Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Cyber Jihad: Malaysia and Indonesia

with 4 comments

Just a couple weeks ago, a paper was put out by the Bipartisan Policy Center that looked back at where we were on 9/11 and how far we have come with regard to dealing with terrorism. The paper did not really have a wholly heartening tenner and in fact pointed to some new areas of concern. One of the areas of concern was Asia and Jihad. As coincidence would have it, I just stumbled onto a new site that has been set up by an Indonesian group and has connections to the Ansar boys via our old pal Ansar007, or is it now al-ansar007? Or how about irhabi007 redux, a new player with an old name who is trying to emulate Younis Tsouli?

The site in question is cyberjihad.org and it was started in July:

Domain ID:D159760330-LROR
Domain Name:CYBERJIHAD.ORG
Created On:28-Jul-2010 04:19:08 UTC
Last Updated On:18-Sep-2010 07:57:42 UTC
Expiration Date:28-Jul-2013 04:19:08 UTC
Sponsoring Registrar:Melbourne IT, Ltd (R52-LROR)
Status:TRANSFER PROHIBITED
Registrant ID:D128027988480526
Registrant Name:cyberjihad
Registrant Organization:cyberjihad
Registrant Street1:2804 S. Lincoln Ave
Registrant Street2:
Registrant Street3:
Registrant City:Sioux Falls
Registrant State/Province:SD
Registrant Postal Code:57105
Registrant Country:US
Registrant Phone:+1.6059884611
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email:alexisricci@yahoo.com
Admin ID:D128027988480523
Admin Name:Alexis Ricci
Admin Organization:cyberjihad
Admin Street1:2804 S. Lincoln Ave
Admin Street2:
Admin Street3:
Admin City:Sioux Falls
Admin State/Province:SD
Admin Postal Code:57105
Admin Country:US
Admin Phone:+1.6059884611
Admin Phone Ext.:
Admin FAX:
Admin FAX Ext.:
Admin Email:alexisricci@yahoo.com
Tech ID:D128027988480525
Tech Name:YahooDomains TechContact
Tech Organization:Yahoo! Inc
Tech Street1:701 First Ave.
Tech Street2:
Tech Street3:
Tech City:Sunnyvale
Tech State/Province:CA
Tech Postal Code:94089
Tech Country:US
Tech Phone:+1.4089162124
Tech Phone Ext.:
Tech FAX:
Tech FAX Ext.:
Tech Email:domain.tech@yahoo-inc.com
Name Server:NS2469.HOSTGATOR.COM
Name Server:NS2470.HOSTGATOR.COM

The site sits on a server in Houston:

NetRange:       174.120.0.0 - 174.123.255.255
CIDR:           174.120.0.0/14
OriginAS:       AS36420, AS30315, AS13749, AS21844
NetName:        NETBLK-THEPLANET-BLK-16
NetHandle:      NET-174-120-0-0-1
Parent:         NET-174-0-0-0-0
NetType:        Direct Allocation
NameServer:     NS2.THEPLANET.COM
NameServer:     NS1.THEPLANET.COM
RegDate:        2009-03-23
Updated:        2009-03-23
Ref:            http://whois.arin.net/rest/net/NET-174-120-0-0-1

OrgName:        ThePlanet.com Internet Services, Inc.
OrgId:          TPCM
Address:        315 Capitol
Address:        Suite 205
City:           Houston
StateProv:      TX
PostalCode:     77002
Country:        US
RegDate:        1999-08-31
Updated:        2008-05-20
Ref:            http://whois.arin.net/rest/org/TPCM

The data from the whois turns up a name, email address and phone for one Alexis Ricci, which when put into Maltego gets the following hits:

Which in turn gives a hit on an SBCglobal address that puts this person in Texas, not in South Dakota… The phone number that is listed in the WHOIS comes up in databases as a cell phone, but that is about all I am getting at the present time without actually spending money on a backtrace of the number. I suppose I could call it… In the end, I am pretty sure that this is just some hacked data that they used to enter the whois data and set up the site. It would be interesting though to see who and how this domain was paid for. A Google map of the address does put it in a residential neighborhood and in fact there is a house there… More can be done on this but I think its just a red herring.

Anyway,

The site as I said is new, and now has 157 members… All of which I have enumerated because the site is poorly constructed security wise. One can just poll the php tree by ticking a number into the php=? area of the url. Here are some examples of the kiddies!

I have them all now, and many of them were kind enough to give not only email addresses, but also their websites as well as one poor bastard actually used his REAL photo in his! Yeah, hi there, the Indonesian security forces will be coming to see you soon! There is a lot there to wade through with Maltego, but eventually I will have it all collated and post the results on each and every member.

THANKS PHP!

Now, on to the whole connections thing and import here. This site, while crude, is just a hint of the movement that has been happening in the Asia area for some time now. As you may recall, some of the 19 hijackers had meetings in Malaysia and Indonesia before they actually started the operation. Malaysia in fact, is the host country to many of the Jihadi sites on the net now and I suspect that is not only because of the sympathetic groups there, but also the lax computer law in the countries that they reside in. Piradius net has been one of the bigger sites and in this case the site is actually not there, which is a surprise of sorts.

The members of this site also have been active in hacking and defacing sites. Some, like Karkoon above, also have Facebook pages and connections to their other hacking sites. It would seem that at best, these guys are just capable of page defacements at best and not much else. However, the ranks have grown quickly and in fact, with the connections to Ansar (at least one of the members here I have seen before and is in Palestine) could be another arm of the Jihad online. If they got direction and support from the others on similar jihadi sites, then they could be another fly in our collective ointment… That is, once they learn more than just page defacing.

Another thing to note here is that Asian connection again. So far the general populace and the news really haven’t gotten it into their heads yet that the Malay and Indonesian (Asiatics) are also a group to be on the look out for with regard to up and coming jihad movements. What if cells of new Asian Muslim Jihadists start to make inroads at the behest of AQ?

Something to think about…

What also, if these guys are reaching out to the likes of the Baltic jihadis too? Yep.. I have seen traffic… It’s a nightmare of data….

I will continue the sifting and point out the interesting bits…

CoB

Written by Krypt3ia

2010/09/22 at 20:06

4 Responses

Subscribe to comments with RSS.

  1. can i ask what softw you use to track email?

    Ned

    2010/09/23 at 17:59

  2. Maltego

    crabbyolbastard

    2010/09/24 at 01:37

  3. Interesting Malay IP address there too…

    crabbyolbastard

    2010/09/24 at 01:39


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: