The ‘Dark Web’ And Jihad: A Preliminary Review Of Jihadis’ Perspective On The Underside Of The World Wide Web

May 23, 2014

Introduction

Over the past decade, jihadis have come to rely heavily on the Internet for communication, propaganda, recruitment, and fundraising. The Clearnet, or surface Web – the portion of the World Wide Web accessed directly and indexed by common search engines – provides the jihadi community with plethora of outlets, among them password-protected forums, blogs, and social media. Recently, however, jihadis have begun to discuss the need to find different, presumably less visible, online outlets to serve their goals, and the Dark Web, or Deep Web – the part of the Web not indexed by search engines – has been proposed as one option. The Dark Web’s appeal to jihadis is obvious – it allows them to operate hidden jihadi webpages and forums away from the prying eyes of the law; it enables them to use Bitcoin, the crypto currency which is the Dark Web’s currency of choice, to funnel money for jihad, to obtain fake identification, and more; and it allows them to communicate securely.

Although the Dark Web, unlike the surface Web, is difficult to monitor and research, in the past year, it and ways of accessing it have been increasingly scrutinized by law enforcement agencies. This, in turn, has lead potential users to question the degree of anonymity and security that it can provide.

This report examines jihadis’ use of the Clearnet and their recent interest in the Dark Web, and presents several examples of jihadi use of the Dark Web.

Jihadis’ Use Of The Clearnet – The Case Of The Jihadi Forums

Probably the best known – and most closely monitored – online jihadi activity venues are the forums. Researchers who study and monitor them have focused mostly on their content, and have devoted less attention to their technical inner workings.

Jihadi forums are frequent targets of cyber attacks aimed at shutting them down or compromising their databases. In addition, their admins consider the forums vulnerable to having usernames and passwords, even for trusted Al-Qaeda media companies, compromised if the Web companies hosting them choose to collaborate with authorities; there have been such accusations. Nevertheless, jihadis have managed to address these problems, thanks largely to their ability to launch a new forum as soon as one is shut down or compromised, usually with much of the previous forum’s content preserved. When this happens, the members of the defunct forums tend to migrate to the new one, and the forum carries on. This death and (re)birth cycle of jihadi forums is typically accompanied by a multi-layered process of building trust among the forum members, the forum administrators, and the jihadi groups.

Not all jihadi forums are trusted by Al-Qaeda and its affiliates, or by the jihadi community at large; in some cases, new forums have been launched after an older one was shut down under what are considered suspicious circumstances. It is worth mentioning that Al-Qaeda and its affiliates typically release their content on only one or two top-tier forums; jihadis then disseminate the content far and wide, often relying heavily on YouTube and Twitter.

While the identity of the jihadi forum administrators is not known, it is notable that exclusive content, such as videos of Al-Qaeda leader Ayman Al-Zawahiri, are often released almost simultaneously on all top-tier forums. This suggests that the forums may be operated by the same group, or perhaps even by a single individual. However, the latter is unlikely, due to the sheer volume of material appearing on the forums and the security risk of placing the entire operation in the hands of one person. Moreover, although they portray themselves as unaffiliated and unbiased towards one jihadi group or another, each of the top-tier forums does appear to have its own favored group – suggesting that their operators are different individuals of different affiliations.

For example, Al-Fida’, one of the two top-tier Al-Qaeda forums currently operating, has since 2012 posted no content at all from Islamic State of Iraq and Al-Sham (ISIS) on its official communique section. In contrast, the other top-tier forum, Shumoukh Al-Islam, readily posts, and promotes, ISIS content.

Al-Fida’, a top-tier Al-Qaeda forum

Jihadi forums are initially registered and launched on one Web hosting company, and then, over a period of 12-48 months, migrate, as dormant (i.e. offline) domains, from one domain and Web host to another until they reach their final hosting company destination. This move from company to company is aimed at covering the forums’ tracks and making it difficult to their owners. The offline domains are used as backup, in case the forums are shut down by the authorities; should this happen, the content of the disabled site can be launched quickly onto a new site, thus ensuring continuity. For example, Al-Fida’ recently provided its members with new domain addresses, following prolonged periods of disrupted operation in January 2014.

Jihadis Invest In Encryption Technologies

Over the past decade, and particularly since the release in 2007 of the first version of Asrar Al-Mujahideen (“Mujahideen’s Secrets”) software, developed by the Global Islamic Media Front (GIMF), jihadis have come to rely on encryption-based technologies for using the Clearnet. The GIMF has been the main developer of jihadi encryption software, though it is not the only one. In 2008 it released Asrar Al-Mujahideen 2, and in 2013 it released two additional encryption programs, one for instant messaging and another for mobile phones. In December 2013, the Al-Fajr Technical Committee (FTC) released the ‘Amn Al-Mujahid (“The Mujahid’s Security”) encryption software; this group was established in 2012 with the stated aim of improving jihadis’ technical knowledge and capabilities.

To request a full copy of this MEMRI Jihad and Terrorism Threat Monitor report, send us an email with the report title, number, and date in the subject line, and include your name, title, organization, and official contact info in the body of the email.