(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for the ‘Jokey’ Category

“Jihobbyists” No More: English-Speaking Western Jihadists Coming of Age

leave a comment »

“We were ordinary members at the al-Ekhlaas forum and we learned a lot from the brothers who took charge of jihadi media work before us—and it is only normal for us to start our own active campaign at the first chance we got. And that’s what we did, so we established this site, and told everyone we knew from the al-Ekhlaas network about this forum…We went outside the usual jihadi media route, but we terrorize in the real world as much as we terrorize online, so whoever wishes to join is welcome, and those who don’t should hold their tongues about us and go away. And although low in number, we are strong in determination, and anyone who joins us will realize that immediately.. say, if any of the brothers at al-Fajr Media wishes to receive assurances about us and if you are in communication with them, then inform them that we would like to meet with them. We ask them to come here and distribute a bulletin outlining the action plan for the al-Ansar network—and we are willing to blow ourselves up near the infidels at any moment, and if they have enough resources to provide us with the necessary financing, then a terrorist is ready.”

Full post HERE

CTC Sentinel Report on Al-Ansar Network

My report on Al-Ansar Network Map

“Hapless wannabe’s” is the term used for the likes of Jihad Jane before her little trip to Europe to attempt to assassinate a cartoonist. Or, maybe you would like to talk about Nidal, and his spree shooting incident instead. Both have touches of being spurred on to committing these crimes by the online jihadist networks as “lone wolf” actors.

Who or what are these jihadist networks online?




… and the list goes on. Many of them now customed out with English mirror content (almost mirrored, sometimes the translations differ) to make it easier for the non Arab US/UK Muslim or in the case of Jane, Nidal, and Abdumutallab, mentally unbalanced individual to wage jihad.

English however, is just a subset now and these sites are popping up in German as well as Malay, Thai, etc. The jihadists are branching out with franchise opportunities. Many of these sites you may have seen here on this blog of late as I have been mapping them and writing about these changes.

So how do we police this? Obviously in the case of Nidal and Jane, they were known to have ties and or conversations online with known actors. Yet, they were allowed to walk about until they finally “went off” Why is that? Perhaps they weren’t being tailed online as well as they could be? Perhaps they were just deemed to be “hapless” and non threats?

*scratches head*

I dunno.

What I do know though is that Jane is just one in perhaps many more to follow on the Muslima jihadi path. These sites have been lately developing a content area(s) for muslim women to become shahid.

It’s the next wave.

What I want to know is: “How is this news to anyone in the CT arena?” This has been going on for months now. I can see the media just picking up on this, but the CT folks should be up on this.

Anyway, what needs to happen here? These sites to be taken down permanently by governments? Used for surveillance and capture? Perhaps a little agent provocateur action?


We can just DoS them for 30 minutes at a time… Oh, wait, that’s useless.

It’s an interesting question and I don’t have the full answer. I believe though that they should be used against them. These sites should be p0wn3d and all data harvested. Agent provocateurs inserted into each and every one of them and arrests made. Not just one’sy two-sy arrests either. For that matter get the intel and send in the predators.

In short use them as the OSINT/INTEL sources that they are.

Keep your eyes on the news people. I expect to see more women and lone wolf actors to come.


Written by Krypt3ia

2010/03/11 at 20:01

Al-Ansar Jihadist Site: Mapping Jihad

with 8 comments

Seeing the traffic lately on Twitter between @allthingsct and Jokey, I thought it prudent to once again put some perspective on jokey’s little venture and how futile it really is. So, I bring to you this report I have generated on “Ansar-AlJihad”, a consortium of sites that are run by the same “persons” of interest and serve up jihadi content and links.

The picture above is a stealth mirror site of Ansar. The site is located in the US on a server that I assume the owners do not know has been compromised. This is just one of twelve sites that Ansar has stood up on varying servers and domains. Several of these sites all reside on IP addresses out of the US but being registered domains whose owner claims to be in Brussels.

The stealth site is physically located in Provo UT:

While the other sites primarily reside in Washington State:

The last site is physically located in Malaysia, which interestingly enough is a very active area for jihadi activity these last few years. All of these sites though, mirror the data that is updated consistently over all sites. Thus, should any site be taken down or denied service, one can just go to the next in line located on the main page, and get your jihadi content.

The addition of the stealth site proves the point that even IF all of the sites were to be taken down, they would indeed back up to the stealth site strategy and just keep popping sites to upload to. So, jokey’s little idea that just annoying them offline forever and they will just go away is a fallacy at best and half baked logic at worst.

Meanwhile, let’s consider the other way to deal with these sites. By tracking them, their users, and their data.

By looking at the domains, the home IP addresses, and the links as well as the data on these sites you can get a pretty good picture of who may be setting up these sites and who may be using them. In the case of Al Ansar, I was able to use Maltego to get a line on one site of interest that gave up a solid name and email address.

Maltego’s here:

The Maltego made the connection between the Ansar site and three Blogspot accounts. The one that was the most of interest was

The owner of this site actually used a hotmail address and a name to set up the blog.

This address was used in a few posts on Yahoo and not much else. However, I am sure that the authorities would be able to talk to M$ about opening that one up and seeing who said what to whom. Of course given the recent flap with Cryptome and the M$ guide for LEO’s I am quite sure they have all the logged traffic and can provide it when asked.

So, as you can see, with a little footprinting, a little digging, and some patience, you can do a lot more than just DDoS a site offline. You can in fact provide the authorities with the data needed to maybe catch these guys instead of drive them under the digital carpet.

My hope is that these sites are already in the hands of the authorities here in the states and their traffic being logged. It would be great to see that the server had been set up to have all the captures taken so even if the jihadists were using proxies they could at least track those too. It’s all links in a chain that can be followed to the source.

It may also be a key practice that these sites are not only watched, but also being actively added to by the authorities here. One would hope that they would be members on these sites also, adding content to “disinform” the jihadi’s and catch them in the act.

Ahh well.. One can hope huh?

Needless to say, I have posted the findings report to the feds and will wait to see what they do…