Re: fyi: Electronic Jihad: Winds of Cyber War or False Alarm?
Fear is an interesting thing. I think it was Alfred Hitchcock who
asserted, in effect, that his movies were more scary because of the
long build-up and expectation and that the blood-letting was almost
anti-climactic. Information warfare is all the better if there is a
big build-up - a drum beat of ever increasing intensity - leading to
increasingly violent outcomes. The problem is that no real fear exists
from cyber attack and it largely has to be made up in the minds of the
targets. Most people don't realize they can simply walk away, turn off
their computer, and do something else for a bit. Of course
infrastructure is a different issue, and middle eastern terror groups
have launched successful information infrastructure attacks before. So
we shouldn't underplay the potential for harm. But neither should we
be terrified by it.
On Nov 2, 2007, at 10:21 AM, Phil wrote:
> Electronic Jihad: Winds of Cyber War or False Alarm?
> By John P. Mello Jr.
> Part of the ECT News Network
> 11/02/07 4:00 AM PT
> Al Qaeda computer experts will begin an expanding attack on Western
> Web sites beginning Nov. 11, according to a report. Some security
> experts have dismissed the report, calling talk of an impending
> "electronic jihad" little more than static. Others, however, said
> improving tools could make such an assault a distinct possibility.
> Terrorist Hype
> The source of the e-Jihad report is the Israeli Web site DEBKAfile.
> It reported Tuesday that its counter-terror sources intercepted an
> announcement in Arabic on Monday describing the attack.
> Al Qaeda computer experts will begin on Nov. 11, unleashing attacks
> on Western, Jewish, Israeli, Muslim apostate and Shiite Web sites,
> according to the report. They will begin, the report asserts, by
> testing their skills on 15 targeted sites, then expand the operation
> to include hundreds of thousands of hackers attacking a multitude of
> Cyberterrorism announcements like this have a track record of
> fizzling, according to Kent E. Anderson, managing director of
> Network Risk Management in Portland, Ore.
> "I find it a little difficult to believe that they're going to have
> hundreds of thousands of online Jihadists," he told TechNewsWorld.
> "There seems to be a little bit of hype put into this.
> "I'm not dismissing it outright," he added, "but I am saying we
> should view it with caution."
> Real World Kinds of Guys
> Such events have been dismissed in the past because it was felt the
> terrorists lacked the know-how to do much damage in cyberspace.
> "Terrorist organizations are certainly using information technology
> in a very sophisticated way," Anderson maintained.
> "What we haven't seen to date," he added, "is any significant
> 'offensive' use of technology by terrorist organizations like al
> One reason for that may be that they haven't developed the skills to
> do it, he hypothesized.
> Another may be an inclination to do damage in the physical world, he
> added. "It's more direct," he said, "and much more harmful in the
> long run."
> Terrorist Script Kiddies
> There are signs, however, that the Nov. 11 attack could be different
> from similar events in the past, according to Paul Henry, vice
> president for technology evangelism for Secure Computing in San
> Jose, Calif.
> The latest version of the terrorists' software, Electronic Jihad
> 2.0, makes it easier than ever to coordinate a denial of service
> attack on a Web site, he explained.
> "You simply select the level of bandwidth you wish to use and hit
> 'attack,' and the attack is launched," he told TechNewsWorld. "It's
> really down to script kiddie level."
> Martyrdom by Proxy
> Version 2 automatically targets Web sites for attack. That enables
> terrorists to better coordinate assaults on their targets --
> something that couldn't be done with the previous release of the
> "They've been distributing this widely over the last year or so," he
> said, "so I imagine that they have considerably more people using
> the software today.
> "By coordinating the attack and focusing everyone on specific URLs
> or specific networks, I think it will have more impact than it's had
> in the past," he added.
> "Another twist is that they're tracking the number of hours that
> users are spending using the software to take out Web sites," he
> observed. "You can gain pseudo martyrdom by having enough hours
> logged in using the program to wreak havoc on the Internet."
> Don't Loose Sleep Over It
> Others are more reluctant to sound the alarm bells just yet.
> "I think it's healthy to be skeptical about these sorts of things,"
> Graham Cluley, a senior technology consultant with global network
> security firm Sophos <image001.gif>, of Burlington, Mass., told
> "Have we ever known al Qaeda to announce in advance when they're
> planning to attack?" he asked.
> "Surely," he reasoned, "the one thing which terrorists have reveled
> in in the past, is the element of surprise. That's one of the
> strongest things in their armory.
> "The people who are tracking terrorists and hacker
> <image001.gif>groups and things put too much weight on babble on the
> Internet," he asserted. "Everyone needs to take sensible
> precautions, but this isn't something which I think many people
> should lose too much sleep over at the moment."
- This communication is confidential to the parties it is intended to
Fred Cohen & Associates tel/fax: 925-454-0171
http://all.net/ 572 Leona Drive Livermore, CA 94550
Join http://tech.groups.yahoo.com/group/FCA-announce/join for our