The Black Flag

On January 31st this blog will be two years old, far older than I expected it ever would be.

I originally created this blog as a place for my “stuff”, mainly links to other sites that I wanted handy and a place to post a bit on IT Security stuff. Stuff I’ve posted here has helped solve technical problems for people that really needed it, I find that very rewarding as giving the advice really didn’t cost me anything at all but time. This blog has always been a casual effort for me, I have no advertisements or sponsors and no effort to make money or gain “fame”. That “crazy blog money” is harder to get than people think and it was never something I was going for. I really appreciate the people who link this site and throw some traffic my way and I’ve always tried to return the favor if I can.

I’ve met a few other bloggers, made a few friends along the way and have actually contributed in a published article or two. The now closed “Clarity & Resolve” was always an inspiration, I owe a thanks to Rusty, Howie and crew from TJR, Aaron at Internet Haganah, Velvet Hammer, Muslihuun, Bugs-n-Gas Gal, 3 Nails Ministries and many many more that I can’t possibly list here. Sorry if I missed you but I don’t want this to be a post full of hyperlinks, I’m sure everyone will understand. Rusty actually gave me an invite to guest blog at Jawa so you may see me pop up over there pretty soon (hey I need to post somewhere).

Now then, you’ve probably noticed that I tend to focus on cyber-crime, security and cyber-terrorism here. What you didn’t know is that I’ve always done other research behind the scenes on these same topics. Because of my training, personal interests and career path security research is only natural for me (I’m a security geek, what can I say). Unfortunately most of this is not stuff people talk about “publicly” that often due to the sensitivity of it all (full disclosure not withstanding). I was privileged enough to have received an invitation,a year or so ago, to do research with The Shadowserver Foundation, this is truly where the “dark arts” are studied and I consider myself very lucky to be able to work with that team of people. Some of my research over there is really starting to take off and I’m very pleased with that and really look forward to watching those efforts develop.

Additionally, I’ve recently made an upward career move and with that comes more responsibility, literally a 24 hour commitment (such is the way of IT staff). My beautiful wife and I are also expecting our second child in a couple of months which brings a set of challenges all it’s own (those of you with children know what I’m getting at here).

That being said, all this blogging and research takes time, lots of time, which I don’t currently have any of, so something has to give. That something is going to be the updating of The Black Flag, I’ll still be around and will always be available by email but updated posts here are going to be a lot less frequent. I have to make a sacrifice somewhere and this is going to be it, my “real life” and my research will continue on. Oh, I’ll still hit this site every day and clean up the comment spam but that’s about it for the next few months until things settle down again.

I check email daily so if you really need to get me thats the best way.

It is what it is, thanks for stopping by.

blackflag

I’d like to wish all of my readers and passersby a Merry Christmas, may you be blessed by the grace of The Lord.

Via AKI:

A former leader of an armed Islamic group in Libya, Numan Bin Uthman, has written a letter to al-Qaeda second in command Ayman al-Zawahiri telling him that Jihadi groups in Arab countries have failed.

“Dear Doctor Ayman, as I told you during a meeting in Kandahar [in Afghanistan] in 2000, the experience of the Jihadi groups in Arab countries is failed and despite our appeals, the armed groups are divided and will not unite,” he said in the letter, a copy of which was published in the London based pan-Arab daily al-Hayat.

The letter by Uthman, who is based in London, comes after an audio message by al-Zawahiri - an Egyptian medic - was released on Saturday. In it, al-Zawahiri announced that the Libyan Islamic Fighting Group, had joined al-Qaeda. He also called for the ousting of regimes in North Africa.

The Libyan Islamic Fighting Group first announced itself in 1995, vowing to topple the Libyan regime. It is the second organisation to allegedly join al-Qaeda after Algeria’s Salafist Group for Preaching and Combat (GSPC), which changed its name to the al-Qaeda Organisation in the Islamic Maghreb last January.

“I ask you and whoever is behind you to review the way you behave because the Jihadi groups are acting very badly towards those who think differently from the way they do,” said Uthman in the letter.

“I aks you to stop the armed operations in the Arab countries, to guarantee the security of Muslims and to retract your threats toward the West, to take away from them the terrorism card used by some Western governments to hate Islam and Muslims,” he said.

Imagine that.

With bonus phunny from Cox & Forkum:

On a side note: I’d be just giddy if the WordPress editor didn’t strip the text formatting off of anything on blockquotes, it really gets on my nerves.

So yesterday someone found my blog while searching the Internet for the term “toe tag”. Evidently their Google search brought them to the post from June of 2006 “Abu Musab al-Zarqawi Takes the Dirt Nap” that I put up when al-Zarqawi was killed by U.S. and Coalition Special forces.

I also noticed a seemingly odd inbound link and decided to go check it out. What I found was a web page called “book review” located on a Rutgers University web server. It seems benign enough but I recognized the photo about halfway down the page in the “Patients and Families Narratives” section. The image is an altered version of the toe tag pic on my post with the text “</John Doe> pwn3d by l337 h4×0r5″ and a link back to my blog.

The image is in a pop-up Java field and all I can figured is someone searched up an image specifically for embedding in that field after cracking it. They even left a credit to my blog for the image file… I’ve got to admit it’s nice and subtle, much slicker than the average “replace the index.html” defacement. I wonder if they knew I’d find the link, I bet so, nothing like a hacker with a sense of humor.

I know, it’s nothing special but I got a laugh out of it anyway.

Now that I’ve slacked off for a few weeks and indulged myself in teasing our terroristic friend Samir Khan, it’s time to get back to some serious work. I’d like to direct your attention to a Counter Terrorism project of truly epic proportions, that being the “Dark Web” Counter Terrorism research project underway at the Artificial Intelligence Lab, University of Arizona. After reading about this project at Dancho Danchevs blog I’ve been spending quite a bit of research time over at the AI project site studying thier methodology.

The stated research goals of this project are as follows:

The AI Lab Dark Web project is a long-term scientific research program that aims to study and understand the international terrorism (Jihadist) phenomena via a computational, data-centric approach. We aim to collect “ALL” web content generated by international terrorist groups, including web sites, forums, chat rooms, blogs, social networking sites, videos, virtual world, etc.

We have developed various multilingual data mining, text mining, and web mining techniques to perform link analysis, content analysis, web metrics (technical sophistication) analysis, sentiment analysis, authorship analysis, and video analysis in our research.

The approaches and methods developed in this project contribute to advancing the field of Intelligence and Security Informatics (ISI). Such advances will help related stakeholders to perform terrorism research and facilitate international security and peace.

It is our belief that we (US and allies) are facing the dire danger of losing the “The War on Terror” in cyberspace (especially when many young people are being recruited, incited, infected, and radicalized on the web) and we would like to help in our small (computational) way.

Now then, at first glance that doesnt seem all that impressive, let’s dig a little deeper. The Dark Web project is not your typical “vigilante” (thanks Mr. Moss) homegrown cyber-terrorism research effort, it is a well funded, long term, counter terrorism project recieving grants from the Department of Homeland Security, the National Science Foundation and others. In short, the project uses web crawlers to gather information from a (large) list of target sites and forums. This data is then indexed and data mined for actionable information. I once considered a similar method of data acquisition but dismissed it for more targetted methods after considering the amount of computational resources it would take. The Dark Web project has been indexing sites for about five years and have the following to show for their efforts.

Claims: Dr. Gabriel Weimann of the University of Haifa has estimated that there are about 5,000 terrorist web sites as of 2006. Based on our actual spidering experience over the past 5 years, we believe there are about 50,000 sites of extremist and terrorist content as of 2007, including: web sites, forums, blogs, social networking sites, video sites, and virtual world sites (e.g., Second Life). The largest increase in 2006-2007 is in various new Web 2.0 sites (forums, videos, blogs, virtual world, etc.) in different languages (i.e., for home-grown groups, particularly in Europe). We have found significant terrorism content in more than 15 languages.

Testbed: We collect (using computer programs) various web contents every 2 to 3 months; we started spidering in 2002. Currently we only collect the complete contents of about 1,000 sites, in Arabic, Spanish, and English languages. We also have partial contents of about another 10,000 sites. In total, our collection is about 2 TBs in size, with close to 500,000,000 pages/files/postings from more than 10,000 sites.

We believe our Dark Web collection is the largest open-source extremist and terrorist collection in the academic world. (We have no way of knowing what the intelligence, justice, and defense agencies are doing.) Researchers can have graded access to our collection by contacting our research center.

Now, that is impressive. Additionally, the Dark Web researchers perform Social Network Analysis on the data gathered to determine the relationships of online content authors. It is important to realize that these researchers are mathmeticians, not counter terrorism agents, they are applying science to the issue of online Terrorism in an attempt to understand the phenomena.

They describe themselves thusly:

A Few Words about Civil Liberties and Human Rights: The Dark Web project is NOT like Total Information Awareness (TIA) (at least we try very hard not to be like it). This is not a secretive government project conducted by spooks. We perform scientific, longitudinal hypothesis-guided terrorism research like other terrorism researchers (who have done such research for 30+ years). However we are clearly more computationally-oriented; unlike other traditional terrorism research that relies on sociology, communications, and policy based methodologies. Our contents are open source in nature (similar to Google’s contents) and our major research targets are international, Jihadist groups, not regular citizens. Our researchers are primarily computer and information scientists from all over the world. We develop computer algorithms, tools, and systems. Our research goal is to study and understand the international extremism and terrorism phenomena. Some people may refer to this as understanding the “root cause of terrorism.”

There is much much more in depth information at the Dark Web Project site, pay special attention to the Journal Articles, Conference Papers and Presentations links at the bottom of the page and you should stay busy for quite some time.

In closing I’ll quote the following:

As an NSF-funded research project, our research team has generated significant findings and publications in major computer science and information systems journals and conferences. However, we have taken great care not to reveal sensitive group information or technical implementation details (specifics). We hope our research will help educate the next generation of cyber/Internet savvy analysts and agents in the intelligence, justice, and defense communities.

It does indeed.

Update 2:

While Howie and I have been teasing the wanna-be Mujahadeen, Velvet Hammer has made the effort to document the gory details, go have a look.

Updated by bf:

Global Islamic Media Front (GIMF) member Samir Khan, age 21, North Carolina, USA.

Nice Mullet.

~~ cont. original post ~~

Ol Sammy’s blog has died again. What? Did your mommy make you take it down? Or was it all those Muslims I emailed asking them to email your provider?

Too bad too, since you made the NYT today.

Inshallahshaheed will never go down, bi idhnillah!

So had the mommy’s basement Jihad been shot down in flames?

Bwhahaahahahaha!!!!!!

Rusty has much much more on Inshallahshaheed here at The Jawa Report.

 Updated x2:

Samirs latest site for distributing militant Salafi ideology and intolerance is here.  I typically don’t link his (active) site’s but the latest story from the NYT has quite a few “Western” surfers clicking through looking for it. I think they could stand a good dose of what Al-Qaeda in America looks like.

Updated:

Oh Snap! I wonder if it’s the work of the mysterious “hackers” again (that only target InshallahShaheeds site) that our friend “FalsehoodExsposer” mentions in the comments.

~~~~~~~~

It seems that our favorite mouthpiece for the Global Islamic Media Front here on WordPress.com has had his latest incarnation of a GIMF outlet taken offline for Terms Of Service. I find it hard to believe WordPress.com staff would do that based on past history but it appears to be the case.

A “member” of Inshallahshaheed’s site was kind enough to drop by and update us on the location of his “new” blog. (What happened to your site archives mate? I hate to see all that good GIMF propaganda wasted.) The new site is located here.

The site used to be at “http://inshallahshaheed.wordpress.com” and then it moved to “http://ignoredknowledge.wordpress.com” after the author (Hi!) deleted it in a panic while trying to cover his tracks online.

Several members of the GIMF are currently being tried in Germany for planning terrorist attacks and several more are being sought.

The last WordPress site looks like this:

We’ll just go have a look at the latest incarnation of the site and have a dose of the ‘ole Salafist Ideology for good measure.

Thanks for the update and best of luck with the new digs.

Via Breitbart:

BAGHDAD, Sept. 13 — Al-Qaida militants in Iraq have taken heavy losses in two joint U.S.-Iraqi raids north of Baghdad, the U.S. military reported Thursday.

In one operation involving more than 1,000 U.S. troops and Iraq Special Forces in the Hemreen mountain area and Diyala river valley, three al-Qaida fighters were killed and 80 others were arrested, the Army statement said.

The report said four of the arrested men are considered senior leaders in the terror group, Kuwait’s KUNA news agency reported. U.S. air support was used to conclude the raid, after which a major weapons cache was found, the statement said.

Elsewhere in Salah Al-Din province, U.S. forces arrested 12 al-Qaida suspects and destroyed an entire house packed with explosives and weaponry, the report said.

Allahu Akhbar.

Updated by blackflag:

It’s worth mentioning that the editor of Inshallahshaheed (.wordpress.com) was a known member of Al-Qaeda’s “Global Islamic Media Front” (aka: GIMF) . Inshallahshaheed is loosely translated into English as “God Willing, Martyr”, an Islamist killed during an act of violent Jihad is considered a Shaheed and purportedly be delivered to Heaven for an everlasting meeting with his 72 Virgins. The GIMF is best known for releasing terrorist training and beheading video’s and propaganda to the Internet at large, it is a well known and very effective tool for Al-Qaeda. The editor made very little effort to disguise his involvement with the GIMF after he was recruited by a GIMF operative during the GIMF’s recruitment drive back in June of 2007 (more at the Jawa Report). He was very open in his support of Al-Qeada and regularly re-posted “news” releases for the GIMF on his blog. It was only when his website was recently mentioned on national television as an Al-Qaeda resource did he panic and delete the website himself in an effort hide his involvement. It’s really too late for that, his site, and it’s visitors, have been under scrutiny by a multitude of analysts for quite some time. Even though he “deleted” the blog from WordPress.coms servers it has been archived and a good portion is still available at the Internet Archives “Wayback Machine” as well.

I must add that the administrators of WordPress.com were notified by several sources of the existence of GIMF websites (including this one) and chose to take no action until public outcry and media attention was such that it forced a take down. Understandably they can’t discuss this aspect of their business with the public at large but their response has historically been less than timely when notified of a terrorist website using their services. Considerations of “Free Speech” aside, it is illegal (United States Code, Title 18, Part I, Chapter 113B, § 2339B) for a U.S. based technology services provider (like WordPress and Blogspot) to knowingly provide services to a known Foreign Terrorist Organization.

If this particular GIMF operative doesn’t get the attention he deserves from the .gov he will almost certainly return to his Jihadist ways once media attention cools down. When he does the usual group of civilian analysts will be there to monitor and archive his activities as always.

Howie:

The al-Qaeda supporting slime-bucket who ran The Ignored Puzzle of Knowledge on wordpress was starting to feel the heat. The mujahasbeen scumbag wussed out and deleted his own blog. It won’t help him as the Zionist Internet Cabal has been watching him. He’s toast baby. Expect and update with an arrest soon.

Via The Jawa Report: I promised myself that I wouldn’t give my ‘friend’ Inshallahshaheed from the WordPress hosted al Qaeda support website The Ignored Puzzle of Knowledge’ any more press than he deserves. Inshallahshaheed is at the center of a network of online jihadis that include convicted terrorist Daniel Joseph Maldonado, aka Daniel al Jughaifi. WordPress continues to host the convicted terrorists website.After complaining to WordPress on dozens and dozens of occasions about Inshallahshaheed I pretty much gave up on getting them to play ball. But I also knew that Inshallahshaheed was being investigated, not by the FBI, but by other interested parties. So I stopped writing about that particular website and even discouraged others (like Weasel Zip) from writing about it. Except, of course, in passing reference.

Earlier today, though, I noted that at Rabbi Abraham Cooper mentioned the website at a Simon Wiesenthal Center sponsored event. It now seems that the FBI are taking the website seriously. Finally.

Here’s what his website looks like now.We have a little message for him.

This group is called Asaeb Al-Iraq Al-Jihadiya in Arabic. This is one of the websites that called for the murder of Christians in Iraq following the Pope’s ill recieved comments on Mohammed last year.

The group’s website (asaeb.org) was offline for quite some time, but came back on line this week on a US server. Today, something seems to have gone terribly wrong with their website. Thanks to not Everyone’s Internet.

Oh and if you’d like to rub it in a bit with the League of Jihadist’s webmaster, here’s his email

abuabeer_ar@yahoo.com

Internet Haganah has an image of the, now defunct, website here.Now, excuse me while I go paint another blue AK on the side of the sandcrawler.

Original League of Jihadists in Iraq’s Website Offline Again here at The Jawa Report.

Did you know he had Blue eyes?

Yeah, one blew this way, the other blew that way.

Hat Tip: Good Lt.

Original Juba The Baghdad Sniper Video post here at Juba Sucks.

I’ve been meaning to blog about this site mentioned by LGF last week.

The electronic jihadis are distributing malicious toolkits that make it so easy to attack web sites even a holy warrior can do it, with a slick admin program that uses virus-compromised ‘zombie’ computers:

The site was hosted on an American server and was in clear violation of terms of service.

But we had a couple projects going on. We have been pestering the Taliban’s webmaster and were busy as well with Hamas in Iraq and Jaami. We don’t want to assign our Zionist Internet Cabal too much at once. Jawas, except for our leader Rusty, are only capable of one, sometimes two, tasks at once.

I wanted to post on this because this kind of site is where attack and spamming software that take down our comments originates. We had comments back online for a short time the other day but they were quickly spammed under.

I know I would have liked to get a little payback! But, I’ll be darned, someone has already beat us to it and the site is offline. Great job to whomever might have taken it down. Warm Fuzzies to you.

A little birdie told me there was more good news on this to come. Like a lot of spammers using the term, “Oh f*ck?!” We’re looking forward to it.

Hat Tip: Tom.

Update: Another website got the old chop chop choppity chop

Dr. Rusty Shackleford via The Jawa Report: Just wanted to mention that before welcoming the refugees from one of the oldest and most popular pro-jihad message boards, who seem to also be having a bad day.http://www.al-ekhlaas.net/ — down

The website of Hamas-in-Iraq that I covered in this story is down, many thanks to HostDepartment LLC for their prompt action and respect for U.S Federal Law.

Thanks to the Jawa crew for helping out behind the scenes with this one as well.

There is a new attack squadron headed for Iraq, Afghanistan and battlefields unknown, it is composed of Reaper UAV

robots.

According to ABC news the specs look like this:

The MQ-9 Reaper, when compared with the 1995-vintage Predator, represents a major evolution of the unmanned aerial vehicle, or UAV.

At five tons gross weight, the Reaper is four times heavier than the Predator. Its size - 36 feet long, with a 66-foot wingspan - is comparable to the profile of the Air Force’s workhorse A-10 attack plane. It can fly twice

as fast and twice as high as the Predator. Most significantly, it carries many more weapons.

While the Predator is armed with two Hellfire missiles, the Reaper can carry 14 of the air-to-ground weapons - or four Hellfires and two 500-pound bombs.

“It’s not a recon squadron,” Col. Joe Guasella, operations chief for the Central Command’s air component, said of the Reapers. “It’s an attack squadron, with a lot more kinetic ability.”

“Kinetic” - Pentagon argot for destructive power - is what the Air Force had in mind when it christened its newest robot plane with a name associated with death.

Let’s hope the Mujahideen enjoy it as much as the U.S Air Force will.