During the month of September 2016, members of Cyber Kahilafah began to promote and advertise the use of a technology called ZeroNet, which enables decentralized Web site hosting using a peer-to-peer (P2P) network. The obvious advantage of this technology, which was initially released in 2015, lies in the fact that a Web site’s data is stored on several computers simultaneously (as opposed to a central storage server) and, therefore, it is difficult to remove from the Internet. Web sites on this network can be accessed by installing an application tailored to a variety of computer operating systems. In addition, ToR can be used in order to increase users’ level of anonymity and to encrypt information traffic.
During 2015-2016, authorities discovered several attempts by Islamic State operatives to establish Web sites on the darknet containing information about the organization’s activities, as well as advice and messages encouraging its supporters to carry out attacks against the West. These sites were attacked by Western hackers who prevented their continued operation. It can be assumed that these attacks were the main factor that led the organization to use the ZeroNet technology in order to keep the organization’s sites active.
Figure 1: a screenshot of an announcement on the Telegram channel of “Cyber Kahilafah”, including the declared establishment of a new Web site on ZeroNet containing messages and advice for “lone wolves”
Islamic State Web sites established on ZeroNet thus far include a basic content page that mainly contains threats against the West and calls for lone wolf attacks, as well as links to other sites on the ZeroNet network and ToR.
Figure 2: a screenshot of the “Cyber Kahilafah” Web site on ZeroNet
The Web site displayed in Figure 2 contains messages to “lone wolves” in the West and in the Gulf States that are battling against the Islamic State, encouraging Muslims who are unable to migrate to the Islamic State to express their support for the organization by learning how to create explosives and how to use weapons in order to carry out attacks in “infidel lands”. There is a link on this site to the “jihad” and “lone wolves” archives on the ToR network.
Figure 3: a screenshot of the “Cyber Kahilafah” Web site on ZeroNet
The Web site displayed in Figure 3 contains a call for “electronic jihad” as an alternative way to support the Islamic State without migrating to its territory: “We can make the world powers bow down before us without firing a single shot by hacking energy networks, the Internet, government institutions and banks. We can also can hack SCADA systems, etc.” The Web site lists the countries that should be attacked: Saudi Arabia, the United States, Russia, Turkey, Iran, UAE, Bahrain, Egypt, Australia, France, Germany, Kuwait, Jordan and Morocco. In addition, the site will intends to post a link to a special Web site that will be established for “lone wolves” in order to learn fighting, assassination and shooting techniques.
A new visitor to the Shumukh al-Islam jihadist Web forum known as “Umar al-Baghdadi” responded to an article on Al-Jazeera regarding the difference between the Deep Web and the Dark Web by claiming that is it better to focus efforts on the issue of the Dark Web. The visitor explained that several Web sites were established on the Dark Net to support the Islamic State in which lessons are offered to “lone wolves”.
Al-Baghdadi attached screenshots of the sites that he referred to but they were apparently removed by the editors of the forum, who wrote in response to al-Baghdadi’s post: “The Web sites that you mentioned are still secret as far as we are concerned and not everyone who publishes inflammatory posts are trustworthy. There is no problem browsing through TOR but if you take a look at the materials that these sites publish you will discover that many of the PR materials need to be downloaded and herein lies the danger. One must be very careful when downloading any material from these sites in order to avoid exposing one’s identity to the dogs from Intelligence”.
Islamic State supporters and activists are developing and adapting themselves to the new challenges being placed before them by western countries that are using a variety of ways to stop the organization’s activities on the Internet. They are adopting technologies, software and off-the-shelf services that enable the organization to overcome the various obstacles by increasing the level of information security, including encrypting data and data traffic, anonymity of users and storage servers, etc. These tools enable the organization to continue operating on the Internet despite the obstacles and challenges placed by Western countries and, therefore, it can be assumed that Islamic State operatives will continue to use this approach in order to securely maintain their presence on the Internet, with emphasis on anonymity and systems survivability.