Application security, Threat Management, Incident Response, Network Security, TDR

Al Qaeda cyber-jihad threat dismissed by researchers

McAfee told organizations not to lose sleep over reports that al Qaeda would target Western websites in a mass-cyberattack this Sunday.

DEBKA-file, a Jerusalem-based website known for coverage of Middle Eastern military and intelligence issues, reported last month that al Qaeda's cyberattackers would target Western, Jewish and Israeli websites, as well as those of Muslims who do not fall in line with the terrorist group's fundamentalist viewpoint, beginning on Sunday.

McAfee Avert Labs researcher Francois Paget cited cyber-terror warnings in August 2004 and November 2006 that never materialized, but said he blogged about the specter of cyber-jihad because news stories and rumors were circulating on the internet.

Paget, who found a cyber-jihad program on the web and confirmed that it can launch basic DDoS attacks, said the application indicates that terrorist groups are interested in cyberattacks, but lack the technical know-how to launch a significant one effectively.

“I wrote this blog entry to demonstrate that at least one terrorist ring is interested in malware. But it seems to me, they have not reached the technical level of some criminal groups, for now. In this case, no fast-flux network was involved, no complex command and control protocol was committed, no worldwide botnet was created,” he said. “They are years behind. Shutting down the distribution stopped the attack before it started.”

DEKBA-file has reportedly published wildly inaccurate stories, such as a 2003 account that predicted the day Iraqi dictator Saddam Hussein would use weapons of mass destruction against American forces.

Craig Schmugar, threat research manager at McAfee Avert Labs, told today that the attack application is not unusual.

“The tool that some other people have associated with the DDoS attack is nothing special. Based on that information, this seems to be one of those run-of-the-mill [devices],” he said. “We have seen articles in the past warning of attacks like this, and nothing has happened.”

Officials have warned that al Qaeda could use the internet as an attack vector, but warnings of cyber-terrorism, such as a December 2006 advisory that the group would attack U.S. financial interests in retaliation for the treatment of prisoners at the naval base at Guantanamo Bay, Cuba, never materialized.

Johannes Ullrich, chief research officer at the SANS Institute, said Monday on the organization's Internet Storm Center diary that he did not think a mass cyberattack would occur.

“So, in short, stay calm, focus on best practices and you don't have to do anything special on [Sunday]. If your systems are secure, they will be fine,” he said. “If they are not secure, then they will get hacked no matter if it's cyber-jihad or the script kiddie from next door.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.