Taliban sites hacked: Who is the ‘Voice of Truth’?

Earlier this week, Wired.com’s Danger Room aired a story about the supposed hacking of a Taliban website. The blog post let us know that the Taliban’s web pages were not just down, but possibly hacked, based on a posting to a jihadi forum telling people not to click on any of the links on the usual Taliban pages [forum post in Arabic here, Google English here, and both in PDF at Scribd.com here].

On June 7, when I tried one of the ‘usual suspect’ Taliban sites, I was sent to www.voice-of-truth.net, showing a montage of photos of Taliban atrocities and some text in English and what looks like Arabic and/or Pashto [GoogleEnglish translation available here]:

So fight (O Muhammad) in the wat of Allah Thou are not taxed (with the responsibility for anyone) except thyself – and urge on the believers. Peradventure Allah will restrain the might of those who disbelieve. Allah is stronger in might and stronger in inflicting punishment. Whoso interveneth in a good cause will have the reward thereof, and whoso interveneth in an evil cause will bear the consequence thereof. The group “Voice of Truth” group opposes all acts of the violence, brutality and barbarity. We support for the voices of all Muslims on the basis and principles of the Holy Qur’an and the Sunnah of our Prophet (SAW).

What do we know about “Voice of Truth”?

— The English version of the text suggests it was written by someone for whom English is not a first language (or that it was written by someone who wants us to think that).

— The Voice of Truth claims responsibility for attacking the site on March 17, April 7, April 14, May 17, June 4, and June 7 of this year (the dates are based on this Islamic calendar date converter).

— The address is administered via a company that registers URLs based in Westchester, Calif.

— The site’s server appears to be based in Romania and managed by a company in the Netherlands.

— Neither Google nor Yahoo can find pages that include this address as a link. None of Google’s other nation-based sites could find pages with this as a link, either.

Last year, there was a bit of mystery surrounding what looked like the Taliban’s having set up a PayPal donations page. Interestingly enough, the Taliban PayPal page address was registered to the same URL hosting company in Westchester, Calif. In that case, though, the server appears to have been based in Germany [WHOIS results, PDF of results at Scribd.com here]. Still, even if the PayPal page was set up by the good guys, it wasn’t a complete replacement or knock down like we’re seeing now.

So, who could be doing this?

Earlier this year, someone identifying himself as @th3j35t3r on Twitter bragged about taking sites promoting terrorism, for short periods of time (30-60 minutes). He says he’s hit at least some of the Taliban usual suspect sites – for example:

www.alemarah.info – official taliban website (Afghan Resistance) – ooops I did it again, down for 30 minutes. Reasons err obvious. PLZ RT 7:17 PM Jan 10th via web

www.alemarah.info – official taliban shadow government website – easy target, c’mon girls – give it some effort – DOWN 30 MINS 8:11 PM Feb 11th via web

If we take this person at face value, although he says he has the ability to take sites out completely, he says his aim is to ‘poke’ the Taliban’s IT folks to keep them off balance:

This approach is about disruption not destruction, (my system) could quite happily drop a site (or multiple sites simultaneously) for any period. However, I need to also allow room for any spooks out there to collect intelligence (if any there is anything actionable). It’s a big enough arena for us all to play nicely.

For now, the guessing game will have to continue.

Are you a dedicated reader of FDD's Long War Journal? Has our research benefitted you or your team over the years? Support our independent reporting and analysis today by considering a one-time or monthly donation. Thanks for reading! You can make a tax-deductible donation here.