Ansar Al-Mujahideen English Forum (AMEF) – The Main English Language Forum for Al-Qaeda and Its Western Followers: Information and Communication Technology Thread Offers A Virtual Training Center for Online Jihad and Cyber Warfare Including Weapons Training, Hacking & Encryption, and Lessons in Becoming a Suicide Bomber

April 20, 2012

Introduction

Currently, fewer than 10 Arabic-language jihadi forums are promoting Al-Qaeda indoctrination efforts, Al-Qaeda affiliates, and other jihadi terror organizations that are active online.

Among the most important of these are Al-Shumoukh Al-Islam and Al-Fida. Each of these forums has sections devoted to military and technology topics – Al-Shumoukh’s is “The Shumoukh [Military] Camp” and Al-Fida’s is “Modern Technical Science” – and both provide tools for jihadis to operate online. These range from instructions for making explosives, lessons on attacking targets, and instructions for using online tools, such as hacking, encryption, video production, and more.

Another forum devoting substantial space to providing its readers with access to tools for online jihad is the Ansar Al-Mujahideen English Forum (AMEF).

Background on AMEF

Vitally important to Al-Qaeda and its Western sympathizers and recruits, the Ansar Al-Mujahideen English Forum (AMEF), ansar1.info, is considered the primary English-language jihadi forum, disseminating the majority of Al-Qaeda’s propaganda for the English-speaking West. It is currently hosted by Softronics in Switzerland, and registered to Mr. Ali Mahmoud, Postbus 291, Brussels, Belgium, phone +32-6293343078, [email protected]

AMEF was established in 2008 in Arabic, and later launched multiple language pages, including English; it has thousands of threads and individual messages.

Problems that have plagued most jihadi websites, such as interruptions in the provision of website services and/or removal, have largely not affected AMEF. For example, from mid-March to early April 2012, when the Al-Shumoukh and Al-Fida forums were down, online jihadi activists were able to post messages on AMEF.

In fact, even though the host and location are known, AMEF maintains a steady online presence, enabling it to continue operating as a tool of Al-Qaeda in the West even though its users have been at the center of multiple terrorism cases.

On December 27, 2011, AMEF, which had until then been partially closed to public readership, opened registration for new members and released a statement warning readers of “traps” laid by “the infidels” for “would-be Jihadis,” to apprehend them “before they are actually able to involve themselves in any serious activity… before they get in contact with true Mujahideen.” It noted, “Not only does this occur in Masjids [mosques], but also online. Our beloved forum was used more than once in this manner…” (As of January 4, 2012, registration had closed.)[1]

On March 15, 2012, AMEF revoked the password to many of the forum’s pages.  Nevertheless, the MEMRI Jihad and Terrorism Threat Monitoring Project is still able to access the forum in its entirety.

AMEF Incites and Instructs Activists to Carry Out Terrorist Acts

In 2011-2012, multiple individuals with links to the Arabic Ansar Al-Mujahideen website were arrested, in various places across the world, including Germany and Belgium. Some were also killed on jihadi fronts.[2] In the U.S., 22-year-old Penn State University student Emerson Winfield Begolly was indicted by a federal grand jury on July 14, 2011 for allegedly acting as an AMEF moderator. According to the indictment, beginning in July 2010 Begolly posted a number of items on AMEF encouraging attacks in the U.S., including the use of firearms, explosives, and propane tanks against targets such as police stations, post offices, synagogues, military facilities, train lines, bridges, cell phone towers, and water plants.[3]

In response to the killing of Osama bin Laden, AMEF, together with the online forum Shumoukh Al-Islam, conducted an online “workshop” to compile a “hit list” of nearly 200 Western political, business, media, academia, and other leaders, to be targeted in June 2011. The list included President Barack Obama, Vice President Joseph Biden, and Department of Defense and Bush administration officials. Among the U.S. government agencies that expressed concern about the list were the Department of Homeland Security, the FBI, the Secret Service, and the Department of Justice.[4]

On March 27, 2012, the Spanish Interior Minister announced the arrest of “Al-Qaeda’s librarian,” Mudhar Hussein Al-Malki, who has been accused of running the Ansar Al-Mujahedeen Network. According to a statement by the Spanish police, Al-Malki spent “8 to 15 hours a day” posting online content for Al-Qaeda, aimed at “recruitment, indoctrination, and radicalization of sympathizers of armed jihad.” The statement added that Al-Malki shared material online about poisonous gases and explosives and was involved in the compilation of the aforementioned “hit list.”[5]

Users of AMEF found another vehicle for its jihadi purposes on October 27, 2011, when it opened a Twitter account, twitter.com/#!/AMEF3.  It has since posted over 2,000 tweets, approximately a dozen every day; most of them include links to its main forum. AMEF also follows and disseminates news about security affairs in the West, focusing among other things on airports and other potential terrorist targets.[6]

Structure of the Ansar Al-Mujahideen Forum

The Ansar Al-Mujahideen Forum includes sections for “Headlines,” “Islamic Categories,” and, most importantly, “Jihad and Mujahideen.”

This last category includes over 30,000 posts devoted to “Jihad-Related Media” – video and audio clips and images related to jihad and the mujahideen; “Jihad Publications” – books, magazines, transcripts, translations, and other jihad-related publications; and “Mujahideen Press Releases” – official reports, communiqués, statements, and announcements from mujahideen around the world.

There are also hidden sub-forums on AMEF serving online jihad efforts; among these is a section called “Global Categories.” Inside this category is the “Information and Communication Technology” thread.

AMEF’s Information and Communications Technology Thread (I&CTT)

The 37-page Information and Communication Technology thread (I&CTT) comprises nearly 1,500 posts, dating from December 10, 2008. These posts deal with software commonly used by online jihadi activists for nefarious purposes, such as the early post by user Asad Al Harb on “securely disposing [of] data on hard drives and other storage media,” as well as software, such as the “Mujahideen Secrets” encryption software.

In this latter category are posts on an AMEF “graphical tutorial on how to use the Mujahideen Secrets encryption program,” a post about “Ansar al-Mujahideen on Mujahideen Secrets 2.0 and Video Explanation,” as well as tutorials on the use of TrueCrypt to make encrypted containers; an “Encyclopedia of Cryptography and Security, 2nd edition”; and a report on encrypted Google search and products in Firefox.  Encryption software is one of the most popular methods online jihadis use for securing their communications efforts.[7]

Another category includes assorted information related to issues important to online jihad, including, for example, reports on U.S. government online surveillance, on computer viruses, instructions on making weapons; links to information related to U.S. government actions against online jihad and tips for circumventing them; and tutorials on disseminating content online, with answers to questions. In fact, the forum even offers a thread for anyone to submit IT questions.

There are also posts on Stinger missiles, on an Anonymous-developed DDoS (Distributed Denial of Service Attack), on websites that can be used by jihadis for hosting images and videos, on remote tracking cookies, webcams, and other spy tactics, on disabling GPS (Global Positioning System) software in specific phones, and on “ways to clean/erase all persona information on my PC WITHOUT touching the Operating System.”

The following are further examples of the content on the thread:

Assorted information on security and weapons manufacturing:

  • Training for becoming a “suicide bomber.”
  • Information on technological warfare.
  • Lessons in remote detonation.
  • Instructions on topography.
  • Tutorials on forging passports.
  • Information on making poisoned weapons.
  • Information on the scientific principles of improvised warfare.
  • Information on PsyOps on the Internet.
  • Information on using heavy and light weapons.
  • Handbooks on weapon production.
  • Instructions on using the AK-47, sniper techniques, gun silencers.
  • Instruction on using potassium nitrate (saltpeter).
  • Instructions on making nitric acid.
  • Information on using military maps.
  • Lists of U.S. nuclear sites, and much more.

Assorted information on hacking:

  • Includes information on teams of hackers throughout the Muslim world.
  • Report about Anonymous hacking activities.
  • Details on hacking of emails by Anonymous.
  • Details on hackers’ use of source code for Symantec’s PCAnywhere, a widely-used program for remotely accessing computers.
  • Dozens of e-books such as “Web Hacking: Attacks and Defense>> CHM eBook” and “Hackers Underground Training 2011 (Ebook + Video)”
  • A discussion of how to hack smartphones.
  • Information on “a new frontier for hackers.”
  • Instructions on how to hack Facebook accounts and email addresses.
  • Manuals including one titled “The Hacker’s Underground Handbook.”
  • Reports on fixing registry (deep operating system code) hacks.
  • Dozens of videos on hacking.
  • Information on how to protect a computer from being hacked.

Tools for online jihad:

  • Details about the Amnesic Incognito USB System (a Debian-based live CD/USB aimed at providing complete Internet anonymity for the user).
  • Information on how to make mass mirrors (copies of websites) using RapidLeech.
  • Information on how to disable Geolocation in Internet browsers and how to cover your tracks online.
  • Tutorials on Internet security tools.
  • A comprehensive guide to information security.
  • Information on securely disposing of data on hard drives and other storage media.
  • Details on using Tor proxy in any program such as Internet Explorer or cmd dos or smart ftp or messenger, even process windows.
  • Information on Tor routing through Kaspersky.
  • Information on Key Scrambler Premium and Hotmail with Tor.
  • Information on how to remove Google search history before Google’s new privacy policy takes effect.
  • Reports on Firefox tips and tricks to increase Internet speed.
  • Report on a site hosting images for free that can be used for posting in forums, for example for explaining tutorials.
  • Network security e-books.
  • A CompTIA Security + All-in-One Exam Guide.
  • An eBook CHM, “War Driving: Drive, Detect, Defend, A Guide to Wireless Security”
  • A manual on beginning Ubuntu Linux 2010.
  • Details on learning media production online.
  • A report on secret tagging techniques used by “the filthy kuffaruun
  • Reports on “invisible browsing 7.0,” on how to change a real IP address, on sites that feed personal details for a new tracking industry, and on “why don’t the brother just release .SRT files as subtitles for the translations of jihadi media productions?”
  • Information on remote tracking, flash cookies, webcams, and other spy tactics.
  • Information on how to disable GPS (Geolocation) in specific phones.
  • A report on a new tracking system that “can pin any Internet user’s location to within a few hundred miles”; information on Privacy Eraser Pro v8.60, an RPC virus, cellphone spy software.
  • Details on secure chat/messaging, setting up and operating a forum securely, and Yahoo “Web Beacons” that spy on and track Yahoo users.
  • Questions about “secure chat for ummah.
  • Training videos on TCP/IP and networking fundamentals.
  • Information on how to get YouTube movie maker for free.
  • Instructions on using Google Earth stills.
  • Tips for removing viruses and spyware from client machines and on how to make a server with v bulletin website.
  • Warnings regarding VPN (Virtual Private Network).
  • Information on free web hosting based on WordPress.
  • Information on “things which are readily available all over the U.S.”
  • Instructions for using spy gadgets.
  • Links with maps of countries and cities.
  • Reports about “Echelon – The Most Secret Spy System”
  • A tutorial on security, surfing, downloading and restriction breaking.
  • Details about programs to protect personal information on computer and online.
  • Computer tips “for the brothers.”
  • Requests for information about “IP proxy software and how to use it.”
  • Ways to clean/erase all persona information on my PC WITHOUT touching the Operating System??!!!
  • Details on how to change an IP address.

*Steven Stalinsky is Executive Director of the Middle East Media Research Institute.        

Endnotes:

[1] To read the statement in full, see MEMRI JTTM report Prominent English-Language Jihadi Forum Opens Its Doors For New Registration, December 27, 2011.

[2] For example, an AMEF tweet on December 30, 2011 referred to a “martyred member of Ansar Al-Mujahideen network (May Allah accept him).”

[3] Following the October 2010 shootings at the Pentagon and at the Marine Corps Museum, Begolly posted a comment praising the shootings and expressing his hope that the shooter had acted in accordance with his previous postings encouraging similar acts of violence that, he wrote, might “seem small, but cause big damage.” Subsequently, on December 28, 2010, Begolly posted links to a 101-page document with instructions for setting up a basic laboratory to manufacture explosives.

[4] See MEMRI Special Dispatch No. 3913, “Online Jihadis Prepare Hit List of Senior Politicians, Military Figures, Businessmen,” June 13, 2011,  http://www.memri.org/report/en/0/0/0/0/0/0/5369.htm.

[5] Alarabiya.net, March 30, 2012; The Telegraph, March 27, 2012.

[6]Steven Stalinsky, MEMRI Inquiry & Analysis No. 767, “Now Tweeting:  Ansar Al-Mujahideen English Forum (AMEF) – The Main Al-Qaeda English-Language Forum – Spreading Online Jihad, Inciting and Instructing Activists To Carry Out Terrorist Acts, Obstructing Counter-Terrorism Measures in the West,” January 20, 2012, http://www.memri.org/report/en/0/0/0/0/0/0/6008.htm).

[7]Steven Stalinsky, MEMRI Inquiry and Analysis No. 704, “Al-Qaeda’s Embrace of Encryption Technology: 2007-2011,” July 12, 2011, http://www.memri.org/report/en/0/0/0/0/0/0/5457.htm.