UPDATE: Analysis of the attack available here: The Game of Whack-A-Mole: Was Al-Shamukh Hacked?
* * *
Reports are circulating that indicate unidentified hackers have caused a major disruption to online communications channels used by the terrorist organization Al-Qaeda.
Flashpoint Partners' Evan Kohlmann, whose research was key to NBC news breaking the story, said the online terrorist forum was not merely compromised or defaced, but had actually been "wiped clean".
“Al-Qaeda's online communications have been temporarily crippled, and it does not have a single trusted distribution channel available on the Internet," said Kohlmann.
Kohlmann indicated that the attackers used “relatively sophisticated techniques” and that the network will probably take several days to return to an operational state.
"Al-Qaeda the brand name just lost its broadcast channel. The last time this happened (exactly one year ago), Al-Qaeda waited for over ten days until their then-officially sanctioned forum managed to get back online before releasing any new material... So far, all they've admitted (in messages posted on other forums) is that they've encountered ‘technical problems’ with the site and are working to bring it back online ‘shortly’," Kohlmann stated.
"Tango down" is the trademark Twitter message usually issued by The Jester when targeting a website with his XerXeS DoS tool, but no such posting was issued relating to the Al-Qaeda network attacks.
The Jester is known mostly for his repeated denial of service attacks on militant Jihadi websites (video), a psy-ops campaign against Libyan loyalists, as well as his attack on the WikiLeaks website in late November that forced the organization to shuffle Internet hosting providers.
“Hacking attacks by amateur cybervigilantes typically involve one technique, be it DDOS or SQLI. This particular event began as a basic domain hijacking, which does tend to happen every so often," Kohlmann told The Tech Herald.
“Then, about 12 hours later, the server hosting the site itself was blanked out via unknown methods. These forums are fairly well-protected against run-of-the-mill SQLI attacks -- if you are representing Al-Qaeda on the web, you somewhat have to expect that people from the peanut gallery will try and interrupt your efforts," Kohlmann said.
Others speculate that due to the sophisticated nature of the attacks, there may be state-sponsored actors involved. This seems to be a less likely scenario, as Western governments have long had the ability to disrupt these communications channels, but typically monitoring and gleaning data from the terrorist forums is more useful in terms of intelligence operations.
Kohlmann indicates that there likely was important data regarding communications and operations on the network servers prior to their being erased, another indication that the culprits are probably independent actors.
“I don't know if the party responsible was able to grab the underlying forum data files, but I certainly hope so. Those files contain records of IP addresses and private messages sent between users. Since the user database of this forum includes actual armed militants on frontlines from Somalia to Afghanistan, I imagine that information would be quite useful to the proper authorities. It would be like Al-Qaeda meets WikiLeaks," Kohlmann explained.