Howso? If you understand the how the website machinations are made, you can zero in on the death threats.
Every death threat is made from a computer on the internet. These threats can be traced to the IP address of the ISP hosting them. This happens all the time -- a few weeks ago a woman cut a baby out of a pregnant mother (after posting the message on an internet forum). The culprit was traced very shortly because she had posted on a forum via her IP address. Child pornographers are traced to their homes within minutes of their postings.
Strangely enough, only Islamist terrorists seem immune to tracing on the internet.
"Strangely enough, only Islamist terrorists seem immune to tracing on the internet."
Or the FBI, Secret Service, NSA etc. don't publish their tracking methods?
You could read behind the lines to infer that the Dan Pearl murderers were caught by (quite stupidly) sending threatening Hotmails to the WSJ and other media. Stupid because Hotmail embeds the source IP address in the email header, which in the case of Pearl was traced back to an Internet cafe in Karachi, which was then surveilled until the idiots came back. Simple.
IIRC KSM made a similar error in computer use, and presumably other Islamists have been busted in the same basic manner.
The difference between Islamist sites and, say, child porn sites is that the latter can be ID'd by law enforcement and then used as a "honeypot" to nab other visitors.
To do so, LEOs would simply enlist the ISP to capture source IPs and pages visited (presumably with a warrant, and an absolute no-brainer with Web server software), and then go to the source ISPs and similarly subpoena their DHCP logs to see which user(s) were on those IPs at a specific time and place. Busted.
Islamist sites are known to be very transient - they're hosted by one ISP today and another next week, or on non-US sites, or whatever - so it can be logistically difficult to get things in order to accomplish a sting.
Example, after ID'ing an Islamist site hosted in UAE, you'd need the cooperation of UAE law enforcement, then UAE LEOs would need to gain cooperation of that UAE ISP (probably not difficult at that stage), then get Web logs back to US LEO's, who would then have to subpoena source IPs from all the ISP's involved. That would work with US users, but forget about it if they're from all around the world. Again, sheer logistics.
In the case of state-run ISPs and hosting services which have already agreed to cooperate with US law enforcement, the turnaround would be faster, there might already be procedures in place to set up these kinds of stings.
Sophisticated Islamists who use proxy software at their source PC would be able to mask their source IP address which makes much of this undoable, though again due to logistics, not because it's a technical impossibility.