Unredacted Original Interview with Newspaper ‘Die Welt’

Hi all, I was recently approached by one Florian Flade, a reporter from the famous German newspaper ‘Die Welt‘ and asked if I could do an interview. Florian I might add was a pleasure to answer questions for. The article went out today here, however only in German language, so for anyone who does not speak the language I post here the original English transcript. (I tried Google translate on the article but it made not a hint of sense). PS For some reason they have taken to calling me ‘JOKER’ and have provided no link whatsoever back here or to my twitter account. Anyway, ho-hum, here’s the transcript.



If you had to describe you, what would you tell people about what you do and who you are?


What I do: I aim to cause disruption to the online efforts of Jihadists on the internet. They have realized that they can recruit, train and coordinate home-grown terrorists completely via the internet, without ever having to meet. This cuts out much of the risk for the recruiters associated with any face-to-face contact. Web recruitment targets young, tech-savvy, vulnerable Muslims, the iPod generation if you like. By making these  sites unreliable, the potential recruit numbers start to dwindle. Who am I?  For reasons of operational and personal security reasons it would be foolish of me to divulge too much information, however I can tell you what is already known about me. I am an ex-military operative. That’s about all I can tell you.


When did you start hacking Jihadi websites?


I started this particular campaign on 1st January 2010 having built a rudimentary working version of XerXes. Since then XerXes has developed into a more substantial attack platform as you can see here and here. However, XerXeS is just one rather public attack vector in my arsenal.


Why do you especially go after the Jihadi propaganda websites and forums?


I target known jihadi propaganda, recruitment, training and co-ordination sites because they pose the single biggest threat to the actual physical world at large, rather than being just a threat limited solely to cyberspace itself. By making these methods of terrorist communication unreliable, they become useless as an effective tool.


What is the reason you are doing this?


Mainly because nobody else seems to be taking the threat seriously. There are many bloggers and security analysts who do a fine job at passive reporting and speculation, but I prefer a more direct, in-your-face approach. Tweeting every attack publicly serves to undermine the operators of these sites, and brings them to the attention of counterterrorist agencies.


Are you familiar with the political events in real conflict zones or is your interest limited to the cyberspace?


As a former soldier, I am more than aware of what happens on the ground in actual theaters of conflict. However, since leaving the governments payroll I have come to realize that cyberspace is fast becoming the next Front Line – a valid and very real battle space. The threat landscape on the internet naturally mirrors that of the physical world as the internet becomes more and more closely integrated with critical infrastructures and business systems. These will be the next targets of terrorism-  high value/low risk to the attacker.

Was there a specific event that triggered your interest in hacking and bringing down Jihadi websites?


Well no not really a specific event, just keeping an eye on the news I noticed more and more home-grown terror plots carried out by radicalized citizens of the very country being targeted. It occurred to me that the internet was how they were being recruited, trained and coordinated, as its cheap and relatively safe if you are careful. So I started to do some digging. The rest is… well… history, as they say.


What was the first Jihadi website you brought down?(and when)


The first was www.alemarah.info  this is (or more correctly, was) the official website of the Taliban Shadow Government in Afghanistan. It served to spread propaganda and incite violent Jihad  I hit this down for the first time on 1st January 2010. Since then many followers on twitter have passed leads on to me, which I then vet to ensure the site poses a threat before it makes it onto the hit-list.


Are you taking down the websites only for a limited time on purpose or is it because the Jihadi website owners manage to relaunch their websites?


I could bring many sites down permanently, however, this would be irresponsible of me as I am aware that many official counterterrorism agencies rely on these sites for the purpose of gathering intel. The jihadist tech guys are on the whole fairly limited, and rely on obfuscation rather than a real approach in protecting their systems. However, that said, I am aware of two particularly adept Islamic sysadmins in the US and UK who appear to have an in-depth knowledge of LAMP (Linux/Apache/MySQL/PHP) hardening techniques


What is your ultimate goal in taking down Jihadi websites? (is it a long-term goal or do you see it as a challenge only)


Initially it was just a challenge, but it’s become more serious. After a couple of death threats early on, I decided to continue to hit them down and actively seek out new targets.  The long-term goal is to keep playing with their servers, systems and methods until they don’t know who or what to trust — thus making the internet an ineffective tool for them.


Can you already see the impact your hacking work has on Jihadi propaganda?


Yes. For example, a few sites have been booted by their own ISP, as my methods create indirect pressure on them. Also, many target sites have seen prolonged down time due to the fact they turn things off themselves while they are scurrying around trying to patch holes, analyze log files, etc in an attempt to prevent further hits. So, while this occurs the site isn’t available to jihadists.


Why didn’t you go after the most influencial Jihadi forum (Faloja) yet?


I am glad you asked this question Florian. By NOT hitting certain sites, and hitting others hard, I am ‘herding’ – people give up easily when a site is constantly up and down, and move on to a more reliable one. So it creates a funnel-effect,  funnelling terrorists and potential terrorists away from peripheral sites and into a smaller space that is easier to monitor.


Would you say the Jihadi propagandist are scared of you and your work?


My message is quite simple: If they are not scared, great, makes my job easier, and if they are scared – Stay scared, because you ain’t seen nothing yet. Wait till they get a load of what else is simmering away in my code-cauldron 😉 You only witness what I allow you to witness, there’s more going on under the hood.


Are you supported in any way by Western governments, intelligence agencies or anybody who is also fighting Jihadi propaganda?


At this time I work completely alone, and have no ties or affiliations with any government entities.


Are you disappointed the U.S. government/CIA/NSA or others do not support your work?


Simple answer is – No. Lone wolves work faster, eat more and are harder to track and capture.


Are you also behind the Voice of Truth group who hacked the Talibans website recently fort he 5th or 6th time?


I am aware of their work, however I am not, nor have ever been, ‘Voice of Truth’, however I fully support their methods and tactics. Good work guys. The one thing I have noticed as a side-effect of being so public with my takedowns is that onlookers give me credit for hacks that had nothing to do with me (at least twice to my knowledge).


Are you in contact with the Voice of Truth guys or any other person who hacked Jihadi website?


As I said earlier, I am in contact with no other hackers, and work alone. It’s a lot safer that way, considering the nature of the targets. Its not like these guys are gonna play by the rules if they ever catch up with me.
I’d like to thank you, Florian, and Die Welt, for the opportunity to talk, and for your professionalism in handling this interview.