Experts dis rumored cyber-jihad set for Nov. 11
The possible attack was reported by a military intelligence magazine
IDG News Service - Security experts are saying that a reported al-Qaeda cyber-jihad attack planned against Western institutions should be treated with skepticism.
The attack was reported by DEBKAfile, an online military intelligence magazine. Citing anonymous "counterterror sources," DEBKAfile said it had intercepted an Oct. 29 "Internet announcement," calling for a volunteer-run online attack against 15 targeted sites, set to begin Nov. 11. The operation is supposed to expand after its launch date until "hundreds of thousands of Islamist hackers are in action against untold numbers of anti-Muslim sites," the magazine reported.
Such an attack could be launched with a known software kit, called Electronic Jihad Version 2.0, said Paul Henry, vice president of technology evangelism at Secure Computing Corp. The software, which has been in circulation for about three years, has recently become more easily configurable so that it could be more effective in a distributed denial of service attack, such as the one suggested by the DEBKAfile report.
Attackers would download Jihad 2.0 to their own desktops and specify the amount of bandwidth they would like to consume, not unlike the SETI@home software package used to scan for signs of extraterrestrial intelligence.
However, Henry said that his law enforcement contacts are treating the report with some skepticism. "I talked to a few people today who know of DEBKAfile, who feel they are dubious, but they can be credible," he said. "I'm not looking at Nov. 11 as being the day that the Internet goes down."
Security expert Gadi Evron, who recently studied the cyberattacks in Estonia, expressed similar skepticism.
"DEBKAfile gets a lot of news that no one else has, and fast," he said via instant message. "But it's a community-driven tabloid. Treat it as a golden source to be taken with 5 grains of salt."
Even if an attack is planned, it would likely be nothing new, Evron added. "Cyber-jihad on the level of attacking Web sites happens every day for numerous causes by enthusiasts. The content of this warning is doubtful. There are not hundreds of thousands of infosec workers worldwide, not to mention working for al-Qaeda," he said.
He believes that some low-skilled hackers may be planning something but that DEBKAfile has probably not uncovered plans of a major online attack.
This is not the first time that the West has been threatened with a cyber-jihad.
In December 2006, the U.S. Department of Homeland Security's Computer Emergency Readiness Team warned U.S. banks and financial institutions of a possible al-Qaeda cyberattack.
That operation, nicknamed "the Electronic Battle of Guantanamo," turned out to be a dud.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts