Akbar al-Muslimin, Kybernetiq, and ZeroNet. The Modern and Privacy-Centric Electronic-Jihad – by Daniele Maria Barone

Years of clandestine communications, first through newspapers or radio and then by exploiting online tools and media as a sounding board, have highlighted Islamic terrorism peculiarity of adapting to new means of communication to make propaganda, raise money, and keep in contact with each others[i].

At present times, the increasing controls over jihadist contents on social media (e.g. Facebook, Twitter), public blogging platforms (e.g. WordPress, Tumblr)[ii], and, after many calls by institutions, of encrypted chat services (e.g. WhatsApp, Telegram) are not stopping terrorist groups’ online activities[iii]. On the contrary, it seems that this uncomfortable virtual ground is likely to push them to improve their know-how and technical skills on the web.

In order to better understand how this framework is evolving, it is important to analyze the most recent developments in the way jihadists’ use of the most recent technologies available online to spread propaganda, experiment new financing methods, and, from their perspective, what sort of technical skills are required to fulfill their purposes.

While the caliphate is crumbling in Syria, banners advertising bitcoin donations reappear on the deep web

Akhbar al-Muslimin (Muslim news) was an IS-affiliated website which published news from the Islamic State. In November 2017, one month after the fall of Raqqa, a banner for donations of Bitcoins was launched on the website. In particular, it posted a link for Bitcoin donations claiming “Click here to donate Bitcoins to the (Akhbar al-Muslimin) website – do not donate from zakāt[iv] funds”. The donations are presented as a support for the website, but may probably have been used by Daesh to restore its propaganda machine or fund terrorist attacks abroad[v]. The bitcoin address had no time to receive any donation because of two reasons:

  • it was shut down after a while by authorities. Thus, no protection against Distributed Denial of Service attacks (DDoS)
  • it had only a bitcoin address to send donations with no instructions or explanations available for people who were willing to donate to the website

After the more consistent defeat of Daesh in Syria, on January 2019[vi], the website reappeared online with a new bitcoin address. What is new is that, once the site has been accessed, now almost every page contains a request for a donation for “the activities of the website” that leads to the address of a virtual wallet for depositing the funds[vii].

Furthermore, there are some new features added by the creators of the renewed website that give some interesting clues about an improved knowledge on how to facilitate the donation process:

  • Because of the frequent closing of the Akhbar al-Muslimin website, the first window contains instructions for finding the site’s most updated links: by sending an empty email to the address given, the user is automatically answered with an updated link to a mirror site of Akhbar al-Muslimin.
  • There are more instructions available about how to exchange money into bitcoin with a link to explanatory videos about how cryptocurrencies work and to the designated exchange service platforms. On the first renewed version (January 2019) the exchange service used was VirWoX, a virtual currency trading company that allows buying bitcoin via PayPal[viii]. Since March 9, 2019, the site referred potential donors to LocalBitcoins[ix], a virtual currency money trading company where, to buy bitcoins, providing identification is voluntary.

More than 2million visits on the first jihadist magazine on cyber and information security: Kybernetiq

As highlighted by the Telegram tracker 2018 of the program on Extremism at the George Washington University[x], cybersecurity is one of the most recurring subjects on Islamic extremists online discussions. This figure explains the success that, Kybernetiq, the German annually released al-Qaeda in Syria-linked web magazine on cybersecurity, is having among jihad supporters.

Born in 2015, characterized by a high level and appealing design, Kybernetiq spreads information referred to cyber-savvy jihadists[xi].

As explained on a report by the Institute for Counter-Terrorism (ICT Herzliya)[xii], the most relevant contents covered by the web magazine are:

  • Encrypted Communication, one of the main topics Kybernetiq covers. Among other subjects, the authors are discouraging the use of crypto programs in any way linked to Islamic extremists (e.g. Asrar al-Mujahideen, Amn alMujahid) which, according to the authors, are easily traceable by intelligence agencies, suggesting to use other services like PGP to encrypt messages, including a step-by-step guide. The authors also give some other advice about avoiding Arabic pseudonyms as user names, which are more likely to arouse suspicion.
  • How to hide while navigating on TOR browser by listing safety precautions as VPN or how to avoid malware.
  • Information security is a relevant subject. As, for instance, the importance of using an emergency power off mechanism which can be activated with remote control (i.e. “killswitch”), advice about buying hardware offline and in cash because intelligence services could intercept the postal item, and suggestions about using open source operating system, as Linux, which are more difficult to be attacked by “State-made” Trojan malware.

A new platform to share jihadist content publicly without being traced: ZeroNet

As reported by Site Intelligence Group[xiii], Amaq News Agency, an official Islamic State media arm, and al-Naba newspaper, announced on December 2018 a new account on ZeroNet.

Created in 2015, ZeroNet is a peer-to-peer web hosting network. Its network is decentralized, which means that users who create a website and its surfers, by downloading ZeroNet app, will be hosting the website on their computer and not on a single server, by remaining anonymous connecting via TOR browser or by connecting their ZeroNet account to their bitcoin-wallet. This allows either anonymity or the possibility to surf on the website also while their devices are not connected to the internet.

ZeroNet has been used by IS-linked groups since 2016 (e.g. Cyber Caliphate hacking group, Ansar Al-Khilafah)[xiv] but it is the first time it is used by an official arm of Daesh[xv]. This choice represents a game changer in the electronic-jihad: the possibility to share contents to a general or targeted audience, avoiding the risk of being traced or hacked and stabilizing permanently on an easily accessible virtual space.

Future Scenarios

International terrorist organizations and their activists are still adapting more and more to either the developments in the ICT sector or the territorial instability of their groups.

In the light of the recent events in the jihadist online environment we can assume that:

  • International jihadist organizations are not only taking advantage of online tools which are already mainstream as social media or end-to-end chats. Indeed, cryptocurrencies, encryption keys, cybersecurity issues, and alternative web hosting services require a medium/high e-skills level. From this perspective, jihadist organizations are on the one hand learning from their members or related groups (as, for instance, in the case of Amaq News Agency creating a ZeroNet account after Cyber Caliphate hacking group, Ansar Al-Khilafah experimented it) on the other hand teaching their audience how to use modern online tools to communicate, finance the organization, and access to jihadist content in total anonymity on the web.
  • It seems like this new phase of the jihadists’ use of the virtual space is moving towards privacy rather than make as much noise as possible through propaganda. Their scrambled territories have forced them to concentrate more and more on the virtual space to keep their groups united and even lose one of their members because of a lack of know-how in keeping its identity hidden while navigating the internet, is becoming increasingly important for them. In these terms, the electronic jihad is strengthening its ability to keep and raise Islamic extremist online communities, by focusing not anymore on spreading noisy contents aimed at going viral, but on setting up a stable virtual ground, unhackable and that cannot be shut down by uninvited guests. From this perspective, the technical know-how of surfers, is a relevant element to build this strategy.
  • Terrorist organizations goal on the online realm is still related to the way jihad is able to circumvent Western banking system or intelligence agencies. Indeed, in the cases previously analyzed, there’s no reference to cyber attacks or hacking. The main purpose, from a jihadist perspective, seems to be related on exploiting the virtual space to spread the technical skills required to keep on winning the heart and minds of their sympathizers globally rather than perpetrate cyber attacks or frauds against civilians, institutions or private companies. This may be related either to a current lack of broadly spread technical skills (which means it is just a matter of time before terrorist groups start to randomly attack also on the online realm) or that internet, according to terrorist groups, remains the primary battleground of the communication warfare.

The lack of a strict Know Your Customer (KYC) policy on bitcoin/money exchanging platform or web hosting services is undoubtedly giving a strong advantage to any sort of illegal user.

Nevertheless, jihadist use of the web is still a double-edged sword: it can surely give a strong advantage to terrorist organizations in terms of anonymity and allow them to keep on globally broaden their range in terms of communication and crowdfunding, but authorities monitoring methods are subsequently improving. Even though, the current legal framework makes it difficult to prosecute the illegal exploitation of many modern online tools, as long as the internet will be the primary way for terrorists to keep an international unity among their members, they will still be exposed to controls and analysis.

[i] G. Weimann (May 13, 2004) Special Report 119: Cyberterrorism—How Real Is the Threat? United States Institute of Peace. http://www.usip.org/publications/cyberterrorism-how-real-threat

[ii] (March 16, 2018) MORE THAN 900 INSTANCES OF ONLINE TERRORIST PROPAGANDA UNCOVERED. Europol. https://www.europol.europa.eu/newsroom/news/more-900-instances-of-online-terrorist-propaganda-uncovered

[iii] R. Katz (January 09, 2019) A GROWING FRONTIER FOR TERRORIST GROUPS: UNSUSPECTING CHAT APPS. Wired. https://www.wired.com/story/terrorist-groups-prey-on-unsuspecting-chat-apps/

[iv] An Arabic word referring to a payment made annually under Islamic law on certain kinds of property and used for charitable and religious purposes, one of the Five Pillars of Islam. The word zakāt origins comes from Persian and Kurdu languages, meaning “almsgiving”

[v] D.M. Barone (2018) Jihadists’ use of cryptocurrencies: undetectable ways to finance terrorism. Sicurezza Terrorismo e Società. http://www.sicurezzaterrorismosocieta.it/wp-content/uploads/2018/11/Daniele-Maria-Barone-Jihadists%E2%80%99-use-of-cryptocurrencies_undetectable-ways-to-finance-terrorism.pdf

[vi] (February 12, 2019) Drive for donations using Bitcoin on an ISIS affiliated website. The Meir Amit Intelligence and Terrorism Information Center. https://www.terrorism-info.org.il/app/uploads/2019/02/E_018_19.pdf

[vii] (March 7, 2019) Funding Terrorism: ISIS raises funds through an affiliated website, using bitcoins. The Meir Amit Intelligence and Terrorism Information Center. https://www.terrorism-info.org.il/app/uploads/2019/03/E_054_19.pdf

[viii] https://www.virwox.com/help.php

[ix] https://localbitcoins.com/faq

[x] https://extremism.gwu.edu/sites/g/files/zaxdzs2191/f/Telegram%20Tracker%20Spring%202018_0.pdf

[xi] D. Scopigno (January 17, 2016) Kibernetiq, il primo magazine per il cyber jihad. Lettera43. https://www.lettera43.it/it/articoli/cronaca/2016/01/17/kibernetiq-il-primo-magazine-per-il-cyber-jihad/161309/

[xii] (December 03, 2018) ICT Cyber-Desk Report: Kybernetiq. ICT Herzliya. https://www.ict.org.il/Article/2292/Kybernetiq#gsc.tab=0

[xiii] (December 24, 2018) IS-LINKED WEB PAGES EMERGE ON ZERONET P2P NETWORK. Site Intelligence Group. https://ent.siteintelgroup.com/Dark-Web-and-Cyber-Security/is-linked-web-pages-emerge-on-zeronet-p2p-network.html

[xiv] R. Katz (January 28, 2019) The Islamic State may have a new propaganda haven. The Washington Post. https://www.washingtonpost.com/opinions/the-islamic-state-might-have-found-the-perfect-propaganda-machine/2019/01/28/0d31f7ec-2036-11e9-8e21-59a09ff1e2a1_story.html?utm_term=.d3d60e1505f1

[xv] (January 22, 2019) Pro-ISIS Websites Emerge on Decentralized Platform ‘ZeroNet’. MEMRI Cyber & Jihad Lab. http://cjlab.memri.org/latest-reports/pro-isis-websites-emerge-on-decentralized-%E2%80%8Eplatform-zeronet/