Center for Strategic Communication

by Steven R. Corman

Today the Washington Post reports that AQ Web Forums were “abruptly” taken down.  Abruptly?  Well not if abruptly means suddenly, as in it just happened.  This story has been circulating in the blogs for months, and it’s more like there have been a few waves of take-downs.  It even blipped-up elsewhere in the MSM one month ago.

Will at Jihadica reported on a wave of take downs on June 10th, then another on September 21st, then yet another on October 27.  CBS scooped WaPo on it a month ago, re-reporting a story in the Hindustan Times.  It said the spooks were blaming it on e-vigilantes Aaron Weisburd and Rusty Shakleford.  They deny it.  Marisa at Making Sense of Jihad is skeptical of the alleged gubmint explanation too.  To add further to the confusion, Will reports that some of the forum operators are blaming it on Shia groups who are supposedly retaliating for hacks of their sites.

Well, how intriguing!  Let me add my own $0.02 on this.  To start with, I have been told that the gubmint doesn’t want these sites taken down because they are useful source of intel.  This make sense, too, because if they did want the sites taken down they would have done it a long time ago and it would be child’s-play for them.  So unless something has suddenly changed that makes these sites useless for intel purposes, the gubmint is not a likely source of the take-downs.

Did the e-vigilantes do it?  They say they are not hackers, but who knows for sure.  They at least claim to be White Hats in the e-terrorism game, so its conceivable they were involved.  Or maybe the Shia groups did it.  Yet neither of these scenarios really makes sense because forums have remained off.

I have been able to find no account of the circumstances under which they went down.  But to the best of my knowledge, all the common attacks against web sites are “temporary” in the sense that once you discover them you can correct the security breach and get back up and running (unless you’re some kind of massive operation like and they have hosed your back-end processes).  On a small forum, even if someone scrambled the forum databases, you could reset and start with zero post history.

If all else fails, you can just move to a new IP address and start from scratch.  The Bad Guys do this all the time in response to take-downs by ISPs.  You can sign up with a new ISP that provides plug-and-play forum software and be running with an IP address within an hour, and have a registered domain name within several hours.

So while any number of parties could have taken down some forums, I’m really scratching my head trying to figure out why they have remained down.  One explanation  I haven’t seen anyone suggest so far is that the Bad Guys have themselves taken these forums down.  Perhaps they decided they were too good a source of intel for their enemies.  Or maybe they uncovered some kind of threatening operation and pulled the plug.

This is really the only explanation I can think of that fits with the facts mentioned above, and explains why the sites have gone down and stayed down. If you have an alternative theory, please post a comment.

UPDATE 10/20

Will at Jihadica, reports that two of the extremist sites are back up.  More are supposedly to follow shortly.  Still no explanation for why they did not come back up more quickly, so this still doesn’t make sense.

UPDATE 10/23

More coverage from The Guardian and Christian Science Monitor playing-up the Shia hackers angle.