Government (Foreign) // Social Media
The correspondence of a programmer for a top-tier ISIS web forum has been compromised.
On July 17, an independent researcher known as “Switched,” tweeted content from a data dump that allegedly contained messages belonging to Abu Alaaina Khorasani, who is an administrator of the “Shumukh al Islam” website. Shumukh al Islam, or “Glory of Islam,” regularly hosts official ISIS propaganda.
The hacker apparently broke into the account to prove his worth to the administrators. Before the leak, he had asked for a position in the forum as their “tech guy.”
“He posted as the admin that he was one of the brothers, 'but if you don't do as I say, I'll dump the [database],’” Switched told Motherboard.
It is not totally clear how the account was hacked. Switched tweeted message screenshots that suggest part of the gambit involved a phishing email attempt.
Laith Alkhouri, the director of research and analysis for the Middle East and North Africa at security firm Flashpoint, said that Khorasani has been an administrator on the forum since around 2009 or 2010.
The breach "shows that the myth of a highly secure jihadi underground, is exactly that: It's a myth,” he said.
Alkhouri said he was able to authenticate some of the names dumped, and said that they all appear to be members of Shumukh al Islam. The messages deal with the conflict between ISIS and Al Qaeda supporters, the procedures around obtaining new members for the forum, and other correspondence with current members.
According to Motherboard, "A small number of messages also appear to have been encrypted with Asrar al-Mujahideen, a custom jihadi encryption program similar to PGP."
Immediately after the leak became public, the forum went down, “under repair,” Alkhouri noted.