by Steven R. Corman

As reported in today’s Arizona Republic, an al Qaeda-linked web site was discovered on the servers of Phoenix-based CrystalTech Web hosting. The site was run by al Ekhlaas, and is one of the more resilient of its ilk. The CrystalTech site at domain name ek-is.org has already been shut down, but its content remains available on two other variants, at http://www.al-ekhlaas.net/forum/ and http://ekhlaas.ws/forum/

MEMRI did a report in October of this year that listed al Ekhlaas on nine different IP addresses hosted on servers in Tampa, Rochester (Minnesota), Phoenix, and Malaysia.  The Phoenix host at that time was also CrystalTech, but the domain name then was alekhlaas.org.  Obviously when they shut that one down, the Bad Guys simply re-established it at on the same ISP using the domain name ek-is.org.  It’s an ongoing game of whack-a-mole.

In a local television interview today I was asked if this indicates increased terrorist activity in our community.  The answer is: Probably not.  Use of the CrystalTech servers was probably more bad luck than anything.  Type “web hosting” into a search engine and you will find hundreds, if not thousands, of ISPs in the United States and other countries that will instantly set up a site for 9.99 a month.  They require no positive proof of identity.  All you need is a credit card (which could be stolen) and you can be up and running in a few hours.  So you don’t have to be in Phoenix to set up a site on a Phoenix ISP.  You could do it from anywhere in the world, and chances are slim that the people running ek-is.org live in town.

What this does indicate is the increasing use of the Internet as a medium of terrorism, and the increasing sophistication of the Bad Guys in evading efforts to limit their use of the Net.  For more see Gabriel Weimann’s piece in the latest CTC Sentinel.