(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for the ‘Shahid’ Category

Majahden’s Network

leave a comment »

This is the Majahden network. A distributed jihadist network that includes non DNS sites that serve out php bulletin boards full of jihadi content. Using Maltego I have begun to map them out and try to lock down the Al-Malahem network’s infrastructure. Al-Malahem is ostensibly the media wing post GIMF, of Samir Khan and his “Inspire” magazine.

This is what we are up against… It’s like an ants nest…

Just thought you all might like to see…


Written by Krypt3ia

2010/09/03 at 14:51

Abo Yahya and Metadata Cleaning

with one comment

I recently came across the site above through some searches and I have to say that it kind of surprised me as to the contents sophistication in the hacking/security area. This Abo Yahya is adept at understanding the security intricacies needed to prevent easy detection online (using TOR) and seems quite plugged into the hacker community with videos from a European hacker conference to boot. What really struck me though is the above picture where Abo talks about the metadata problem and how it was used to capture Dennis Raider.

Abo goes on to talk about a script to remove the data from word docs as well, which I guess has been on the minds of some and has been used in tracking the files that the jihadi’s are making. One wonders if the doc files are the only ones he (Abo) has worked out or have they done so with say PDF files? All I know is that there are many more files than just doc files out there that can be used to track you all. However, there is much more to learn isn’t there? Now it seems that Abo and Song of Terror have plans to teach the ways of hacking and information security.

The site goes on to show tutorials in linux command line as well as the flavors of Linux including video tutorials. It would seem that they have been paying attention quite well to the security communities posts and chatter about how to be secure online. Abo also brings out the old jihadi crypto program (mujahideen secrets 2.0) and does a little how to on encrypting all their transmissions. All of these files and programs including a tutorial sweet by GIMF are available for download in various places.. All of which I assume, will give us all the chance to check the metadata and see what they might offer in leads as to who made them.

Meanwhile, there was an interesting little passage below Song of Terror’s video on Linux basics…

Peace be upon you and God’s mercy and blessings be upon you

After reading the topic to Brother, “the grandson of bin Laden,” may God preserve him for a script Rapidleech
The fact was the subject of a great and a quantum leap in the world of Jihad in the era of fighting jihad
In squares, in particular the field of media jihad there is no secret to you delete thousands of links to movies jihadist pretext of combatting terrorism. Here, a modest contribution to me for how to publish links rapidly and participation comes after reading the topic to Brother, “the grandson of Bin Laden,” more than once since the beginning has not sunk in but please God I understand that after you apply some examples so I would recommend reading the first issue of the brother by watching this video

So, Bin Laden’s grandson called all of this a quantum leap in jihad huh? Well, in a sense it is really.. They are learning…. However, just how much can they learn and does anyone really think that they can be as “secure” as they need to be to not get popped? I mean, with all the warning and hand wringing that we in the security community do about the lack of security in the general populace, just how much actually works? All too often the security is lacking in all quarters and I am sure that these guys too will also fail when it comes right down to it.

… And in the case of Abo.. I already know who he is in real life I think… And where he lives… How you ask?


So, what I have learned from this site is that there are certain factions that are more learned about hacking and security. They are now making inroads into the jihadi forums and in fact, this site is directly linked to the alfaloja boys. The very same site that was hacked and brought down by CAUI efforts on the part of certain governments. I guess they took from the incident a certain fear of being popped and recruited more people with the help of Song Of Terror I assume. Of course though, just as the security community posts things or creates software/hacks and releases them, they only serve to allow for follow up and obfuscation due to it being in the open. In the case of this site and others that are showing how to hack, we too now know exactly what they are up to and how we can turn that around on them.

Additionally, one of the nice tasty bits that Abo left for me was a hash for mujahideen secrets:


Which I put into Maltego and began some searches…

I have to do some more tweaks to searches with Maltego here, but, you can see where this program is being mentioned, served out, and talked about. All of these sites make nice launch points with Maltego and some Googling to further explore who is using it… If I can’t read what you’re saying kids, I can at least know WHO YOU ARE. Funny how those little features that make something more secure can be used against you huh?

Anyway, for those interested.. Here is the data using Maltego on the site and its connections. Maktoobblog is a Yahoo site and this particular one is out of the UK. Perhaps soon Yahoo will get wise to the site…

I see you Abo…

inetnum: - org:            ORG-YE1-RIPE netname:        UK-YAHOO-20070216 descr:          Yahoo! Europe country:        GB admin-c:        KW3969-RIPE tech-c:         KW3969-RIPE status:         ALLOCATED PA mnt-by:         RIPE-NCC-HM-MNT mnt-lower:      YAHOO-MNT mnt-routes:     YAHOO-MNT mnt-domains:    YAHOO-MNT source:         RIPE # Filtered organisation:   ORG-YE1-RIPE org-name:       Yahoo! Europe org-type:       LIR address:        Yahoo! UK Ltd 125 Shaftesbury Avenue London WC2H 8AD London United Kingdom phone:          +44 207 131 1495 fax-no:         +44 207 131 1213 e-mail: admin-c:        DR2790-RIPE admin-c:        IG1154-RIPE admin-c:        NA1231-RIPE mnt-ref:        YAHOO-MNT mnt-ref:        RIPE-NCC-HM-MNT mnt-by:         RIPE-NCC-HM-MNT source:         RIPE # Filtered person:         Kerry Woods address:        125 Shaftesbury Avenue address:        London address:        WC2H 8AD phone:          +44 020 7131 1000 fax-no:         +44 020 7131 1213 e-mail: nic-hdl:        KW3969-RIPE mnt-by:         YAHOO-MNT source:         RIPE # Filtered

Follow The Email

leave a comment »

As you all know, I have been using Maltego for some time now but I thought that I would just drop a dime on how I do love the connections it can make for you when you are using it for intelligence gathering. With the new V3 Maltego (CE) you have a lot more latitude in data connections and in making ties between entities or in this case emails from entities, to make a more coherent patter emerge. In the case above, you are looking at the root address I started with. is an old address for Samir Khan, the alleged “creative director” if you want to go all advertising speak, for the Inspire jihad magazine that came out in May/June.

By using Maltego and Google searches I was able to harvest not only the main email that he was using for his now defunct site “” which is, “” but also other interesting tidbits like a xanga account on which he mentions his AIM account as well. Though most of the data that is able to be gathered is older 2004-2008 area, it still can be useful in the context of mapping jihad, or at the very least, mapping out just what social connections he had before going underground (aka heading off to Yemmen to head up Al Malahem) Using the Maltego tailored to just look for email connections to and from, you can get a good idea of not only where he was posting online during that time, but also with whom he was talking to potentially.

Many of the email addresses that came up with this search were also posters to a muslim bulletin board So, they are good hits on my scale of probability that they had traffic with Samir. Now, it would be interesting to follow through further and spike out all the connections for each email. This would make for some HUGE maltego maps, but I would hazard a guess that you would begin to see a pattern in the traffic to specific sites and of course patterns of behavior between individuals. Quite interesting…

Reminds one of a certain Gibson novel doesn’t it?

Anyway, by using this tool you can get a sense of your targets behavior and analyze the traffic that can be found between sites and parties. By looking at the macro-verse view you can see just how these sites and people are connected and in the micro view, you can get details of site domains, users, and other pertinent data that you can use to get a quite full picture of the inner workings of online jihad. However, just on the macro side of gathering email addresses that have had connections between them, you can start to give law enforcement a picture that they can use to start connecting the dots.

In the case of ol’ Sammy, it seems that after his sites kept getting knocked offline (inshallahshaheed was one I reported to Google about 2 years ago) he finally wised up and stopped posting so openly. He then went off to Yemmen to head up their media department is what I am hearing. So just where he is online now is a mystery. It is likely though that he is still posting online to boards and working on sites like al-faloja or, all of whom now are taking more care about being secure.

Another tact I took the other day was to use the “phrase” search of Maltego and put in the sig for Majahden 2.0, the encryption program that the jihadi’s have been using to encrypt email/comms. This turned up quite a bit of traffic between parties when using the “entities” search parameter.

This initial search has given me a group of users to target from there to get email addresses from and any and all data I can from this tool. Rather nice really. So at least if you can’t read what they are writing, you can at least see that they are using the program and who they are conversing with! Of course there is a lot of data to sift and this can be a rather manual process in tracking down leads, but, at least this is targeted research as opposed to trying to read all of their comm’s on the bulletin boards and make connections.

I just wish this program weren’t so dang expensive…


Inspire Magazine Analysis: Going Green for College Age Recruits

with one comment

Now that the file has been around a while, I have gotten around to reading all 61 pages of it and have the following analysis to blog about. After thinking about it a bit and doing some research from data culled from the file and the prose I have to say that yes, this is a slick attempt at recruitment for the teen-twenty somethings in the West. However, when I say slick, I only mean that it has some interesting graphics and methods to get kids to join their cause. On the whole though, it is an uneven piece of propaganda that does harbor some serious portents about things that I have mentioned here before.

  • They are adopting espionage tradecraft
  • They are splintering further down, advocating small independent action cells
  • They are using encrypted communications and advocating for more secure operations online
  • They have begun marketing to the “youth culture”
  • That same “youth culture” that idealists inhabit includes the “green movement” arguments
  • They have begun to adopt the more mainstream propaganda tools of major governments

I have to say, these guys are learning and they I swear that they have begun to read psyops texts as well as advertising age to get to where they think they need to be to win. This is something different, however, this is not as much of a threat to the nation as “they” would have you think it is per their posts and chatter after its release and subsequent hacking/infection by malware.

All they really need to do next is watch “Cool Hunters” on PBS and then apply some more of these tactics.. Then they could maybe sell.. Well, would any Western teen buy into the 72 virgins idea? I think not. So, they try to be slick and all Mad Men, but they fail because of what they are trying to sell…

Religious zealotry and a culture of loving death.

Which, I should think is quite the opposite of the Western mindset. Of course they are trying to get the whole “It’s an adventure” thing going with all the talk of going on site and fighting the good fight, but, it just will not ring true with the majority here in the US. Of course, there are always those who are willing to follow along. I think though, that most will have to be deranged or brain washed by the local Imam and cell mosque in order to really buy  a ticket and bring a friend along for the ride. These folks also more than likely will be originally from other countries that they feel ties to which are re-enforced by this type of rhetoric.

So, here are some observations:

First article attempts to make a “green” argument for jihad and the removal of the US from the area. This is an alleged piece by OBL and claims that all of our problems with the world are oil based and this can be remedied by Jihad. In other words Allah will be loving it if you get the khafir out of the Muslim lands. Once that happens its all good.

This was quite interesting to see OBL getting all green. Somehow I doubt it was actually him doing the writing here. I just don’t see OBL wearing a Greenpeace shirt and protecting a baby harp seal.. Do you?

The articles vacillate between saying if you leave there will be peace to “all khafir must die” There are some wild mood swings in this pdf. Its almost like you were talking to someone under anger management therapy and you have to talk them off the ledge.

Mukhtar’s piece is oriented toward college age males with media board bandito imagery. He also advocates brining a friend and learning the language. This is the very “college” looking piece and is aimed at the twenty somethings. I would hazard a guess too, that the handwritten look is not just a type font, but in fact someone’s actual handwriting. Let the graphologists loose!

Abu Musab Al Suri’s piece advocates small cell/single jihadi terrorism. There is a long section of history and philosophy on their war thus far. They have learned that the agile force is the one that is hard to catch, hard to destroy, and has the most bang for their buck. Thus they are advocating making small bombs at home that could kill 10 people as a process to learning how to make bigger ones. All the while they are using guerrilla warfare tactics and philosophy to sell jihad everywhere. What it boils down to is this: Do this at home and breed fear. This is a dangerous idea because inevitably there will be people who buy into this. The bomb making section has been removed from the document for your and my protection.

Technologically, they are getting more savvy. The writers have given the would be jihadi’s pointers in internet security that include the use of encryption technologies (Al Majahden 2) which I have written about before and have a copy that has been pulled apart. They even go as far as to show how to authenticate that the program is official with hashing sigs. They also are advocating the use of proxies as well as being in internet cafes. Another surprise was a section on cell phone safety too AND the use of live distro’s on USB. It was inevitable as all this is out there on the hacking sites anyway.

In the final analysis, they also put in their pulic key as well as a series of emails to contact with with. Ironically, the actual posting o the pubkey gave me something to use in Maltego and it turned up some very interesting results! I will be chasing those down in the near future as well as more on the email addresses.

I wonder if there will be an issue #2….

I have to say though, that their market of young and impressionable individuals may be swayed by some of their arguments. They do lay them out logically (well their logic) and try to use the tools of the west on itself, but then you hit the sections of “kill all kafir!” and you have to go

“whoa, where was I?”

As a psy-op they have gotten off to an interesting start…

The full file sans bomb making plans can be downloaded HERE The sections omitted have graven images of Muhammad so YAY fatwa’s on me! Take a long swig of something and sit down to read the drivel.


Al-Faloja, Inspire, and Internet Security

leave a comment »

On July 2, 2010, the administrators of the Al-Faloja web forum warned that “enemies of Allah have stolen the account information of one of the Al-Faloja Islamic Forums administrators, and…caused havoc in the forums.” They urged forum members “out of courtesy and out of caution and concern to change” their “personal passwords”, although they “insured the forums and especially the copy that will be brought back…” In a June 9, 2010 posting on the Al-Faloja web forum, administrator Abu al-Aina’a al-Khorasani had warned of an “infiltration operation” targeting “the website of the Islamic Emirate in Afghanistan and the website of al-Sumood Magazine, which belongs to the Emirate.”

Oh my.. Well, it seems that all those links back to my blog were because of this huh? Or was it the other way round? I suppose the logs on the web server will tell me just how many of them had looked in there and seen all the data I had culled over time. or could it have been the mention of CAUI there in the above screenshot translation of my blog entry?

Inquiring minds want to know.. Say, uhh Abu al‐Hawraa, care to enlighten me?


Anyway, this is an interesting turn of events because the word on the street is that other sites have been attacked. Perhaps they have? Perhaps they haven’t.. All I do know is that if you put something out there it is libel to be attacked by hackers, bots, and malware in short order. I mean what was it like 20 minutes or less for an unpatched windows system to survive without protections online last I heard? I hate to tell ya Admin, you are going to be popped any way you do it. Especially if you are dropping sites on servers without really taking care to secure them properly.

Just sayin…

Meanwhile, it seems that the Inspire magazine debacle seems to have been percolating in the background and was augmenting this feeling that they had been pwn3d.

In a July 11, 2010 online posting, an administrator of the Al‐Faloja forum asserted that Al‐Qaida’s  “dangerous” English‐language  “Inspire”  magazine  “provoked”  recent cyberattacks  on  the  forum:  “that  and  nothing  else.” He  also  asserted  that  “Inspire” magazine “is considered a unique transformation and a proactive hit in the history of the standing struggle between Kufr and faith; it even is a media martyrdom operation and I do not exaggerate in this description.” He promised impending “good news of an audio attack that will highly pain you, through one of the media establishments, so await the slap and turn the other cheek for another.”

Full text HERE

Now, their claim is that they were attacked further because of the magazine.. Even to the point that the mag was compromised by a trojan by someone out there looking to do them harm. Maybe…Maybe not. Maybe instead they infected the document themselves huh? After all, the majority of the stuff I have found out there has been created on mostly Windows Xp machines so, perhaps they got infected and just passed it on? Or maybe someone did get in the middle of the uploading process and propagated a new unclean version for all the little jihadi kiddies to download and pwn themselves huh?


Maybe we will never know…

However, on that contention that your product was so revolutionary, uhh yeah, it was slick looking for a cut and paste from a 20 something and a pc in Yemmen, but revolutionary? Nah. It was pretty pedantic really and you should face facts Abu. I certainly did not see it as any kind of threat and I am sure that the government didn’t either really. The media, well, they need things to slather on about to get the ratings really so if you got play from that ok.. you got play, but anyone with a frontal lobe thought it was crap.

So Abu, you are on the defensive now huh? All this has your hackles up? Worrying that your sites, all mirrored, are compromised and your details are being harvested? Shucks, them’s the breaks. You want to have outlets like the php boards you better be prepared to get compromised now and then. I mean, its the Internet man! Everyone gets pwn3d…

Sometimes more than once…. See ya out there Abu


Of Online Jihadist Flunkies and Mapping Online Jihad

leave a comment »

Excerpts from

Student, Online Terrorist Flunkie Arrested in Virginia

In something of a warning to all wannabe online mujahedeen, a 20-year-old student from northern Virginia was arrested today on charges of providing material support to al-Shabaab, the al-Qaida-aligned Somali extremist group.

Zachary Adam Chesser is the guy’s given name. But he went by several others: Abu Talhah, Abu Talhah Al-Amrikee. But Chesser’s highest profile appears to be online, where his sobriquets included TeachLearnFightDie and AlQuranWaAlaHadith. He posted on an apparently defunct blog called and, according to the affidavit of FBI Special Agent Mary Brandt Kinder, and he threatened the lives of the South Park creators for their portrayal of the prophet Mohammed. Searches for his uploaded videos led to the discovery of him getting pwned by one of the Jawa Report guys.

Apparently Chesser intended to put his internet skills to use for the extremist militia. According to the affidavit, Chesser told Menges that al-Shebaab members told him to bring laptops to Somalia, so he could join their media unit, the apparent posting of choice for foreign fighters — much like the rapping Alabaman Omar Hammammi. He wrote a post in June on an unspecified online forum, according to the affidavit, expressing his intent to leave for Somalia and announcing he was “actually leaving for jihad.”

The guy wrote a fair amount online. A different post from January encouraged fellow takfiris to stay fit: “We have to go for jogs, do push-ups, learn firearms, and all kinds of things…. And, perhaps above all, we have to actually go and fight against the disbelievers.” This kind of stuff is increasingly prevalent in the English-language internet. Just last week, a Pennsylvania-based internet hosting service shut down its platform after federal law enforcement officials showed that more than 70,000 bloggers used it to push al-Qaeda propaganda into the cyber-ether.

But he might be part of a recent trend in low-wattage/high-bandwidth self-radicalization. “This case exposes the disturbing reality that extreme radicalization can happen anywhere, including Northern Virginia,” U.S. Attorney Neil MacBride said in a statement. Especially with the aid of Wi-Fi.

From by By Spencer Ackerman

Ok, so there is so much wrong with this article that I just have to call it into question as to if the reporter actually did any kind of “reporting” here. I mean, sources and actual leg work looking into the terminology and technology perhaps? This just seems to me to be more of a poorly worded and thought out scareware piece than anything else there Spencer.

Lets pull it apart a bit…


“Tafkiris” the root of which is kufir or kafir, which means “impure” or those who are excommunicated from the Muslim faith. Uhh yeah, it would be helpful to show that this kid had even LESS of a clue what he was talking about here by pointing that one out Spencer.. IF that is, you had any clue what it meant. I am sure you thought perhaps it was another term for a jihadi or mujahideen.

No.. its not.

This kid had less of a clue than Spencer.. But that ain’t saying much. Lets show a little more of the subtlety here huh?


Just last week, a Pennsylvania-based internet hosting service shut down its platform after federal law enforcement officials showed that more than 70,000 bloggers used it to push al-Qaeda propaganda into the cyber-ether.

As I wrote about yesterday, the whole affair over the blogetery site was not so much the feds saying that there were 70K worth of users pushing jihadist data on there, but instead asked about a couple of their servers that had data on them. You see, as I had reported, the site was a file trading site primarily and it is likely that the jihadi’s just found it easy to put up the files there and leave links elsewhere as they do in many other cases.

I checked Google and only came up with one potential site that had connections to Iranian Muslim propaganda against the west so, I don’t think that this was another “mos eisley” on the internet here. Spencer, do a little research huh? Had this been so riddled with data and grave things indeed, then the Feds would have swooped down either with a warrant to seize the servers or, they would have quietly assumed control with the help of the burst folks to watch and collect data. It was in fact Burst that took the system down for fear of being nailed for copyright infringement as they had already been sniffed around on before.


But he might be part of a recent trend in low-wattage/high-bandwidth self-radicalization. “This case exposes the disturbing reality that extreme radicalization can happen anywhere, including Northern Virginia,” U.S. Attorney Neil MacBride said in a statement. Especially with the aid of Wi-Fi.

WTF? WI-FI is the cause of rapid and widespread jihadi conversion? Spencer what the fuck is this crap being quoted without the benefit of calling the reasoning into question here?

Look, self radicalization can happen with or without WIFI there buddy, and the internet sure does have something to do with that, but, it is not a big deal to say that it EVEN HAPPENED IN VIRGINIA! What the hell man? Any kid or nutbag out there ANYWHERE could turn to Jihad as well as perhaps any other whackjob religious sect and become a terrorist! … And it has nothing to do with WIFI! has been steadily slipping here…

So yeah, this kid is a shmuck. He was being used by Al-Shebab and likely “if” he did have contact with Al-Awlaki then he was being groomed to be the next BVD bomber and not so much a new whizkid at their media arm. I mean fuck, he had no idea what Tafkiri meant!

Here kid.. take this plastic bottle of boom juice, place it in your rectum and pull the chord in flight for us!

Ok! Will I get my 72 raisins?

Tards… (Spencer included)


Awww You Guys! You Didn’t Have To Translate Me Into Arabic! Shucks…

leave a comment »

So yeah, I get up this morning and check my blog stats and lookit who was in there? I guess the jihadi’s have decided that they should pay attention to some things being written about them. I wonder if they did the vanity Google or something.

They even took the time to translate the post into Arabic AND French… Oh my.

Hi guys! I SEE YOU!

Keep it up clowns… I just love the traffic to audit.


Written by Krypt3ia

2010/07/12 at 11:36

Napolitano: Internet Monitoring Needed to Fight Homegrown Terrorism

with one comment

fox news

Napolitano: Internet Monitoring Needed to Fight Homegrown Terrorism

Published June 18, 2010

|Associated Press

WASHINGTON — Fighting homegrown terrorism by monitoring Internet communications is a civil liberties trade-off the U.S. government must make to beef up national security, the nation’s homeland security chief said Friday.

As terrorists increasingly recruit U.S. citizens, the government needs to constantly balance Americans’ civil rights and privacy with the need to keep people safe, said Homeland Security Secretary Janet Napolitano.

But finding that balance has become more complex as homegrown terrorists have used the Internet to reach out to extremists abroad for inspiration and training. Those contacts have spurred a recent rash of U.S.-based terror plots and incidents.

“The First Amendment protects radical opinions, but we need the legal tools to do things like monitor the recruitment of terrorists via the Internet,” Napolitano told a gathering of the American Constitution Society for Law and Policy.

Napolitano’s comments suggest an effort by the Obama administration to reach out to its more liberal, Democratic constituencies to assuage fears that terrorist worries will lead to the erosion of civil rights.

The administration has faced a number of civil liberties and privacy challenges in recent months as it has tried to increase airport security by adding full-body scanners, or track suspected terrorists traveling into the United States from other countries.

“Her speech is sign of the maturing of the administration on this issue,” said Stewart Baker, former undersecretary for policy with the Department of Homeland Security. “They now appreciate the risks and the trade-offs much more clearly than when they first arrived, and to their credit, they’ve adjusted their preconceptions.”

Underscoring her comments are a number of recent terror attacks over the past year where legal U.S. residents such as Times Square bombing suspect Faisal Shahzad and accused Fort Hood, Texas, shooter Maj. Nidal Hasan, are believed to have been inspired by the Internet postings of violent Islamic extremists.

And the fact that these are U.S. citizens or legal residents raises many legal and constitutional questions.

Napolitano said it is wrong to believe that if security is embraced, liberty is sacrificed.

She added, “We can significantly advance security without having a deleterious impact on individual rights in most instances. At the same time, there are situations where trade-offs are inevitable.”

As an example, she noted the struggle to use full-body scanners at airports caused worries that they would invade people’s privacy.

The scanners are useful in identifying explosives or other nonmetal weapons that ordinary metal-detectors might miss — such as the explosives that authorities said were successfully brought on board the Detroit-bound airliner on Christmas Day by Nigerian Umar Farouk Abdulmutallab. He is accused of trying to detonate a bomb hidden in his underwear, but the explosives failed, and only burned Abdulmutallab.

U.S. officials, said Napolitano, have worked to institute a number of restrictions on the scanners’ use in order to minimize that. The scans cannot be saved or stored on the machines by the operator, and Transportation Security Agency workers can’t have phones or cameras that could capture the scan when near the machine

Umm Janet? Yeah, uh, do you have a clue? I didn’t think so.. Would you like to buy one? Look, we all know in the infosec field that you are basically trying to dress up a massive surveillance vacuum program to look all friendly like and harmless. Just how do you propose to “monitor” all these comm’s without just setting up a huge digital driftnet like the NARUS systems in the MAE’s?

We already monitor many of the jihadist websites and chat rooms etc now, so what else would you suggest we do to catch these guys? The only thing I can think of would be to have a searchable (on the fly) database of emails, chats, and all other communications online captured by something like the NARUS STA6400 or its progeny. Something that would just be doing a DPI type of inspection process of ALL traffic to flag for an analyst to look at and pass on.. Gee.. Where have I heard that before.. Hmm ECHELON perhaps? C’mon! This has been being done by the NSA for YEARS!

I have an idea.. Why don’t you call Fort Meade huh?

Here.. I have the phone number for you: 410-674-7170 Ask for DIRNSA.. Phonetically DUR-N-SA

Maybe they can lead you to understanding of the problem and the solution.. A solution they already have and I am sure are NOT willing to share with you.. But, you can at least try.

Frankly, I fear that you Janet, and the DHS, are clearly incompetent in the field of INFOSEC/HACKING/CYBERSEC as well as do not have a mandate, funding, nor staff to really deal with this issue properly. So, uhh yeah, why not just forget about it? Perhaps you should just leave it up to the NSA hmm?

Oh, and yeah, I am not “for” all of this hoovering of the internet’s traffic as a means to an end on “home grown” jihad. I am instead a realist and know that this is how it is. Of course there is an immense amount of data that is passing through the internet every second of every day, so not all of the bad guys can be caught. I also know that much of that data is in the clear and is in fact our every day email that could be spied upon and we have a real privacy issue here… But, what can I do about it huh?

Well, I can at least say that lets leave it to the professionals at the NSA and not in your completely incompetent hands at DHS.



Written by Krypt3ia

2010/06/20 at 10:44

Taliban Webmaster: We’ve Been Hacked!

leave a comment »


Online fans of the Taliban, beware: a website of the Islamic Emirate may have been hacked.

Abu al-Aina’a al-Khorasani, an administrator of an elite jihadi forum endorsed by the Taliban, warns in an online post that “group’s main site and the site of its online journal Al-Sumud,  have been the subject of an ‘infiltration operation.’”

Khorasani’s post on Fallujah forum warns online jihadis “to not enter any of the links that concern these websites, and not even to surf [the content] until you receive the confirmed news by your brothers, Allah-willing. ”

As browsers of the Taliban’s websites know, outages are fairly regular. But a confirmed infiltration may be something new, says Flashpoint Partners’ Evan Kohlmann, who’s been tracking Internet extremists for years.

“The official Afghan Taliban website has, of course, routinely been knocked offline and disabled by cybervigilantes and other culprits, but this would be the first instance that I’m aware of it being actually ‘infiltrated.’  It’s an unsettling prospect for security-minded online jihadists, because such sites can be manipulated by a variety of hostile parties in order to harvest a breathtaking amount of personal data on regular visitors.”

Indeed, in early April, Danger Room snagged a picture used to vandalize the Taliban’s main website, which featured scenes of some of the more notorious acts of brutatlity perpetrated by the Afghan militant group (pictured above).

While authorship of the apparent attack is as yet undetermined, it’s worth noting that the Defense Department stated its intention in the Spring of 2009 to begin shutting down extremist media outlets in Afghanistan and Pakistan.

HACKED!?!? OH NO! Heh, yeah, well this should not be any kind of news to anyone there, but I guess these guys aren’t the sharpest marbles in the bag huh? I mean, what have I been up to all this time? Shucks, and I am not the only one ya know…

Of course you have the odd “jokey” attacks but generally, these guys have been compromised for some time I would expect and they may just now be catching on to it. Of course if you look at my posts on their “tech” section lately, you might see just how savvy they are on the whole of it. They do have some guys who know what they are doing, but no one is as good as Younis Tsouli was back before he got popped in the UK.

At least not that I have seen…

I am sure nothing will change here. If they do take down the sites themselves or with a little governmental help, the jihadi’s will just pop another site up elsewhere and begin to propagandize again all over. It will be a never ending battle really… Unless they get smarter and get some real encryption, VPN tunnels, and dark net type of system that is invite only and rock solid…

I don’t see that happening from their caves…

You never know though… Perhaps they can cobble together something…

Anyway, more developments as I have them from the sites tonight…


Amriki Jihad: The Paradigm Shift In Jihad

with 2 comments

New York Times, 7 June 2010: Two New Jersey men who were bound for Somalia with the stated intention of joining an Islamic extremist group to kill American troops made a brief appearance in federal court in Newark on Monday. . . .

. . . . The suspects, both United States citizens, physically conditioned themselves, engaged in paintball and tactical training, saved thousands of dollars for their trip, and acquired military gear and apparel, according to the complaint. They talked about what they said was their obligation to wage violent jihad, and at times expressed a willingness to commit acts of violence in the United States, the complaint said.

Last Nov. 29, for example, the complaint said that Mr. Alessa told Mr. Almonte and the undercover officer: “They only fear you when you have a gun and when you — when you start killing them, and when you — when you take their head, and you go like this, and you behead it on camera.” He added: “We’ll start doing killing here, if I can’t do it over there.” Mr. Alessa used the Arabic words for gun and killing, according to the complaint.

The next day, said the complaint, he told the officer: “I leave this time, God willing, I never come back. I’ll never see this crap hole. Only way I would come back here is if I was in the land of jihad and the leader ordered me to come back here and do something here. Ah, I love that.” . . . .

Over the last few years, I have been posting about the jihadists machinations on the internet as you know. I have been seeing the trend toward “Americanizing” the process of not only propaganda, but also in recruitment. As time has passed, and AQ has been forced into the tribal areas, they have gone even further online to get their message out and recruit.

At first they were mostly recruiting in the Baltics, and in the Arabic world. Over time though, they began adding English sections, as well as German and French… In fact, they really have gone “global” due to the power of the internet to reach around the world. Add to this too the power of the cell phones today with video and texting, never mind the web browsing capabilities.

So, over time the jihadists have fashioned new programs to bring people to their fold and to train them. You may have seen all of the posts about how they are uploading docs all over the internet on stealth sites as well as places like “megaupload” All of this, to train the recruits, who sit alone in their basements hoping to become brothers in arms, though, in the case of Americans, not necessarily “shahid”

Lately we have begun to see the results of the cyber jihad with Faisal Shahzad, BVD boy, Nidal Hassan, and now these two citizens in New Jersey. I would attribute much of this recruitment not only to the sites that you may have seen me auditing, but also with the jihadi mouthpieces of Anwar Al Awlaki and the new addition of Abdullah Faisal. Both of these guys are American and both bridge the gap between the American sensibilities and the jihadi. They appeal on many levels to would be jihadists here exactly for these reasons.

The net effect now has been to create not “cells” of terrorists, though, sometimes these loners do hook up with cells, but they often are called “lone wolf” operators. These jihadi’s are coaxed into carrying out acts of jihad on their own and with minimal oversight and training. They get to look at their online documents, learn what they can about IED prep and are goaded on by people thousands of miles away to do the work of Allah.

This paradigm shift is scary on many levels.

Just as the Columbine incident showed just how a couple of kids (one really unbalanced one in the lead) could wreak destruction and fear into a society, so too have the jihadi’s found this model that Dillon and Eric already had latched on to. Though, for now, the Columbine incident was far more devastating than Faisal Shahzad even could have been.

So, this leaves us in the US in the position of being information security challenged dealing with an information security problem with communications. Communications on the internet by people who are posting, talking, passing files, and operationally planning in a medium that our government is ill equipped to monitor.

While we hear the news about bills being floated in the senate and house that may give too much power to the government to “protect” the grid, too many are just focused on the wrong threat. Sure, there are threats from cyber attacks, but, frankly, I see more threats from COMINT by jihadists looking to pull off another big attack here in the states.

I guess in the end, no one can monitor everything and not all plots can be detected and stopped. This is something that the we here have to come to grips with.

We will never get them all.

We will have another attack in the US eventually small or large

The perps of this attack are likely to be fringe people who have been called to jihad in their unbalanced minds by the likes of Al Awlaki and they will be US Citizens

Accept these truths

It’s time to redouble our efforts online and try to prevent as many as we can while trying to preserve our constitutional rights… Something that is a task given the technologies at the hands of the monitors.

Lets hope that the government can get out of its own way and work smart…

Meh.. who am I kidding?


Written by Krypt3ia

2010/06/08 at 11:12