An administrator of a top-tier ISIS web forum, who one expert describes as a “prominent” member of the online jihadi community, has been hacked.
On Sunday, an independent researcher known as “Switched,” who first reported the news, tweeted two Pastebin posts containing alleged correspondence of Abu Alaaina Khorasani, who is an administrator of the “Shumukh al Islam” website. Shumukh al Islam, or “Glory of Islam,” regularly hosts official ISIS propaganda.
Videos by VICE
Laith Alkhouri, the director of research and analysis for the Middle East and North Africa at security firm Flashpoint, told Motherboard in a phone call that Khorasani is “the most prominent cyber jihadist to date,” and has been an administrator on the forum since around 2009 or 2010. “He’s an extremely respected person [among the forum’s users],” Alkhouri continued.
Alkhouri said he was able to authenticate some of the names within the dumped messages, and that they all appear to be members of Shumukh al Islam. The messages also mention other administrators from different jihadi forums. “All of these hallmarks tell me that this leak is authentic,” he said.
According to Alkhouri, the messages, which are mostly in Arabic and stretch back over two years, deal with the conflict between ISIS and Al Qaeda supporters, the procedures around obtaining new members for the forum, and other correspondence with current members. A small number of messages also appear to have been encrypted with Asrar al-Mujahideen, a custom jihadi encryption program similar to PGP.
“It’s an absolutely critical issue for the 15,000+ members of that forum,” Alkhouri said.
The messages may contain sensitive information not just on Khorasani, but on other members too. “Immediately after this leak became news, the forum went down, ‘under repair,’” Alkhouri added.
According to Switched, the hacker said he broke into the account to prove his worth to the Shumukh al Islam administrators, and at first asked for a position in the forum as their “tech guy.”
“He posted as the admin that he was one of the brothers, ‘but if you don’t do as I say, I’ll dump the [database],’” Switched told Motherboard.
It’s not totally clear how the account was hacked. Switched tweeted message screenshots, indicating that it at least part of it was down to a phishing attempt.
Alkhouri said the forum has been targeted over the past six weeks by anti-ISIS hacktivist groups.
“It shows that the myth of a highly secure jihadi underground, is exactly that: It’s a myth,” he said.