Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Al-Ansar Jihadist Site: Mapping Jihad

with 8 comments

Seeing the traffic lately on Twitter between @allthingsct and Jokey, I thought it prudent to once again put some perspective on jokey’s little venture and how futile it really is. So, I bring to you this report I have generated on “Ansar-AlJihad”, a consortium of sites that are run by the same “persons” of interest and serve up jihadi content and links.

The picture above is a stealth mirror site of Ansar. The site is located in the US on a server that I assume the owners do not know has been compromised. This is just one of twelve sites that Ansar has stood up on varying servers and domains. Several of these sites all reside on IP addresses out of the US but being registered domains whose owner claims to be in Brussels.

The stealth site is physically located in Provo UT:

While the other sites primarily reside in Washington State:

The last site is physically located in Malaysia, which interestingly enough is a very active area for jihadi activity these last few years. All of these sites though, mirror the data that is updated consistently over all sites. Thus, should any site be taken down or denied service, one can just go to the next in line located on the main page, and get your jihadi content.

The addition of the stealth site proves the point that even IF all of the sites were to be taken down, they would indeed back up to the stealth site strategy and just keep popping sites to upload to. So, jokey’s little idea that just annoying them offline forever and they will just go away is a fallacy at best and half baked logic at worst.

Meanwhile, let’s consider the other way to deal with these sites. By tracking them, their users, and their data.

By looking at the domains, the home IP addresses, and the links as well as the data on these sites you can get a pretty good picture of who may be setting up these sites and who may be using them. In the case of Al Ansar, I was able to use Maltego to get a line on one site of interest that gave up a solid name and email address.

Maltego’s here:

The Maltego made the connection between the Ansar site and three Blogspot accounts. The one that was the most of interest was pathtomartyrdom.blogspot.com:

The owner of this site actually used a hotmail address and a name to set up the blog.

hassankhalid025@hotmail.com

This address was used in a few posts on Yahoo and not much else. However, I am sure that the authorities would be able to talk to M$ about opening that one up and seeing who said what to whom. Of course given the recent flap with Cryptome and the M$ guide for LEO’s I am quite sure they have all the logged traffic and can provide it when asked.

So, as you can see, with a little footprinting, a little digging, and some patience, you can do a lot more than just DDoS a site offline. You can in fact provide the authorities with the data needed to maybe catch these guys instead of drive them under the digital carpet.

My hope is that these sites are already in the hands of the authorities here in the states and their traffic being logged. It would be great to see that the server had been set up to have all the captures taken so even if the jihadists were using proxies they could at least track those too. It’s all links in a chain that can be followed to the source.

It may also be a key practice that these sites are not only watched, but also being actively added to by the authorities here. One would hope that they would be members on these sites also, adding content to “disinform” the jihadi’s and catch them in the act.

Ahh well.. One can hope huh?

Needless to say, I have posted the findings report to the feds and will wait to see what they do…

CoB

8 Responses

Subscribe to comments with RSS.

  1. Dude, you lust for the limelight in regards to what you see as ‘current’ (ps thanks for the exposure – again) is transparent, it’s like when you claimed a ouple weeks back the chinese were hacking you, right when there was this google/china thing going on – hilarious, like they give a shit about you.

    Now, I launched a single attack against y, you will note it caused you no harm, apart from took you down for down for a period. This was done because you host jihadi explosives training material on a box you own. I apologized at the time, and attempted to contact you direct to explain.

    You escalated the issue, you made yourself look a fool in front of all these nice peopl ethat read your ‘blog’ and you still persist in your stupid stupid attempts to vilify me.

    Yes, I disagree with your hosting jihadist training materials on your box for all the world to see, but I have not touched you since.

    I have better things to do, than chase down a wannabe ex-hasbeen nothing.

    You can continue to try and involve yourself in the CT world, but you are amateur and prove it all the time. So go back to your new ‘maltego’ toy, and your irrelevant logs.

    The more you mention me, or ‘jokey’ the more you generate interest.

    In me, not you.

    J

    x

    j35t3r

    2010/02/28 at 20:43

  2. Oh and regards your well-respected analysis, so far you have pinned me down to:

    1) a gamer-guy called ‘colton’ lol

    2) various nationalities

    3) ‘the jester is multiple people’

    all of which are incorrect, if you want to find me – maybe you should look at semantics, its better than ip addresses and random google searches.

    You are getting really boring.

    Then again maybe thats just me, all your 2 fans may follow your bad ‘intel’ which is great for me.

    To me you are an asset, you obfuscate me more than anyone can, including myself. lol

    Crack on <<< theres some semantics for ya.

    j35t3r

    2010/02/28 at 20:51

  3. 1-800-WAAAA

    crabbyolbastard

    2010/02/28 at 21:05

  4. Oh, and if I mean so little, why do you keep following me?

    crabbyolbastard

    2010/02/28 at 21:06

  5. dude with respect you keep vilifying me in your blog posts, I thought we had agreed to disagree way back, I will turn a blind-eye to the fact you host jihad explosives training material, in the name of ‘research’ lol

    You are part of the problem, not part of the solution.

    And your totally ares about tit view of CT, and and the fact that you believe your rants are of any use is laughable.

    Please go away you sad old man.

    j35t3r

    2010/02/28 at 21:14

  6. Honestly, I think both paths could be beneficial. If someone is going to leave a trail to their email (and hopefully that tracks to personal data), that is helpful. But I think annoying them is helpful too. I’m not sure that it’s necessary to make a choice.

    Fight the good fight and don’t get distracted by internecine squabbles, friends.

    Rodrigo Plantagenet

    2010/03/01 at 05:39

  7. […] a secret government program, or otherwise remains unknown and he remains “crack on” as he has commented with his DoS campaign against suspected jihadist […]


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: