U.S. Companies Still Host Terrorist Websites

In 2005, I got to experience the rare sensation of driving from the Internet -- at least momentarily -- the official English-language website of Iran's supreme leader, Ayatollah ul-Uzma Khamenei.

A news report I produced for my employer at the time, CBS's Dallas television, also sent scampering about 45 other Islamic Republic of Iran sites. The Iranians had put them all up on the Dallas hosting company CI Host for less than $50 a month each.

After the unwelcome publicity, CI Host disabled the exposed sites and they had to find a home in some other country. Company officials issued jingoistic mea culpas and explained, implausibly, how they hadn't known about the sites and couldn't police their own acceptable use policy or servers. More on that claim later.

CI Host acted with haste on the Iran sites out of what seemed at the time a healthy self-interest: the company's business arrangement with Iran, small though it was revenue-wise, represented a potential violation of a U.S. trade embargo against the designated state sponsor of terror. The Treasury Department's Office of Foreign Assets Control (OFAC) could have savaged the company with fines and sanctions had the agency chosen to do so.

OFAC did nothing then. Which brings us to now.

I had all but forgotten about my old work until April 9, when the Washington Post put out a front-page story that purported to reveal for the first time the problem of outlawed foreign terrorist organizations hosting their hate recruitment sites on private-sector American server farms.

For more than a year, the Post reported, a Taliban group used a site hosted by another Texas company called The Planet "to rally followers and keep a running tally of suicide bombings, rocket attacks, and raids against the U.S. and allied troops" for the cost of about $70 a month payable by credit card.

Just like CI Host told me years earlier, The Planet officials told the Post they had no clue about the site's Taliban connections -- and no technical means by which to detect sites like it. The Planet said it doesn't even try; it just reacts to complaints. The story went on to explain that federal agencies wouldn't be taking any action either, and why.

All of the same explanations had been provided to me years ago, not only for my story about the Iranians but other stories I did about the same issue dating to 2004. In addition to the Iranian sites, I showcased how other Texas web hosting companies were enabling Hezbollah, Hamas, Islamic Jihad branches, and many other terrorist groups to get out their messages of violent incitement over the Internet. I found sites with American hosting companies that openly aimed to physically destroy America, commit terrorist acts against Americans wherever they can be found, and kill as many American soldiers as possible abroad.

As recently as the summer of 2006, I wrote about how Hezbollah's al-Manar television had managed to keep beaming its "news" from an Austin website carrier after Israeli bombs destroyed its transmitter during the war in Lebanon.

So my takeaway from the April 9 Washington Post story wasn't that some new phenomenon was in play. For me, the news was that an old problem had somehow been allowed to persist unchanged for so many years -- enabled by the same implausible, unvetted company and government explanations first doled out to me a half decade ago.

Company excuses for not culling objectionable clientele like the Taliban and Iran's mullahs are challengeable, yet have never really undergone serious challenge. The same can be said of law enforcement explanations for continuing inaction.

The longevity of the problem raises a legitimate question: has the time finally arrived for the feds to make an example of one or two of these companies?

It so happens that my first story on this subject in 2004 showcased The Planet, the same company featured in last month's Post story.

Back then, The Planet was hosting now-deceased Abu Musab al-Zarqawi's al-Qaeda in Iraq website, which until my report was offering up the latest videos of bloody murders of coalition troops as incitement propaganda, recruitment, and bragging rights. The Planet also was hosting dozens of other jihadist websites, among them some run by Hamas and Hezbollah.

The Planet left many of them in place even after I alerted the company to them, including a couple of other al-Qaeda sites.

At the time, The Planet officials told me, just like it told the Post last month, that it simply could not police for Islamic extremist material among the 1.5 million websites and 20,000 customers.

But a number of cyber security experts told me that's patently untrue. One of them, former federal prosecutor Matt Yarbrough, now a private attorney specializing in cyber law, told me server companies like The Planet can easily and cheaply patrol their servers.

"It is technically possible," Yarbrough said. "All they would have to do is basically run a string search across its own server farm to look at the content of each one of these websites, whether it's a keyword, like 'terrorism' or 'bomb' or 'holy jihad.'"

Terrorism specialists say the Internet now reigns as the single most powerful tool in the arsenal of Islamic extremists bent on taking their organizations global. A number of major homegrown terrorism plots in recent years were conceived by wannabe jihadis incited by extremist websites.

Would companies like The Planet and CI Host suddenly unravel the technical mysteries of self-policing if their executives became defendants in a federal enforcement action?

There's never been any indication that the FBI or Treasury has ever tried to investigate or prosecute one of these companies for doing business with terrorists. One old argument I heard years ago and again parroted in the Post story is that such sites are more valuable left intact for intelligence gathering than as national security threats.

That doesn't square with what counterterrorism specialists tell me today: Sites with interactive components like chat rooms can be of high value for intelligence monitoring. But a lot of sites have no such interactivity. They offer a one-way stream of solicitation to murder, propaganda, and calls of "fire" in a proverbial crowded movie theater.

To be sure, federal prosecution of such non-interactive sites presents a challenge but not an insurmountable one. Under federal law, it is illegal for any American company to knowingly do business with a designated terrorist organization.

The trick is to prove a company had actual knowledge that outlawed e-jihadis or state sponsors of terror like Iran were paying for their cyberspace. Plausible deniability is high for companies like The Planet -- as long as they don't actively patrol their own servers or leave a site up after someone like me points it out, as happened when I did just that in 2004.

Internet companies usually stay one or two steps removed from the actual web space buyers. They typically sell wholesalers their web space. Those wholesalers in turn contract much of the business with the public, with just about anyone who offers a name and a credit card. Some of those people might well be "straw buyers" kept in the dark about whom they're buying web space for.

Still, all the feds would need is one or two indictments to provide the incentive necessary to prompt American server companies. Perhaps then they might pay less attention to offering up worn excuses and start cleansing their servers of customers that want them dead.