against Western targets and to try to recruit
Islamic extremists to carry out attacks.
There remains uncertainty over whether the recent outages
were caused by a cyberattack at all, and some skeptics note that some
prominent al-Qaida forums remain online. U.S. government agencies,
including U.S. Cyber Command, had no role in the outages, according to
officials who would speak about the issue only on condition of
Still, Will McCants, a former State Department
counterterrorism official who is now a senior fellow at the Homeland
Security Policy Institute at George Washington University, said given
the number of sites down and the duration of the outages, “it sure looks
like a takedown.”
If it were a technical problem being addressed by site
administrators, “usually they will get on another site and say we've got
administrative problems,” McCants said.
The last lengthy blackout of al-Qaida Web forums took place
in the summer of 2010, when British intelligence officials disrupted the
launch of an online magazine produced by the network's affiliate in
In that case, the most prominent al-Qaida site at the time,
al Fallujah Web forum, was dark for at least seven days, said Evan
Kohlmann, senior partner at Flashpoint Global Partners, which tracks the
sites, which are mostly in Arabic language. The magazine appeared on
the restored forum about two weeks later. Although he generally sees the
disruption of al-Qaida websites as a fruitless game of whack-a-mole,
Kohlmann said the most recent outages have clearly begun to affect
“At least temporarily, the social networking among jihadists
has been disrupted,” he said. “The remaining forums are really
struggling to attract the participation of users.”
For years, U.S. intelligence officials have relied on
al-Qaida forums to gather insights into conversations among extremists.
Some officials have argued against attempts to shut down the forums,
saying they provide valuable intelligence.
At the same time, any cyberattack, even one that shut down
an online forum only briefly, could temporarily stifle extremist
activity, or perhaps just sow confusion and distrust among users.
Said one U.S. official: “It's a good thing whenever a terrorist website goes offline.”
Regardless of the cause of the latest outages, if they
persist, the larger consequences could be far-reaching, said A. Aaron
Weisburd, a senior fellow at the Homeland Security Policy Institute who
runs Internet Haganah, a site that tracks jihadi forums.
The loss of primary forums such as Shumukh and al-Fida'
would deprive al-Qaida of control over its message, he said. “It leaves
the rank-and-file to guess which messages and which messengers are
genuine al-Qaida, and provides undercover operators with new
opportunities to disrupt the movement,” he said.
Comments on the handful of Arabic-language forums that remain online reflect the frustration and defiance among users.
“Life without Shumukh and Fida' is unbearable ... they are
the Titanic supporting the foundation for the triumphant sects fighting
in Iraq, Yemen, Somalia,” a user identifying himself as Fata Musslim
Ghayoor said on the Ansar al-Mujahideen Arabic Forum on Thursday,
according to a Flashpoint translation.
“The forums will return,” commented a user identified as
“Azam” on a different site. “We are in a media battle with the enemies
of Allah. ... Even if Shumukh is gone, a thousand other Shumukhs will be
Philip Mudd, a former longtime CIA and FBI counterterrorism
expert, said he understands the intelligence value the sites have. But
as the al-Qaida movement loses ground, he said, “maybe the more
important issue is how do we now get more aggressive in shutting down
any effort they have to spread the message?”
In the past, U.S. officials have also relied on diplomatic
channels to dismantle extremist sites that are seen as posing a threat
to American personnel or interests, according to former U.S. officials
familiar with the episodes.
The approach has worked in more than a dozen cases, and in
each instance was backed by at least the implicit threat of a
cyberattack by the U.S. military if the website's host country failed to
act, the officials said. The countries that cooperated were in Europe,
the Persian Gulf and the Pacific, they said.
“We've never had a country refuse us,” said the former vice
chairman of the Joint Chiefs of Staff, James Cartwright, speaking at
U.S. China Commission hearing at George Mason University last week. “But
if they did, then you can invoke the right of self-defense.”
Cartwright said that in some cases the foreign government
would be given a 48-hour window to investigate, what he termed “fair
notice,” before the U.S. military did so on its own.
The approach makes sense, current and former officials say.
Although the U.S. government has the ability to disrupt the sites on its
own, “you're not going to go do something unilaterally if you can do it
cooperatively,” said a former administration official who requested
anonymity to discuss sensitive internal deliberations.
The al-Qaida sites that have recently gone offline were
hosted on servers in various countries, including Malaysia, Panama and
the Gaza Strip, Kohlmann said. It is rare these days to see them hosted
on servers in the United States or Canada, he said.
Some of the forum followers have suggested new outlets.
Said one commenter, Al-Muktafi bel-Lah, last week: “I
suggest to the brothers having a page for the jihadi forums on Facebook