Al Qaeda web forum hacked, but why?

WASHINGTON - A popular jihadist Internet forum has been knocked off the Internet, and counterterrorism experts say it appears it was hacked.

Cybersecurity analysts say the al-Shamukh forum appears to have been taken down by a fairly sophisticated cyberattack that hit not only the website, but the server — which is the main computer that enables people to access the site over the Internet.

Evan Kohlmann, a counterterrorism expert who tracks jihadist websites as a senior partner with Flashpoint Partners consultancy in New York, described the site as a key al Qaeda propaganda forum.

He said it bounces around between Internet hosts every few months, but has seemingly been allowed to exist as an open secret, possibly allowing a Western government to use it as an intelligence resource.

"These sites can be like spy satellites, they're great ways of gathering information about your adversaries," he said in an interview late Wednesday. "Bringing them down is like shooting at your own spy satellites. But there are others who don't agree with that."

He said there's been a "struggle behind the scenes" in the U.S. government about whether to allow the site to stay up.

Other cyber experts agreed that the site is a popular jihadist forum.

"The al-Shamukh website had become the most trusted and exclusive haunt for e-jihadists," said Jarret Brachman, a terrorism expert who has spent a decade monitoring al Qaeda's media operations and advises the U.S. government. "If it doesn't come back up soon, the forum's registered members will start migrating to the half a dozen other main forums, all of whom are probably chomping at the bit to replace Shamukh as the pre-eminent al Qaeda forum."

The Defense Department said late Wednesday that it was aware of reports that al Qaeda's Internet operations had been disrupted, but could not comment on the specific incident.

Kohlmann raised the possibility that a government could be behind the website's problems.

If true, this would not be the first time that government officials have sabotaged an al Qaeda website.

U.S. and British officials have acknowledged that British intelligence authorities launched a cyberattack against al Qaeda's English-language Internet magazine, Inspire, taking down directions for bomb-making and replacing them with cupcake recipes.

U.S. authorities had considered knocking the magazine off the Internet but realized it would just go down for a few days, then reappear, according to one U.S. official. The official, who spoke on condition of anonymity because of the sensitivity of the issue, said the U.S. believed it was more productive to keep an eye on the site and glean intelligence from it.

Kohlmann said chatter from another message board known to be frequented by al Qaeda members confirmed that there was a technical problem with the al-Shamukh forum website and that the outage wasn't intentional, such as performing site maintenance.

The fact that the forum wasn't knocked out sooner is revealing. Forcing a website offline can be a relatively easy matter. A so-called denial-of-service attack, which floods a website's servers with enormous amounts of webpage requests is a popular hacking activity. But it apparently wasn't used in this instance. Instead, cyber experts said it was a more complex attack.

Keynote Systems Inc., a California-based company that specializes in measuring Internet and cellphone network response times, confirmed that the site was completely down from 14 cities around the world.

Based on the kind of error the site was giving people who tried to view the site, it is likely that someone stole the domain name and caused traffic to go to the wrong server, or that someone got access to the system and directed it to not return content, said Berkowitz, spokesman for Keynote.

Kohlmann said it appears that the people who control the website were diligent about backing up the content, so it could be back online soon.

NBC News first reported the site was hacked Wednesday.

Comments