Report: Cyber Jihad Set for Nov. 11

[InfoSec News <alerts () infosecnews org>]

http://www.pcworld.com/article/id,139151-c,hackers/article.html

By Robert McMillan
IDG News Service
October 31, 2007

Security experts are saying that a reported al-Qaeda cyber jihad attack 
planned against Western institutions should be treated with skepticism.

The attack was reported by DEBKAfile, an online military intelligence 
magazine. Citing anonymous "counter-terror sources," DEBKAfile said it 
had intercepted an Oct. 29 "Internet announcement," calling for a 
volunteer-run online attack against 15 targeted sites, set to begin Nov.
11. The operation is supposed to expand after its launch date until 
"hundreds of thousands of Islamist hackers are in action against untold 
numbers of anti-Muslim sites," the magazine reported.

Such an attack could be launched with a known software kit, called 
Electronic Jihad Version 2.0, said Paul Henry, vice president of 
technology evangelism with Secure Computing. This software, which has 
been in circulation for about three years, has recently become more 
easily configurable so that it could be more effective in a distributed 
denial of service attack, such as the one suggested by the DEBKAfile 
report.

Attackers would download Jihad 2.0 to their own desktops and specify the 
amount of bandwidth they would like to consume, not unlike the SETI@home 
software package used to scan for signs of extraterrestrial 
intelligence.

However, Henry said that his law enforcement contacts are treating the 
report with some skepticism. "I talked to a few people today who know of 
DEBKAfile, who feel they are dubious, but they can be credible," he 
said. "I'm not looking at Nov. 11 as being the day that the Internet 
goes down."

Security expert Gadi Evron, who recently studied the cyber attacks in 
Estonia, expressed similar skepticism.

"DEBKAfile gets a lot of news that no one else has, and fast," he said. 
"But it's a community driven tabloid. Treat it as a golden source to be 
taken with 5 grains of salt," he said via instant message.

Even if an attack is planned, it would likely be nothing new, Evron 
added. "Cyber jihad on the level of attacking Web sites happens every 
day for numerous causes by enthusiasts. The content of this warning is 
doubtful. There are not hundreds of thousands of infosec workers 
world-wide, not to mention working for al-Qaeda," he said.

He believes that some low-skilled hackers may be planning something, but 
that DEBKAfile has probably not uncovered plans of a major online 
attack.

This is not the first time that the West has been threatened with cyber 
jihad.

In December 2006, the U.S. Department of Homeland Security's Computer 
Emergency Readiness Team (US-CERT) warned U.S. banks and financial 
institutions of a possible al-Qaeda cyber attack.

That operation, nicknamed "the Electronic Battle of Guantanamo," turned 
out to be a dud.


__________________________________________________________________      
CSI 2007 is the only conference that delivers a business-focused
overview of enterprise security. It will convene 1,500+ delegates,
80 exhibitors and features 100+ sessions/seminars providing a
roadmap for integrating policies and procedures with new tools
and techniques.  Register now for savings on conference fees   
and/or free exhibits admission. - www.csiannual.com