Did the Bad Guys Scuttle Their Own Forums?

by Steven R. Corman

Today the Washington Post reports that AQ Web Forums were “abruptly” taken down.  Abruptly?  Well not if abruptly means suddenly, as in it just happened.  This story has been circulating in the blogs for months, and it’s more like there have been a few waves of take-downs.  It even blipped-up elsewhere in the MSM one month ago.

Will at Jihadica reported on a wave of take downs on June 10th, then another on September 21st, then yet another on October 27.  CBS scooped WaPo on it a month ago, re-reporting a story in the Hindustan Times.  It said the spooks were blaming it on e-vigilantes Aaron Weisburd and Rusty Shakleford.  They deny it.  Marisa at Making Sense of Jihad is skeptical of the alleged gubmint explanation too.  To add further to the confusion, Will reports that some of the forum operators are blaming it on Shia groups who are supposedly retaliating for hacks of their sites.

Well, how intriguing!  Let me add my own $0.02 on this.  To start with, I have been told that the gubmint doesn’t want these sites taken down because they are useful source of intel.  This make sense, too, because if they did want the sites taken down they would have done it a long time ago and it would be child’s-play for them.  So unless something has suddenly changed that makes these sites useless for intel purposes, the gubmint is not a likely source of the take-downs.

Did the e-vigilantes do it?  They say they are not hackers, but who knows for sure.  They at least claim to be White Hats in the e-terrorism game, so its conceivable they were involved.  Or maybe the Shia groups did it.  Yet neither of these scenarios really makes sense because forums have remained off.

I have been able to find no account of the circumstances under which they went down.  But to the best of my knowledge, all the common attacks against web sites are “temporary” in the sense that once you discover them you can correct the security breach and get back up and running (unless you’re some kind of massive operation like Amazon.com and they have hosed your back-end processes).  On a small forum, even if someone scrambled the forum databases, you could reset and start with zero post history.

If all else fails, you can just move to a new IP address and start from scratch.  The Bad Guys do this all the time in response to take-downs by ISPs.  You can sign up with a new ISP that provides plug-and-play forum software and be running with an IP address within an hour, and have a registered domain name within several hours.

So while any number of parties could have taken down some forums, I’m really scratching my head trying to figure out why they have remained down.  One explanation  I haven’t seen anyone suggest so far is that the Bad Guys have themselves taken these forums down.  Perhaps they decided they were too good a source of intel for their enemies.  Or maybe they uncovered some kind of threatening operation and pulled the plug.

This is really the only explanation I can think of that fits with the facts mentioned above, and explains why the sites have gone down and stayed down. If you have an alternative theory, please post a comment.

UPDATE 10/20

Will at Jihadica, reports that two of the extremist sites are back up.  More are supposedly to follow shortly.  Still no explanation for why they did not come back up more quickly, so this still doesn’t make sense.

UPDATE 10/23

More coverage from The Guardian and Christian Science Monitor playing-up the Shia hackers angle.

5 Responses to “Did the Bad Guys Scuttle Their Own Forums?”

Read below or add a comment...

  1. TCHe says:

    That’s a question I’ve been asking myself, too. While I’m not exactly an expert on web technology, even I know that it usually doesn’t take that long to get a website back online.

    But why would they do it shortly before 9/11 when there’s an eagerly awaited UBL video to post?

  2. taipan says:

    Well for what’ my opinion is worth; it appears to me to be a news blackout that is in effect from the Terrorists.

    News blackouts usually precede bad things, so being the eternal skeptic I suggest this is a preliminary move as part of an impending attack.

    To support this view, I would say they white hat hackers have been very successful in penetrating and disrupting video’s on symbolic anniversaries, the Terrorists are totally out of their sphere or expertise (assuming they have one!) it would make sense that the Terrorists would prefer media saturation after the event and not have hassle of being be blocked out of their own media outlets.

    I envisage this is a temporary news blackout as ideologically warped terrorists continually need to get the message out.

    Nothing would make me happier to be wrong!


  1. […] VERSION: read COMOPS  piece which is more insightful and ”ahead of the curve” than the WAPO […]

  2. […] Steve Corman – Did the Bad Guys Scuttle Their Own Forums? […]