Security Watch | Matt Hines » Security researchers highlight potential cyber-Jihad

October 31, 2007 | Comments: (0)

Security researchers highlight potential cyber-Jihad

TAGS: Security

Citing reports published in Debkafile -- an Israeli news outlet that boasts a behind-the-scenes view into Middle East military conflicts and terrorist activity -- security researchers are warning of a potential "cyber-Jihad" set of attacks to be carried out by backers of Osama Bin Laden in mid-November.

If the newest cyber-terrorism reports prove to be accurate, attackers may also have an updated and more comprehensive malware tool in their hands to help carry out the effort, according to experts at Secure Computing.

Debkafile -- which bases many of its news stories on tips from unidentified sources and has published erroneous reports of potential terrorist threats in the past -- said in a news story posted online that Bin Laden and his al Qaeda supporters released an electronic announcement detailing their planned cyber-attacks on Monday.

"On Sunday, Nov. 11, al Qaeda's electronic experts will start attacking Western, Jewish, Israeli, Muslim apostate and Shiite Web sites," the announcement read, according to Debkafile. "On day one, they will test their skills against 15 targeted sites [and then] expand the operation from day-to-day thereafter until hundreds of thousands of Islamist hackers are in action against untold numbers of anti-Muslim sites."

The news site said that the announcement was transmitted in Arabic and intercepted by unnamed "counter-terrorism" sources.

The al Qaeda threat also reportedly promised an impenetrable e-mail network for use by potential volunteers participating in the attacks through which they will be able to contact and receive instructions from project leaders and communicate with others involved in the campaign.

The effort is being carried out in retaliation to tactics being utilized by Western intelligence agencies that have been actively taking down terrorist support Web sites, Debkafile reported.

Security researchers have long debated the validity of threats of cyber-terrorism.

For the most part the attacks have proven over-hyped, but the potential for such coordinated campaigns, and the damage they might incur on critical infrastructure, have been thoughtfully played out in recent years in books such as cyber-terrorism expert Richard A. Clarke's novel "Breakpoint."

Previous announcements that have offered similar threats of impending "cyber-Jihads," including those that have carried almost the same language as the newest report have proven inaccurate -- such as one that closely followed the 9/11 attacks that was released in Oct. 2001.

Among the few real ties that have been established between radical Muslim groups and online attacks in recent years have been reports produced by security researchers detailing of the existence of groups such as the Q8Army -- a malware distribution and botnet control outfit which is believed to operate out of the Middle East and has been known to distribute messages of "world domination" by radical Muslims along with its virus code.

According to Chris Boyd, a researcher with messaging software maker FaceTime Communications who has tracked botnet operators and attempted to follow the flow of the groups' financial resources, Q8Army has used some of the funds derived via its network of online schemes to purchase mobile communications gear, laptop computers and other types of field equipment.

Some people believe that the massive denial-of-service attack carried out against Estonian Web sites earlier this year -- believed to be spearheaded by Russian hackers angry with Estonian government policies -- was a precursor to the types of cyber-terrorist threats the world will actually see more of in the coming years.

Security researchers at software maker Secure Computing say that despite the fact that previous cyber-Jihad attacks haven't materialized, potential participants in such a scheme may already have a powerful new tool in their hands.

The mass distribution of a comprehensive "electronic Jihad software program" over the last several years may be cause for concern, Secure said.

The application offers a point-and-click user interface for use by aspiring participants -- which may have greatly expanded the reach of the malware tool, based on its improved ease-of-use -- Secure said in an e-mail sent to reporters on Wednesday.

Secure also said that the program -- which it has labeled as Electronic Jihad Version 2.0 -- is being supported by multiple Web sites that offer tutorials on its use, including some that the company has captured and translated into English.

The latest version of the software also adds expanded coordination capabilities, Secure said, which are meant to help users of the program aim their efforts at the same sites being attacked by others employing the program, according to the company.

We'll see what happens on Nov. 11.

Posted by Matt Hines on October 31, 2007 12:28 PM

RATE THIS ARTICLE: