By Robert McMillan
IDG News Service
October 31, 2007
Security experts are saying that a reported al-Qaeda cyber jihad attack
planned against Western institutions should be treated with skepticism.
The attack was reported by DEBKAfile, an online military intelligence
magazine. Citing anonymous "counter-terror sources," DEBKAfile said it
had intercepted an Oct. 29 "Internet announcement," calling for a
volunteer-run online attack against 15 targeted sites, set to begin Nov.
11. The operation is supposed to expand after its launch date until
"hundreds of thousands of Islamist hackers are in action against untold
numbers of anti-Muslim sites," the magazine reported.
Such an attack could be launched with a known software kit, called
Electronic Jihad Version 2.0, said Paul Henry, vice president of
technology evangelism with Secure Computing. This software, which has
been in circulation for about three years, has recently become more
easily configurable so that it could be more effective in a distributed
denial of service attack, such as the one suggested by the DEBKAfile
Attackers would download Jihad 2.0 to their own desktops and specify the
amount of bandwidth they would like to consume, not unlike the SETI@home
software package used to scan for signs of extraterrestrial
However, Henry said that his law enforcement contacts are treating the
report with some skepticism. "I talked to a few people today who know of
DEBKAfile, who feel they are dubious, but they can be credible," he
said. "I'm not looking at Nov. 11 as being the day that the Internet
Security expert Gadi Evron, who recently studied the cyber attacks in
Estonia, expressed similar skepticism.
"DEBKAfile gets a lot of news that no one else has, and fast," he said.
"But it's a community driven tabloid. Treat it as a golden source to be
taken with 5 grains of salt," he said via instant message.
Even if an attack is planned, it would likely be nothing new, Evron
added. "Cyber jihad on the level of attacking Web sites happens every
day for numerous causes by enthusiasts. The content of this warning is
doubtful. There are not hundreds of thousands of infosec workers
world-wide, not to mention working for al-Qaeda," he said.
He believes that some low-skilled hackers may be planning something, but
that DEBKAfile has probably not uncovered plans of a major online
This is not the first time that the West has been threatened with cyber
In December 2006, the U.S. Department of Homeland Security's Computer
Emergency Readiness Team (US-CERT) warned U.S. banks and financial
institutions of a possible al-Qaeda cyber attack.
That operation, nicknamed "the Electronic Battle of Guantanamo," turned
out to be a dud.
CSI 2007 is the only conference that delivers a business-focused
overview of enterprise security. It will convene 1,500+ delegates,
80 exhibitors and features 100+ sessions/seminars providing a
roadmap for integrating policies and procedures with new tools
and techniques. Register now for savings on conference fees
and/or free exhibits admission. - www.csiannual.com