Taliban sites hacked: Who is the ‘Voice of Truth’?

Earlier this week, Wired.com’s Danger Room aired a story about the supposed hacking of a Taliban website. The blog post let us know that the Taliban’s web pages were not just down, but possibly hacked, based on a posting to a jihadi forum telling people not to click on any of the links on the usual Taliban pages [forum post in Arabic here, Google English here, and both in PDF at Scribd.com here].

On June 7, when I tried one of the ‘usual suspect’ Taliban sites, I was sent to www.voice-of-truth.net, showing a montage of photos of Taliban atrocities and some text in English and what looks like Arabic and/or Pashto [GoogleEnglish translation available here]:

So fight (O Muhammad) in the wat of Allah Thou are not taxed (with the responsibility for anyone) except thyself – and urge on the believers. Peradventure Allah will restrain the might of those who disbelieve. Allah is stronger in might and stronger in inflicting punishment. Whoso interveneth in a good cause will have the reward thereof, and whoso interveneth in an evil cause will bear the consequence thereof. The group “Voice of Truth” group opposes all acts of the violence, brutality and barbarity. We support for the voices of all Muslims on the basis and principles of the Holy Qur’an and the Sunnah of our Prophet (SAW).

What do we know about “Voice of Truth”?

— The English version of the text suggests it was written by someone for whom English is not a first language (or that it was written by someone who wants us to think that).

— The Voice of Truth claims responsibility for attacking the site on March 17, April 7, April 14, May 17, June 4, and June 7 of this year (the dates are based on this Islamic calendar date converter).

The address is administered via a company that registers URLs based in Westchester, Calif.

The site’s server appears to be based in Romania and managed by a company in the Netherlands.

— Neither Google nor Yahoo can find pages that include this address as a link. None of Google’s other nation-based sites could find pages with this as a link, either.

Last year, there was a bit of mystery surrounding what looked like the Taliban’s having set up a PayPal donations page. Interestingly enough, the Taliban PayPal page address was registered to the same URL hosting company in Westchester, Calif. In that case, though, the server appears to have been based in Germany [WHOIS results, PDF of results at Scribd.com here]. Still, even if the PayPal page was set up by the good guys, it wasn’t a complete replacement or knock down like we’re seeing now.

So, who could be doing this?

Earlier this year, someone identifying himself as @th3j35t3r on Twitter bragged about taking sites promoting terrorism, for short periods of time (30-60 minutes). He says he’s hit at least some of the Taliban usual suspect sites – for example:

www.alemarah.info – official taliban website (Afghan Resistance) – ooops I did it again, down for 30 minutes. Reasons err obvious. PLZ RT 7:17 PM Jan 10th via web

www.alemarah.info – official taliban shadow government website – easy target, c’mon girls – give it some effort – DOWN 30 MINS 8:11 PM Feb 11th via web

If we take this person at face value, although he says he has the ability to take sites out completely, he says his aim is to ‘poke’ the Taliban’s IT folks to keep them off balance:

This approach is about disruption not destruction, (my system) could quite happily drop a site (or multiple sites simultaneously) for any period. However, I need to also allow room for any spooks out there to collect intelligence (if any there is anything actionable). It’s a big enough arena for us all to play nicely.

For now, the guessing game will have to continue.

Are you a dedicated reader of FDD's Long War Journal? Has our research benefitted you or your team over the years? Support our independent reporting and analysis today by considering a one-time or monthly donation. Thanks for reading! You can make a tax-deductible donation here.

4 Comments

  • KnightHawk says:

    Interesting piece

  • Scott Miller says:

    Whoever is doing this has the right idea: Disrupt the message of the enemy and shame them on their own propaganda medium. Keep up the good work VOT.

  • Lorenz Gude says:

    Taking down enemy websites is pure 20th century – thinking. Like the Soviets jamming the Voice of America. This is networked cyberwar and I think what is going on is better termed virtual agent provocateur. By inserting FUD into the system you may not fool the site owners but you can permanently sow fear, uncertainty and doubt among the audience of such sites. Whether these counter terrorists are part of intelligence agencies or spontaneously arising crowd sourced agent provocateurs is a highly satisfactory ‘known unknown’. Hmmm that gives me an idea. The next time I am in the States I could pose as a disgruntled intelligence employee (all by implication of course) and leak the intelligence community’s frustration at being unable to identify these pesky hackers who are interfering with the orderly collection of intelligence. 🙂

  • Rhyno327 says:

    i would hope our intel services are neck deep in this. i really wish they could help the Iranian resistance movement. Good play all way ’round.

Iraq

Islamic state

Syria

Aqap

Al shabaab

Boko Haram

Isis