The user, who goes by the handle “Yaman Mukhadab,” posted on August 28 that “it seems that someone is using my account and is somehow sending messages with my name to the members,” according to Flashpoint Partners, which translated the discussion for Danger Room. Shumukh uses software from vBulletin, which allows members to send private message to each other.
Mukhadab’s handiwork has attracted attention beyond the forum. He was one the contributors to the site’s lame recent attempt at creating a fantasy target wishlist comprised of American security industry leaders, defense officials and other public figures.
He claims to have become aware of the hack after seeing “a number of messages from the brothers in private [on the forum account] replying to what they thought was a message from me.” He wrote that “the dangerous thing in the matter is that they say that I had sent them a message including a link for download, which they downloaded.”
The file, according to Mukhadab, contains “dangerous spyware” that can’t be detected by anti-virus software. How he arrived at this conclusion Mukhadab doesn’t say.
It’s hard to determine just who’s responsible for Mukhadab’s account problems. As New York Times reporters Eric Schmitt and Thom Shanker note in their new book Counterstrike, U.S. spies have forged private communications between jihadis before. But they’re not the only ones who tweak al-Qaida’s online fan base. Enthusiastic amateurs have been known to take matters into their own hands, like when a Maryland-based pornographer took down an early al-Qaida site, al-Neda, shortly after 9/11.
Jihadi forums are used to such mischief against their web infrastructure — particularly around this time of year. On the anniversary of 9/11 in 2008 and 2009, the top terror web forums were attacked and shut down, reportedly by the United States and its allies. The 2008 attacks delayed the release of a celebratory Osama Bin Laden video. The next year, the user account for al-Qaida’s al-Fajr media distribution network was hacked and used to encourage forum members to sign up for Ekhlaas, a forum which had closed a year before and mysteriously resurfaced. Both the revival of “Ekhlaas” — almost certainly a fake — and the 9/11 anniversary hijinks online have left the online jihadi crowd a little twitchy heading into September.
What’s more, the Global Islamic Media Front (GIMF), a network for producing and distributing jihadi propaganda online, issued a cryptic warning early this year about ”untrusted” copies of the group’s own encryption program, “Mujahideen Secrets 2.0.” GIMF told followers not to download the software from links “sent over email or are publicized on various websites and forums,” only from an authorized source.
To be sure, the jihadi web crowd has been known to panic on hair trigger alert, at times blowing cyber incidents out of proportion. British spooks vandalized the debut issue of al-Qaida in the Arabian Peninsula’s English Inspire magazine, replacing a number of its pages with ASCII gibberish from a cupcake recipe pdf. Forum members later inflated the magazine vandalism to include the false assertion that the file contained a virus, leading jihadi forum fans to steer clear of it.
For the moment, Shumukh’s admins aren’t taking any chances. They’re telling folks who received messages from Mukhadab to reformat their hard drives and delete any messages from Mukhadab. For the reiterating to forum members in general that they should be extra cautious “close to some occasions or the anniversary of the battles.”