The US and others may have withdrawn from Afghanistan, but many Afghan Government websites and email addresses under the .gov.af top-level domain are still very much dependent on services hosted outside of the country – mostly in the US.
By taking control of Afghanistan, the Taliban has inherited these government domains and now shares web hosting and mail servers with several other governments around the world, including the UK Government. In many cases, emails sent to .gov.af domains will be routed through US-hosted servers, presenting intelligence opportunities if the new Taliban government were to continue using them.
The Taliban has been hostile to internet usage in the past, but it remains to be seen what will happen to the 23,000 .af (including nearly 1,000 .gov.af) websites that existed before it seized control of Afghanistan.
It would not be surprising to see the Taliban eventually shut down any .af websites it does not approve of, but there may be others it would want to keep in order to facilitate a smooth transition to a new government. However, with so many of these sites dependent on infrastructure that is physically located in the US or in other countries far away from Afghanistan, it would not be surprising to see some significant changes being made to where these sites are hosted and how their email is handled.
At the time of writing, websites like firstlady.gov.af and president.gov.af are still up and running, although the latter does not appear to have been updated since July. The most recent publications to still appear on the homepage include an article about the now-deposed President Ashraf Ghani speaking to President Joe Biden over a phone call on 23 July, and a press release on 15 July to announce that President Ghani had left Kabul to participate in an international conference in Uzbekistan.
The Taliban's takeover of Afghanistan has evidently led to a state of limbo in the administration of .gov.af, with Bill Woodcock (executive director of PCH, the company providing DNS for .af) commenting that employees are staying locked down with their families, making no changes, while nobody new has stepped up to take on the work.
This situation was exploited earlier this week when a prankster using the pseudonym "Simon Pop" and a US mailing address was able to register the domain taliban.gov.af for just $25, demonstrating that anyone outside of the Afghan Government could register a .gov.af domain.
The domain's registrar has submitted a deregistration EPP request, and the .gov.af second-level domain has since been locked to prevent this sort of thing happening again.
The domain status for taliban.gov.af has already been updated accordingly in its WHOIS records:
Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited
Domain Status: addPeriod https://icann.org/epp#addPeriod
Domain Status: serverRenewProhibited https://icann.org/epp#serverRenewProhibited
Domain Status: serverHold https://icann.org/epp#serverHold
Domain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited
The serverHold status is set by the domain's Registry Operator and means the domain is not activated in DNS, while serverUpdateProhibited locks the domain and prevents it from being updated.
This serverRenewProhibited status code indicates that the domain's Registry Operator will not allow its registrar to renew the domain. This code is usually used during legal disputes or when a domain is subject to deletion.
It may not just be the Taliban that would want to take down or otherwise control Afghanistan's existing websites. For instance, the official Twitter account of Zabihullah Mujahid, the Spokesman of the Islamic Emirate of Afghanistan, has a profile page that links to alemarahpashto.com.
The Twitter profile for Zabehulah_M33.
However, this website is no longer available because the domain cannot be resolved due to its clientHold status. This is an uncommon status that is usually enacted during legal disputes, non-payment or when a domain is subject to deletion.
Domain Name: ALEMARAHPASHTO.COM
Registry Domain ID: 2547563081_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.tucows.com
Registrar URL: http://tucowsdomains.com
Updated Date: 2021-07-17T06:39:12
Creation Date: 2020-07-21T14:48:16
Registrar Registration Expiration Date: 2022-07-21T14:48:16
Registrar: TUCOWS, INC.
Registrar IANA ID: 69
Reseller: Hover
Domain Status: clientHold https://icann.org/epp#clientHold
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Although that website has gone, it seems perhaps more remarkable that Twitter permits the Taliban spokesman's account but has banned the previous US President from using the US-based social media platform.
By taking control of Afghanistan, the Taliban has inherited these government domains and now shares web hosting and mail servers with several other governments around the world, including the UK Government. In many cases, emails sent to .gov.af domains will be routed through US-hosted servers, presenting intelligence opportunities if the new Taliban government were to continue using them.
What will happen next?
The Taliban has been hostile to internet usage in the past, but it remains to be seen what will happen to the 23,000 .af (including nearly 1,000 .gov.af) websites that existed before it seized control of Afghanistan.
It would not be surprising to see the Taliban eventually shut down any .af websites it does not approve of, but there may be others it would want to keep in order to facilitate a smooth transition to a new government. However, with so many of these sites dependent on infrastructure that is physically located in the US or in other countries far away from Afghanistan, it would not be surprising to see some significant changes being made to where these sites are hosted and how their email is handled.
At the time of writing, websites like firstlady.gov.af and president.gov.af are still up and running, although the latter does not appear to have been updated since July. The most recent publications to still appear on the homepage include an article about the now-deposed President Ashraf Ghani speaking to President Joe Biden over a phone call on 23 July, and a press release on 15 July to announce that President Ghani had left Kabul to participate in an international conference in Uzbekistan.
Fake Taliban Government
The Taliban's takeover of Afghanistan has evidently led to a state of limbo in the administration of .gov.af, with Bill Woodcock (executive director of PCH, the company providing DNS for .af) commenting that employees are staying locked down with their families, making no changes, while nobody new has stepped up to take on the work.
This situation was exploited earlier this week when a prankster using the pseudonym "Simon Pop" and a US mailing address was able to register the domain taliban.gov.af for just $25, demonstrating that anyone outside of the Afghan Government could register a .gov.af domain.
The domain's registrar has submitted a deregistration EPP request, and the .gov.af second-level domain has since been locked to prevent this sort of thing happening again.
The domain status for taliban.gov.af has already been updated accordingly in its WHOIS records:
Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited
Domain Status: addPeriod https://icann.org/epp#addPeriod
Domain Status: serverRenewProhibited https://icann.org/epp#serverRenewProhibited
Domain Status: serverHold https://icann.org/epp#serverHold
Domain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited
The serverHold status is set by the domain's Registry Operator and means the domain is not activated in DNS, while serverUpdateProhibited locks the domain and prevents it from being updated.
This serverRenewProhibited status code indicates that the domain's Registry Operator will not allow its registrar to renew the domain. This code is usually used during legal disputes or when a domain is subject to deletion.
Other takedowns
It may not just be the Taliban that would want to take down or otherwise control Afghanistan's existing websites. For instance, the official Twitter account of Zabihullah Mujahid, the Spokesman of the Islamic Emirate of Afghanistan, has a profile page that links to alemarahpashto.com.
The Twitter profile for Zabehulah_M33.
However, this website is no longer available because the domain cannot be resolved due to its clientHold status. This is an uncommon status that is usually enacted during legal disputes, non-payment or when a domain is subject to deletion.
Domain Name: ALEMARAHPASHTO.COM
Registry Domain ID: 2547563081_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.tucows.com
Registrar URL: http://tucowsdomains.com
Updated Date: 2021-07-17T06:39:12
Creation Date: 2020-07-21T14:48:16
Registrar Registration Expiration Date: 2022-07-21T14:48:16
Registrar: TUCOWS, INC.
Registrar IANA ID: 69
Reseller: Hover
Domain Status: clientHold https://icann.org/epp#clientHold
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Although that website has gone, it seems perhaps more remarkable that Twitter permits the Taliban spokesman's account but has banned the previous US President from using the US-based social media platform.