Downed Electronic Jihad Site Flew Under The Radar

Although the "electronic jihad" Web site Al-jinan.org was offline for part of Thursday, the site has been able to survive for about four-and-a-half years for a number of reasons. While its domain name server registration features a number of contradictions that make tracing its origins difficult, the capabilities of the site's Electronic Jihad application are also limited.

Still, the mere presence of the site is likely a precursor of an emerging cyber threat.

Al-jinan.org's domain name server is being hosted by Ibtekarat, a Web hosting company based in Beirut. Created in December 2002, the site's registration information cites an address with a Los Angeles postal code, while listing the Egyptian city of Al Esmaeiliya as its "registrant city," and Iraq as its "registrant country."

Anyone can register as a user with the Al-jinan.org Web site and install the Electronic Jihad application on their computer. This gives the user the ability to launch denial-of-service attacks using their own computing resources, although the severity of such an attack depends upon the attacker's resources.

"From what can be gathered off of the Al-jinan Web site, it does not appear that they have executed any large-scale, serious attacks," Erich Marquardt, program manager of Global Terrorism Analysis at Washington, D.C.-based think tank the Jamestown Foundation, told InformationWeek. According to claims posted on Al-jinan.org, they have contributed to knocking offline various Web sites they deem as anti-Islamic. "These Web site shutdowns, however, are usually temporary," he added.

Although the site was down on Thursday, Google's cache of the site indicates it was live at least as late as Sunday night. There could be several reasons why it has operated for so long without any visible interference from law enforcement. For one, it most likely didn't jump to the top of any law enforcement agency's list of anti-terrorism priorities thanks to the way the Electronic Jihad software was designed.

Since the attacker has to download the application and launch an attack from his own infrastructure, any malicious traffic targeting a particular site would be coming from only a handful of IP addresses, which could easily be blocked, says Jordan Wiens, senior security engineer for the University of Florida and a contributing editor to Network Computing magazine, which is produced by the same company as InformationWeek.

The Electronic Jihad application is only as effective the organization wielding it. Attackers using botnets to launch DDoS attacks would be much more successful than those using Electronic Jihad, whose attacks could be traced back to their sources, Wiens said. Still, the application's very existence is disturbing, especially, "if they ever get their act together," he added.

Al-jinan.org took care to have the site, including its IP address, hosted in the U.S., while the domain name server is managed by a company in the Middle East. "If you control the DNS, you control the domain," Wiens said. "That's what they would want to keep out of the hands of anyone who would want to shut them down." This set-up also creates cross-jurisdictional chaos which has been difficult to resolve among countries with different laws pertaining to cybercrime.

Al-jinan.org is just one of many sites that law enforcement suspects to be sponsored by terrorist organizations, making it hard for that particular Web site to jump to the top of the list. "There's just so much out there, and these attacks have been on a small scale," Marquardt said. "It's the idea that's disconcerting."