Stop me if you've heard this one: The Internet arm of Al Queda is targeting 15 anti-Islamist sites on November 11, urging its followers to download the new point-and-click Electronic Jihad 2.0 software and start their attacks. (Actually, you might have heard about it in my blog last week.)
Despite the software's silly name, I was curious whether this might be something worth worrying about. So I did a little more digging. The software is real -- in fact, I downloaded a copy of it yesterday off an archived copy of al-jinan.org. But if this is a serious terror threat, I'm Arnold Schwarzennegger.
Blogger BlackFlag, a computer security pro who writes about cyber terror tactics and wishes to remain anonymous, notes that the software is "the equivalent of a re-written 'nuker' DoS program circa 1995." He blogs:
It’s just a basic packet generator that sends ping requests, garbage packets and GET requests to the target. ...In my opinion these "e-Jihad hack-tools" aren’t all they are cracked up to be ... it has been my experience that the average script kiddie possesses more capable tools than this. Having these tools downloaded and installed probably helps the haji’s morale more than anything else.
This description of the software, from the Jamestown Foundation's "Terrorism Focus," makes it sound more like Space Invaders. Among other things, it lets e-Jihadders tally up the hours they've spent attacking and post their high scores online.
The account registers the number of hours the user spends attacking targets and every two weeks to a month the names of those who scored the highest are posted. Currently, the highest score is claimed by a user nicknamed "George Bush" who spent 4,211.50 hours, or 70 full days, hacking anti-Islamic websites.
Yet if you were to believe the sites that have been promulgating the "cyber jihad threat" -- like Jamestown, DEBKAfile, and the Northeast Intelligence Network -- you might be hiding under your desk right about now.
Paul Henry, VP of technology evangelism at Secure Computing, says the threat is nothing to lose sleep over, though it's always a good idea to review your defenses against DDoS attacks. He adds it will be interesting to see just how many e-Jihadists will be pinging away on November 11, if for nothing else than as a measure of how many cyber enemies we've made during the last ten years.
Sure, there are terrorists out there using the Net. But if these guys were interested in doing serious harm they'd be renting a botnet to run a real DDoS attack -- and they wouldn't be publicizing it first. This sounds more like a publicity campaign, or a recruiting tool for noobs, or an attempt to show just how gullible Westerners really are.
Or maybe it really is all just a game, Henry says.
"I wonder how many points you need to qualify for 72 virgins in the afterlife," he jokes.
Got hot tips on tech or terror? Spill the beans below or email me here. Cool swag is available for tipsters who deliver the goods.
Posted by Robert X. Cringely on November 7, 2007 03:00 AM
