Who Is Waging Cyberwar Against the Jihadi Networks?

  • Share
  • Read Later
Rick Maiman / Polaris

A mock movie poster warning of al-Qaeda's returning to New York City recently appeared on some Arab-language jihadi websites; authorities say they've been monitoring the sites and there's no imminent threat to the city

"The enemies of Allah who boast of their freedoms have not spared any effort to eradicate our blessed media." After two weeks of silence, the jihadist forum Shamukh al Islam came back online yesterday with a gloat: an apparent cyberattack against Shamukh and four similar sites had failed to shut it down permanently. But terrorism analysts see the event in a different light. As they investigate the mystery of who caused the outage and why, most can't help seeing in the blackout one more piece of evidence that al-Qaeda is in disarray.

Websites like Shamukh al Islam perform a critical function in jihadist circles. Loaded with videos that depict alleged Western atrocities against Muslims, they recruit supporters, while their chat rooms and forums allow jihadists around the globe to communicate with one another and exchange information, including instructions on bomb construction and chemical warfare.

So when Shamukh al Islam, perhaps the most prominent jihadist forum, suddenly fell silent on March 22 or 23, terrorism analysts took notice. That interest only grew over the next few days as four other sites went down and, with one exception, stayed that way. "For four of these sites to be off-line for two weeks is unprecedented," says Aaron Zelin, a researcher at Brandeis University. "We've seen other cyberattacks on these sites before, but they've never managed to keep them down for that long."

However significant the outage may be, no one is quite sure who caused it or why.

Because Shamukh went down right after French authorities cornered and killed Mohammed Merah, the 23-year-old jihadist who shot seven people in Toulouse, some analysts have suggested a connection. "Our first suspicion was that the blackout was somehow connected to Merah, just based on the timing," says Evan Kohlmann, a terrorism analyst at Flashpoint Partners, a consulting agency. "The presumption here is that someone is intent on thwarting, or at least complicating, al-Qaeda's efforts to release a particular piece of media" — perhaps the Merah video that was sent to al-Jazeera but never aired.

Yet a French connection is not the only possibility. On March 27, Spanish authorities arrested Muhrad Hussein Almalki in the coastal city of Valencia. Known as "the Librarian" for his work administering and archiving jihadist websites, Almalki supervised one of the downed sites and posted frequently under various aliases on at least two others. In a 2011 post to Shamukh, he answered a call for "enemy names" with a list of targets that included the two George Bushes, Bill Clinton and Tony Blair.

For Manuel Torres, a terrorism expert at Seville's Pablo de Olavide University, Almalki's arrest suggests that the sites' operators may have taken down the forums. "Almalki was an administrator, and that means his arrest posed a significant danger: in both this case and a similar one in 2010, police found a list of passwords," says Torres. "They might have taken down the sites themselves for protection."

When sites have voluntarily gone dark in the past, however, their administrators have usually posted messages to that effect — something that did not happen in the Shamukh case until April 2. But if the evidence indeed points to a cyberattack, who was behind it?

On April 4, Pelayo Barro, a journalist for the Spanish digital newspaper El Confidencial Digital, reported that the U.S. government had something to do with it. "My source, who works as an outside consultant for Spain's National Intelligence Center, told me that U.S. intelligence agents got in touch with their Spanish counterparts in late March," Barro told TIME. "They told them that a few days earlier a team of 10 hackers working for the Obama government had broken the passwords of several of the principal Islamist forums. They said it was the biggest cyberattack yet against these sites." According to Barro, information gleaned from this attack enabled Spanish authorities to locate and arrest the Librarian, a figure they had been interested in for over a year.

Kohlmann, however, questions U.S. involvement. "Generally speaking, the U.S. government does not shut down jihadi websites," he says. "Most of the people that I know in U.S. law enforcement and intelligence agencies believe it is more fruitful to leave the websites online and use them for intelligence purposes." And if it wasn't the U.S. government? "Other possible responsible parties might include the governments of France and Israel, as well as more skilled cybervigilantes."

Britain took down jihadist websites in 2010 but did not admit to doing so until this year. So it is likely that the responsible party, whoever it is, will not be confessing anytime soon. But more significant than its origins may be what the attack reveals about al-Qaeda. "People in some intelligence agencies believe the organization is very weak," says analyst Zelin. "And the length and breadth of this outage seems to support that."

That's not to say, however, that these jihadist networks no longer pose a threat. "It's definitely a setback for al-Qaeda's communication network," says Kohlmann. But "if the past can serve as example, other trusted, authenticated forums will simply step up and take its place."