Al-Qaeda’s main Internet forums have been offline for more than a week in what experts say is the longest sustained outage of the Web sites since they began operating eight years ago.
No one has publicly asserted responsibility for disabling the sites, but the breadth and the duration of the outages have prompted some experts to conclude that the forums have been taken down in a cyberattack — launched perhaps by a government, a government-backed organization or a hackers’ group.
The first Web site, Shumukh al-Islam, a primary source for al-Qaeda videos and messages, went down March 22, and since then four others have gone dark. Shumukh reappeared briefly Monday before going down again. A message claiming to be from the site’s administrators said that it would be back up “as soon as possible.”
The administrator of a second-tier al-Qaeda site recently posted a message on an online forum saying that “the media arena is witnessing a vicious attack by the cross and its helpers on the jihadi media castles.”
Officials in the United States and elsewhere have long been concerned about sites associated with al-Qaeda. Those sites have been used to call for violence against Western targets and to try to recruit Islamist extremists to carry out attacks.
There is still some uncertainty about whether a cyberattack caused the recent outages, and skeptics note that some prominent al-Qaeda forums remain online. U.S. government agencies, including U.S. Cyber Command, had no role in the outages, according to officials who would speak about the issue only on the condition of anonymity.
Still, Will McCants, a former State Department counterterrorism official who is a senior fellow at the Homeland Security Policy Institute at George Washington University, said that, given the number of sites affected and the duration of the outages, “it sure looks like a takedown.”
If it is a technical problem being addressed by site administrators, “usually they will get on another site and say we’ve got administrative problems,” McCants said.
The last lengthy blackout of al-Qaeda Web forums took place in the summer of 2010, when British intelligence officials disrupted the launch of an online magazine produced by the network’s affiliate in Yemen. In that case, the most prominent al-Qaeda site at the time, the forum al-Fallujah, was dark for at least seven days, said Evan Kohlmann, senior partner at Flashpoint Global Partners, which tracks the sites, which are mostly in Arabic. The magazine appeared on the restored forum about two weeks later.
Although he generally sees the disruption of al-Qaeda Web sites as fruitless because they could quickly reappear on other servers, Kohlmann said the most recent outages have clearly begun to affect jihadi communications.
“At least temporarily, the social networking among jihadists has been disrupted,” he said. “The remaining forums are really struggling to attract the participation of users.”
For years, U.S. intelligence officials have relied on al-Qaeda forums to gather insights into conversations among extremists. Some officials have argued against attempts to shut down the forums, saying they provide valuable intelligence.
At the same time, any cyberattack, even one that shut down an online forum only briefly, could temporarily stifle extremist activity, or perhaps just sow confusion and distrust among users.
“It’s a good thing whenever a terrorist Web site goes offline,” said a U.S. official who was not allowed to comment publicly on the matter and spoke on the condition of anonymity.
Regardless of the cause of the latest outages, if they persist, the larger consequences could be far-reaching, said A. Aaron Weisburd, a senior fellow at the Homeland Security Policy Institute who runs Internet Haganah, a site that tracks jihadi forums.
The loss of primary forums such as Shumukh and al-Fida’ would deprive al-Qaeda of control over its message, Weisburd said. “It leaves the rank and file to guess which messages and which messengers are genuine al-Qaeda and provides undercover operators with new opportunities to disrupt the movement,” he said.
Comments on the handful of Arabic-language forums that remain online reflect the frustration and defiance among users.
“Life without Shumukh and Fida’ is unbearable. . . . They are the Titanic supporting the foundation for the triumphant sects fighting in Iraq, Yemen, Somalia,” a user identifying himself as Fata Musslim Ghayoor said on the Ansar al-Mujahideen Arabic Forum on Thursday, according to a Flashpoint translation.
“The forums will return,” commented a user identified as “Azam” on a different site. “We are in a media battle with the enemies of Allah. . . . Even if Shumukh is gone, a thousand other Shumukhs will be born.”
Philip Mudd, a former longtime CIA and FBI counterterrorism expert, said he understands the intelligence value the sites have. But as the al-Qaeda movement loses ground, he said, “maybe the more important issue is, how do we now get more aggressive in shutting down any effort they have to spread the message?”
In the past, U.S. officials have also relied on diplomatic channels to dismantle extremist sites that are viewed as a threat to American personnel or interests, according to former U.S. officials familiar with the episodes.
The approach has worked in more than a dozen cases and in each instance was backed by at least the implicit threat of a cyberattack by the U.S. military if the Web site’s host country failed to act, the officials said. The countries that cooperated were in Europe, the Persian Gulf and the Pacific, they said.
“We’ve never had a country refuse us,” said James Cartwright, the former vice chairman of the Joint Chiefs of Staff, speaking at a U.S. China Economic and Security Review Commission hearing at George Mason University last week. “But if they did, then you can invoke the right of self-defense.”
Cartwright said that in some cases the foreign government would be given a 48-hour window to investigate, what he termed “fair notice,” before the U.S. military did so on its own.
The approach makes sense, current and former officials say. Although the U.S. government can disrupt the sites on its own, “you’re not going to go do something unilaterally if you can do it cooperatively,” said a former administration official who requested anonymity to discuss sensitive internal deliberations.
Al-Qaeda sites that have recently gone offline were hosted on servers in various places, including Malaysia, Costa Rica and the Gaza Strip, Kohlmann said. It is rare these days to see them hosted on servers in the United States or Canada, he said.
Some of the forum followers have suggested new outlets.
Said one commenter, Al-Muktafi bel-Lah, last week: “I suggest to the brothers having a page for the jihadi forums on Facebook and twitter.”