Cyber Jihad: Malaysia and Indonesia
Just a couple weeks ago, a paper was put out by the Bipartisan Policy Center that looked back at where we were on 9/11 and how far we have come with regard to dealing with terrorism. The paper did not really have a wholly heartening tenner and in fact pointed to some new areas of concern. One of the areas of concern was Asia and Jihad. As coincidence would have it, I just stumbled onto a new site that has been set up by an Indonesian group and has connections to the Ansar boys via our old pal Ansar007, or is it now al-ansar007? Or how about irhabi007 redux, a new player with an old name who is trying to emulate Younis Tsouli?
The site in question is cyberjihad.org and it was started in July:
Domain ID:D159760330-LROR Domain Name:CYBERJIHAD.ORG Created On:28-Jul-2010 04:19:08 UTC Last Updated On:18-Sep-2010 07:57:42 UTC Expiration Date:28-Jul-2013 04:19:08 UTC Sponsoring Registrar:Melbourne IT, Ltd (R52-LROR) Status:TRANSFER PROHIBITED Registrant ID:D128027988480526 Registrant Name:cyberjihad Registrant Organization:cyberjihad Registrant Street1:2804 S. Lincoln Ave Registrant Street2: Registrant Street3: Registrant City:Sioux Falls Registrant State/Province:SD Registrant Postal Code:57105 Registrant Country:US Registrant Phone:+1.6059884611 Registrant Phone Ext.: Registrant FAX: Registrant FAX Ext.: Registrant Email:email@example.com Admin ID:D128027988480523 Admin Name:Alexis Ricci Admin Organization:cyberjihad Admin Street1:2804 S. Lincoln Ave Admin Street2: Admin Street3: Admin City:Sioux Falls Admin State/Province:SD Admin Postal Code:57105 Admin Country:US Admin Phone:+1.6059884611 Admin Phone Ext.: Admin FAX: Admin FAX Ext.: Admin Email:firstname.lastname@example.org Tech ID:D128027988480525 Tech Name:YahooDomains TechContact Tech Organization:Yahoo! Inc Tech Street1:701 First Ave. Tech Street2: Tech Street3: Tech City:Sunnyvale Tech State/Province:CA Tech Postal Code:94089 Tech Country:US Tech Phone:+1.4089162124 Tech Phone Ext.: Tech FAX: Tech FAX Ext.: Tech Email:email@example.com Name Server:NS2469.HOSTGATOR.COM Name Server:NS2470.HOSTGATOR.COM The site sits on a server in Houston: NetRange: 220.127.116.11 - 18.104.22.168 CIDR: 22.214.171.124/14 OriginAS: AS36420, AS30315, AS13749, AS21844 NetName: NETBLK-THEPLANET-BLK-16 NetHandle: NET-174-120-0-0-1 Parent: NET-174-0-0-0-0 NetType: Direct Allocation NameServer: NS2.THEPLANET.COM NameServer: NS1.THEPLANET.COM RegDate: 2009-03-23 Updated: 2009-03-23 Ref: http://whois.arin.net/rest/net/NET-174-120-0-0-1 OrgName: ThePlanet.com Internet Services, Inc. OrgId: TPCM Address: 315 Capitol Address: Suite 205 City: Houston StateProv: TX PostalCode: 77002 Country: US RegDate: 1999-08-31 Updated: 2008-05-20 Ref: http://whois.arin.net/rest/org/TPCM
The data from the whois turns up a name, email address and phone for one Alexis Ricci, which when put into Maltego gets the following hits:
Which in turn gives a hit on an SBCglobal address that puts this person in Texas, not in South Dakota… The phone number that is listed in the WHOIS comes up in databases as a cell phone, but that is about all I am getting at the present time without actually spending money on a backtrace of the number. I suppose I could call it… In the end, I am pretty sure that this is just some hacked data that they used to enter the whois data and set up the site. It would be interesting though to see who and how this domain was paid for. A Google map of the address does put it in a residential neighborhood and in fact there is a house there… More can be done on this but I think its just a red herring.
The site as I said is new, and now has 157 members… All of which I have enumerated because the site is poorly constructed security wise. One can just poll the php tree by ticking a number into the php=? area of the url. Here are some examples of the kiddies!
I have them all now, and many of them were kind enough to give not only email addresses, but also their websites as well as one poor bastard actually used his REAL photo in his! Yeah, hi there, the Indonesian security forces will be coming to see you soon! There is a lot there to wade through with Maltego, but eventually I will have it all collated and post the results on each and every member.
Now, on to the whole connections thing and import here. This site, while crude, is just a hint of the movement that has been happening in the Asia area for some time now. As you may recall, some of the 19 hijackers had meetings in Malaysia and Indonesia before they actually started the operation. Malaysia in fact, is the host country to many of the Jihadi sites on the net now and I suspect that is not only because of the sympathetic groups there, but also the lax computer law in the countries that they reside in. Piradius net has been one of the bigger sites and in this case the site is actually not there, which is a surprise of sorts.
The members of this site also have been active in hacking and defacing sites. Some, like Karkoon above, also have Facebook pages and connections to their other hacking sites. It would seem that at best, these guys are just capable of page defacements at best and not much else. However, the ranks have grown quickly and in fact, with the connections to Ansar (at least one of the members here I have seen before and is in Palestine) could be another arm of the Jihad online. If they got direction and support from the others on similar jihadi sites, then they could be another fly in our collective ointment… That is, once they learn more than just page defacing.
Another thing to note here is that Asian connection again. So far the general populace and the news really haven’t gotten it into their heads yet that the Malay and Indonesian (Asiatics) are also a group to be on the look out for with regard to up and coming jihad movements. What if cells of new Asian Muslim Jihadists start to make inroads at the behest of AQ?
Something to think about…
What also, if these guys are reaching out to the likes of the Baltic jihadis too? Yep.. I have seen traffic… It’s a nightmare of data….
I will continue the sifting and point out the interesting bits…