(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for September 2010

9/11 9 Years Later and The Paradigm Shift In Terrorism and Antiterror

leave a comment »

Nine years after 9/11 and just where are we in the battle against terrorism? Have we been agile and learned as a people how to deal with terrorism as a whole or have we failed at even seeing the rudiments of what is happening? Who are the terrorists today and what is their aegis? Most of all, where do we go from here and have we just been lucky to have not been hit with another large scale attack?

These are some of the questions asked by the Bipartisan Policy Center in their paper “Assessing The Terrorist Threat” and I have to say, quite an interesting, if not disheartening read. The white paper is a fact statement on where we are in understanding terrorism as a whole today as well as how to potentially fight against it and protect ourselves from it. I guess the real point though that must be made is that we can only try to protect ourselves against it but in the end as the quote was cited from the IRA after failing to kill Margaret Thatcher in 1984;

“Today we were unlucky, but remember we only have to be lucky once. You will have to be lucky always.”

It’s a particular statement that actually has made its way into the security industry many times over the years in my experience when talking about attacks and trying to prevent them. The reality of it though is very prescient.

We will miss something sometime and we will not be as lucky as we have been with the attacks by Faisal Shahzad or Umar Farouq Abdulmutallab. In short, there is no fool proof protection against a lone gunman (or bomber)  bent on killing someone and we need to get that through our heads as a country first. We need to deal with things a little more judiciously and not so much as a knee jerk reaction, which was our default position post 9/11.. and for about 8 years.

Evolving Jihad:

Since 9/11, Al Qaeda has been on the run but it has changed its methodology of outreach as well as its operational methods because of this very fact. As we set loose the dogs of war thinking that we could bottle up the genie that had been uncorked earlier, we instead set in motion a paradigm shift with our actions. This was exacerbated by the failure to capture or kill (more capture than kill as mandate) OBL and Ayman. They are still the titular standard bearers for the movement and as any good tactician would do, assessed the terrain and the situation and changed gears to best suit their end goals. In this case, the already used “cell” mentality (independent cells working semi autonomously) was modified to make them more autonomous as well as to become propaganda wings as well as fighting units.

In short; if Osama could not come to the cell, then the cell would operate on its own with little oversight.

  • Commanders would be given more autonomous operational latitude and marching orders to recruit not only from the Middle East, but everywhere that the internet can reach. If the enemy has you cornered, then you use your assets (fifth column) behind enemy lines.. In this case recruit Westerners.
  • Attacks would not have to be spectacular events like 9/11 but smaller, these will only serve to make the enemy unbalanced, scared, reactive
  • Affiliate (Franchise) between groups to have assets everywhere
  • En-culture the “lone wolf” individuals through the e-jihad to act (no need for money or training or visits to jihadi camps aka Nidal Hassan)
  • Incorporate a set of “westernized” communications methods (inspire and English jihadi boards) to get the message out to converts and emigre’s
  • Sow propaganda to youth (western) because they are most susceptible to it (inspire’s “green” message from OBL for example) to get them on board

All of these processes have been instituted over the last 9 years as we attempted to fight the war in Iraq (creating AQI Al Qaeda in Iraq and Zarqawi) and Afghanistan, all the while dividing our forces and efforts. Both of these actions did little to destroy AQ, and in fact only succeeded in fragmenting AQ more, and creating their terror 2.0 means and methods.

AQ need not be destroyed now because in the grand scope of things, it is just a banner to flock to.

So it is now that this report and the non partisan group creating it, has hit the nail on the head. AQ has evolved and is still evolving while our counter terrorism efforts and war fighting has not. An example of this would be just how long it took the US and the Army to declare that Iraq had become and Insurgency and war fighting operations needed to be counter-insurgent. It took too long. Who was to blame? Can we be  more agile? More importantly, can we learn from this white paper and adapt our methods too counter theirs?

The New Jihadi:

Somali’s: Another trend found in the white paper is the shift of recruits from the west as the propaganda begins to take hold. The largest of this group has been the Somali’s. In the US groups of young US boys of Somali descent started to disappear from places like Minnesota. They turned up in Somalia and Yemen training for Jihad and fighting with AQ/AQAP/Al-Shebab (the youth) Just how they were radicalized is not really known, but it can be assumed that the internet had something to do with it. All of the boys came from non radical middle class homes and showed no outward tendencies… Then they just disappeared.

Caucasians: Jihad Jane, Adam Gadahn,  and others who may be true converts to Islam or just mentally ill individuals, have also been another mine to plum by AQ. As the response to jihadist terror was to look for anyone brown and strange, this paradigm shift to “white and acclimated” seems a natural enough approach. As lessons learned, one might just take a look at the Russian illegals program that was just taken down to see how that works. One wonders then just how many of this type of jihadi is being groomed now to infiltrate for later activation? As the paper says, it does not need to be a big attack to set this country off running in a new scared direction.

Asiatics: AQ has been heavily recruiting and active in Malaysia and other pacific rim countries with Muslim populaces. This is mentioned in the white paper but only briefly. I would add to that area that MUCH of the jihadi online sites are now hosted within Malaysia as well as have large Malay language sections. As this has mostly fallen off the radar, or not been on it to start, this needs to be addressed.

In all, the idea that jihadists are just Middle Eastern is a fallacy and the public as well as certain portions of the government and security infrastructure needs to be cognizant of this. The makeup of the jihadi is no longer a mono-type.

Jihad 2.1 E-Jihad

The last part of this picture is not really covered in this white paper and I think they are missing a large piece of the puzzle. This is the online piece. Not only the propagandizing online but also the use of the internet as an attack vector now. I don’t really want to say the bugaboo word, but I guess I have to.. “cyber-warfare” uhoh, there I said it…

What I have been seeing online in the last couple of years is a new tasking of jihad online. With the endless news cycles on cyberwar, the jihadi’s have been paying attention and have been trying in small steps to learn the means to this end. A recent search I carried out, made the linkage between the Shamikh site and the Gaza Hackers. Another search turned up evidence that Eastern European hackers are now getting involved in some of the jihadi propaganda as well. If this trend continues then we are about to see more activity online by those jihadi’s with technical skills and an ax to grind.

It was even hinted at yesterday that a current email worm/virus/malware that hit many email systems was in fact created by a jihadist hacker organization. This was only a matter of time really.

So where does that leave us? It leaves us with a new battle space that our government and military are still trying to understand and to formulate plans, actions, and groups to contend with.. Though, in 2008 Al-faloja and other sites were taken down as part of a large honeypot sweep by “unknown” governments. Coincidentally, that happened around the anniversary of 9/11… So maybe we will see some more of that today huh? In any case, the net effect though, was that the jihadi’s began to study computer security and hacking.

Net/net we are screwed in many ways.


This country has much to learn about being agile in dealing with AQ and its spawn. We have been too busy with the brute force attempts at blowing them up with military might and not so much spending time to understand the enemy so as to outwit them. Granted, the attacks by the drones program that the Obama administration put into place has been very effective at containment and keeping the AQ HQ unbalanced. This program though, has been very divisive in the general community for its secrecy and collateral damage, but, its been working.

This will not however help with all of the cells out there now spawned by our actions and OBL’s call to arms.

In the end, this war will never end as long as there are people who wish to fight it and a banner to flock to.

Written by Krypt3ia

2010/09/11 at 12:56

Alfaloja, Shamikh1, and Gaza Hackers

leave a comment »

There’s an article on that talks about the hack attacks in 2008 around 9/11 that happened to the boys at Faloja. Evidently the faloja kids are worried again that they are about to get popped this weekend too because they keep hitting my post on this site about that… And they should be worried I think. We will see what the weekend brings.

Meanwhile, I took a look at Shamikh1, one of the sister sites to ansar and faloja. While I was poking about with Maltego on this site I interestingly came up with a link to another site,, which is a new one for me. It seems that the kids at gaza hackers also have connections with shamikh, which plays to the whole “security” bent that the jihadis have had since those attacks took their sites down in 08.

For a security site though, they seem to be freely giving out their email addresses and their user ID’s on this site. If they are worth their salt though, they are using the usual precautions of TOR and other methods of obfuscation, but, everyone makes mistakes… Maybe some of them have. As you can see from the maltego map, they tend to use short usernames in the hotmail addresses, somewhat random ones too. I will have to do some more searches to see where else they post and what they are saying… This could be interesting.

Lets see what the weekend brings…

More soon


Written by Krypt3ia

2010/09/10 at 11:33

leave a comment » came up in a search of mojahden itself. Now you can see all the email trails between jihadi groups on Yahoo.

Click it for the hi-rez

Written by Krypt3ia

2010/09/07 at 19:22

leave a comment »

Qoqaz is the Chechen jihad site that has been a source for much of the jihadi connection making early on. The above is a 2 transform session on “” I was surprised at the amount of connections made but hell, I have time…

Next I will take a poke at… CoB

The Registry database contains ONLY .COM, .NET, .EDU domains and
21st Street
Bldg 2312
Dubai,  32432
Domain name: QOQAZ.COM
Administrative Contact:
Oruc, Husyin
21st Street
Bldg 2312
Dubai,  32432
Technical Contact:
Oruc, Husyin
21st Street
Bldg 2312
Dubai,  32432
Registration Service Provider:
Jump Domain
Registrar of Record: TUCOWS, INC.
Record last updated on 25-Jul-2008.
Record expires on 01-Jul-2011.
Record created on 14-Sep-1999.
Registrar Domain Name Help Center:
Domain servers in listed order:
Domain status: clientTransferProhibited

The Registry database contains ONLY .COM, .NET, .EDU domains andRegistrars.Registrant: Qoqaz 21st Street Bldg 2312 Dubai,  32432 AE
Domain name: QOQAZ.COM

Administrative Contact:    Oruc, Husyin    21st Street    Bldg 2312    Dubai,  32432    AE    +971.42728893 Technical Contact:    Oruc, Husyin    21st Street    Bldg 2312    Dubai,  32432    AE    +971.42728893

Written by Krypt3ia

2010/09/04 at 13:30 —> = Sword Azzam?

with one comment

The Majahden network is rather large but easily it yields email addresses and a plethora of data to work with. In this set of searches I cam across the user name and address TNT_ON and his email By using Maltego and Google, I was able to locate a page that showed me that TNT_ON is evidently the creator of bitfrost, the hacking program… Or perhaps he worked on it… In any case, the page yielded another hotmail address (jihadi’s LOVE hotmail btw) which gave me the above Maltego search.

You can see the connections between the accounts, the user, and the sites that he has been frequenting… Even to the point that his last post was 52 minutes ago on the mujahideen network…

Hmmmm I need to do some more searches but I think I will have a real name soon…


Written by Krypt3ia

2010/09/04 at 01:47

Majahden’s Network

leave a comment »

This is the Majahden network. A distributed jihadist network that includes non DNS sites that serve out php bulletin boards full of jihadi content. Using Maltego I have begun to map them out and try to lock down the Al-Malahem network’s infrastructure. Al-Malahem is ostensibly the media wing post GIMF, of Samir Khan and his “Inspire” magazine.

This is what we are up against… It’s like an ants nest…

Just thought you all might like to see…


Written by Krypt3ia

2010/09/03 at 14:51

Abo Yahya and Metadata Cleaning

with one comment

I recently came across the site above through some searches and I have to say that it kind of surprised me as to the contents sophistication in the hacking/security area. This Abo Yahya is adept at understanding the security intricacies needed to prevent easy detection online (using TOR) and seems quite plugged into the hacker community with videos from a European hacker conference to boot. What really struck me though is the above picture where Abo talks about the metadata problem and how it was used to capture Dennis Raider.

Abo goes on to talk about a script to remove the data from word docs as well, which I guess has been on the minds of some and has been used in tracking the files that the jihadi’s are making. One wonders if the doc files are the only ones he (Abo) has worked out or have they done so with say PDF files? All I know is that there are many more files than just doc files out there that can be used to track you all. However, there is much more to learn isn’t there? Now it seems that Abo and Song of Terror have plans to teach the ways of hacking and information security.

The site goes on to show tutorials in linux command line as well as the flavors of Linux including video tutorials. It would seem that they have been paying attention quite well to the security communities posts and chatter about how to be secure online. Abo also brings out the old jihadi crypto program (mujahideen secrets 2.0) and does a little how to on encrypting all their transmissions. All of these files and programs including a tutorial sweet by GIMF are available for download in various places.. All of which I assume, will give us all the chance to check the metadata and see what they might offer in leads as to who made them.

Meanwhile, there was an interesting little passage below Song of Terror’s video on Linux basics…

Peace be upon you and God’s mercy and blessings be upon you

After reading the topic to Brother, “the grandson of bin Laden,” may God preserve him for a script Rapidleech
The fact was the subject of a great and a quantum leap in the world of Jihad in the era of fighting jihad
In squares, in particular the field of media jihad there is no secret to you delete thousands of links to movies jihadist pretext of combatting terrorism. Here, a modest contribution to me for how to publish links rapidly and participation comes after reading the topic to Brother, “the grandson of Bin Laden,” more than once since the beginning has not sunk in but please God I understand that after you apply some examples so I would recommend reading the first issue of the brother by watching this video

So, Bin Laden’s grandson called all of this a quantum leap in jihad huh? Well, in a sense it is really.. They are learning…. However, just how much can they learn and does anyone really think that they can be as “secure” as they need to be to not get popped? I mean, with all the warning and hand wringing that we in the security community do about the lack of security in the general populace, just how much actually works? All too often the security is lacking in all quarters and I am sure that these guys too will also fail when it comes right down to it.

… And in the case of Abo.. I already know who he is in real life I think… And where he lives… How you ask?


So, what I have learned from this site is that there are certain factions that are more learned about hacking and security. They are now making inroads into the jihadi forums and in fact, this site is directly linked to the alfaloja boys. The very same site that was hacked and brought down by CAUI efforts on the part of certain governments. I guess they took from the incident a certain fear of being popped and recruited more people with the help of Song Of Terror I assume. Of course though, just as the security community posts things or creates software/hacks and releases them, they only serve to allow for follow up and obfuscation due to it being in the open. In the case of this site and others that are showing how to hack, we too now know exactly what they are up to and how we can turn that around on them.

Additionally, one of the nice tasty bits that Abo left for me was a hash for mujahideen secrets:


Which I put into Maltego and began some searches…

I have to do some more tweaks to searches with Maltego here, but, you can see where this program is being mentioned, served out, and talked about. All of these sites make nice launch points with Maltego and some Googling to further explore who is using it… If I can’t read what you’re saying kids, I can at least know WHO YOU ARE. Funny how those little features that make something more secure can be used against you huh?

Anyway, for those interested.. Here is the data using Maltego on the site and its connections. Maktoobblog is a Yahoo site and this particular one is out of the UK. Perhaps soon Yahoo will get wise to the site…

I see you Abo…

inetnum: - org:            ORG-YE1-RIPE netname:        UK-YAHOO-20070216 descr:          Yahoo! Europe country:        GB admin-c:        KW3969-RIPE tech-c:         KW3969-RIPE status:         ALLOCATED PA mnt-by:         RIPE-NCC-HM-MNT mnt-lower:      YAHOO-MNT mnt-routes:     YAHOO-MNT mnt-domains:    YAHOO-MNT source:         RIPE # Filtered organisation:   ORG-YE1-RIPE org-name:       Yahoo! Europe org-type:       LIR address:        Yahoo! UK Ltd 125 Shaftesbury Avenue London WC2H 8AD London United Kingdom phone:          +44 207 131 1495 fax-no:         +44 207 131 1213 e-mail: admin-c:        DR2790-RIPE admin-c:        IG1154-RIPE admin-c:        NA1231-RIPE mnt-ref:        YAHOO-MNT mnt-ref:        RIPE-NCC-HM-MNT mnt-by:         RIPE-NCC-HM-MNT source:         RIPE # Filtered person:         Kerry Woods address:        125 Shaftesbury Avenue address:        London address:        WC2H 8AD phone:          +44 020 7131 1000 fax-no:         +44 020 7131 1213 e-mail: nic-hdl:        KW3969-RIPE mnt-by:         YAHOO-MNT source:         RIPE # Filtered