Schneier on Security
A blog covering security and security technology.
« Taking Pictures from a Train |
| Security Cartoon »
November 9, 2007
Al Qaeda Hacker Attack to Begin Sunday
At least that's what they said two weeks ago:
On Sunday, Nov. 11, al Qaeda's electronic experts will start attacking Western, Jewish, Israeli, Muslim apostate and Shiite Web sites. On Day One, they will test their skills against 15 targeted sites expand the operation from day to day thereafter until hundreds of thousands of Islamist hackers are in action against untold numbers of anti-Muslim sites.
I think this is nonsense. We'll see who's right next week.
Posted on November 9, 2007 at 6:44 AM
• 50 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Normally, I would be carefull not to laugh at hacker threats since a widespread nonchalant attitude might provoke an actual attack. However, in this case, I am absolutely sure there is no immediate threat, with exception of perhaps one or two defaced websites performed by individuals on their own initiativ. So therefore; HA HA HA!
Even if successfully, so what. I can't access some web site for a few days? Big deal, I'll just get a train ticket and get a few good photographs instead. I'm told you can get some great photos from trains....
This has been brought up before as a major threat; not to have happened on announcement.
If ya think its really a hoax, why don't you invite them to hack www.schneier.com? It would give them cred for their next "threat" to hack a site devoted to security...
Only Western, Jewish, Israeli, Muslim apostate and Shiite web sites ... ? So ... what about my Christian web site? :-(
Of course even if this is legit there's always the possibility that they put it off due to the publicity.
I also doubt that they'd have much of an affect against any competantly run site.
I am so depressed that they didn't include Hindu's also.
That alone makes this is a suspect pronouncements .. they should at least be fair and attach all the enemies.
Hacking websites isn't exactly terrifying, is it? Not quite the sort of thing to make you fear for your life, or change the very way you live in a vain attempt to prevent a repeat attack?
How is it terrorism if nobody is terrified, and what is the point?
Shouldnt be much of a target base; they are going after "anti-muslim" sites and I have never seen or heard of one of those...
"hundreds of thousands of Islamist hackers"
What's a ji-hacker to look forward to? 72 virgins but only in second life...
This would seem to be more worryingsome...http://blogs.abcnews.com/theblotter/2007/11/exclusive-fbi-a.html...Although, if this is true then the upside is that the lines to Santa should be shorter this year...
Thanks for a great laugh ! These people should definitely be called ji-hackers from now on...
If you go with quantum theory, such an attack happens all the time.
Even if it happened how could anyone prove that it really was "al Qaeda". As opposed to someone in Washington/London/Tel Aviv/Canberra/etc wanting to get more support for the "War on Terror".
Or for that matter prove that "al Qaeda" as some global Islamist conspiracy actually exists.
It's also rather odd for a "terrorist threat" to come without demands. Just about every real terrorist group on the planet would say something of the form "If you do X or don't do Y then we are going to do Z."
Given that Al Quaeda's "antagonism" toward the regime currently running the United States is the biggest case of security theater running, I fully expect attacks against conservative bastions represented by that regime: whitehouse.gov, Fox News and the rest of the Rupert Murdoch propaganda machine, low level US military sites, and fundamentalist Christian sites. Left off the list will be companies like Halliburton, Blackwater, etc. which actually perform useful logistical functions for the Bush regime.
Yes, this was terrifying... in the late 90s. Every web site gets attacked every day now. I agree with Bruce. Lame.
The threat is not really from ji-hackers... but instead from little script kiddies who will run their scripts in the hopes that their culmative scripts will make 'this' an event to participate in. They may not support the Jihad call.... or the Qaeda... they just might want to 'be part of' some malicious staged event in solidarity with the other mindless script kiddy participants.
Wouldn't it be a lovely surprise for any participants in a 'Ji-hacking' event to be busted and find their asses thrown in Guatanomo ( or whatever they call that hell hole prison in Cuba ahhhah ).
I would love to see them trying to explain that they are just mindless script kiddies and not Jihadist while they face daily interogations for the next five years there and share a cell with a big bubba Jihadist named Abu Bin Bumpumper.
Oh crap. So this means I will spend Sunday cleaning away "haxxored" messages on my public wikis.
This is what always happens. Somebody from a fringe on one side or the other of the spectrum makes crazy, off topic allegations against someone else, offends someone who responds offensively, starting another argument, and it goes on and on. Then dialogue is lost.
I admittedly have been sucked into this trap myself.
I, too, think the attack story is nonsense. But your contributions, if you can call them that, have nothing to do with it.
This is like a psychic prediction in a tabloid magazine.
What constitutes 'a major attack'? One website? Ten? A thousand?
If I don't frequent the targeted sites, how is this going to affect me?
And so on.
This is laughable.
Security pros all laugh this off. If nothing else, it's a chance to practice some good old-fashioned black hole routing.
As I'm sure some of you are aware, funnily enough, large swaths of IP space are largely unusable at any given time due to black hole routing. Router security people forget to unblock ranges of IPs after blocking them.
I used to work for a company where the router security people would block entire Class B's at one time. Funny stuff.
The above is not the preferred method of handling this kind of attack, since most of the time they originate from botnets, cracked networks, etc.
j00 h4V3 83eN H4x0r3d bY 4l Kwe4D4 3L1+E! thI5 post DEMON$+R4+3$ +H@t J00 h@vE 833n pwned 8y tHe MIGh+Y 5T4+3 0Ph 15L@M! o$4m@ rUL35!
In order to defend the Internet from the Islamic hacker threat, we need to flood it with the only thing that they cannt defend against.
They will be so distracted by the uncovered women that they will be unable to focus on attacking the West.
So you know what you have to do on the 11th. Flood the net with Smut and nothing but!
"So you know what you have to do on the 11th. Flood the net with Smut and nothing but!"
Hmmm... Is there an American version of the British aphorism "Sending coals to Newcastle"? 8)
Done, done and done.
"They will be so distracted by the uncovered women that they will be unable to focus on attacking the West."
Some friends of ours went on a nudist cruise, which chartered a Danish owned but Indonesian-mostly male-crewed ship. As part of the the contract, the organizers had to pay for hotel accommodations for any crew members who chose not to deal with seeing naked women. Out of 900+ crew, something like 5 took up the offer.
Ahh the sacrifices they made.
Ah Debka, the Weekly World News for the military set :)
When I first saw this earlier in the week, my first reaction is that there are Bush Administration appointees sufficiently lame to think up a scheme like this to try and plant trojans on the PCs of volunteer jihackis who sign up to take part.
How am I supposed to notice this? I get attacked 7 days a week. How do I tell a hacker from a ji-hacker?
Here's a few clues that this is patently ridiculous.
1. Skilled hackers are like cats, the difficulty of organizing them grows exponentially with the number involved.
2. "Hundreds of thousands" of unskilled hackers aren't too much more of a terrorist threat than the burrito I had yesterday for lunch.
3. Hundreds of thousands of skilled hackers would be more than capable of disrupting the internet as we know it. If the plan is to attack a bunch of individual websites the majority of those skilled hackers would go find better uses for their time and talents.
So, this is either a load of bull or we'll see a bunch of website defacements and server logs filled by everything a default metasploit install can throw at them.
Ha ha, you spelled Qaeda wrong and you used a leet speak converter. I started to laugh at your fake Al Qaeda script kiddy post, but then it struck me you're probably real and the best Al Qaeda has to offer. Now I'm laughing at you, all of you, again.
@edgore: What about it? Neither "islam" nor "muslim" even appear on it so it could hardly be anti- those things.
Besides anyone who can shoot a lawyer and get away with it is all right in my book!
Now when do we face east and start Sunday. Could be any time zone at any time.
Do I have to go to Home Depot and buy duct tape and plastic sheeting for my personal web server, or since it runs on a Mac mini, will masking tape and saran wrap be enough?
be interesting if RBN knew in advance that they were gonna lose a lot of bots due to blacked out C&C and so they hooked up with e-jihadis as a business deal...we could see more of this in the future, after all, middle eastern fiefdoms have a history of buying weapons technology from struggling russian enterprise
Due to increasing number of arrivals we are currently running short of virgins. Therefore we will reduce the number allocated to each new arrival to six starting from November the 11th. In exceptional circumstances two additional goats will be provided.
Bob, of course there are anti-muslim sites. The best known is probably jihadwatch.org but there are many more.
Bob, of course there are anti-muslim sites. Probably the best known is jihadwatch.org but there are more (most are listed as links from that site).
Several interesting articles related to the threat, the "Electronic Jihad" DDOS software, and how the threat is not as bad as some claim it is:
"Experts dis rumored cyber-jihad set for Nov. 11":
McAfee Avert Labs Blog - "Cyber Jihad - I'll say good and quiet November 11 to you":
This item describers the "Electronic Jihad 3.0" tool and has several screen shots of it. Some other reports refer to the tool as version 2.0.
My person take on the matter: I agree with the points of the two articles above. If the DDOS flurry from the e-Jihad software does occur, it would be joining the long queue of other Internet nuisances. Most sites would do better by working on their general security practices than fretting about the "e-jihad" report itself.
Most be a good thing to have a cyber attack, this sunday morning my connection seems to be just a bit quicker.
Well, they got e-daf.com; so far I haven't seen anything elsewhere.
well.. the date has passed... are we still alive? ;)
e-daf.com has been restored.
@Anonymous: I wasnt actually doubting that there were anti-muslim sites; merely pointing out that they are working at cross purposes here. There are very few "anti-muslim" groups in the west, what they will be attacking is the west at large, thereby CREATING anti-muslim attitudes where none existed. Kind of like when your liberating/invading (pick one) army starts shooting natives indiscriminately they create bad blood where none was before.
@Bob, in other words they would be mirroring Bush's strategy that has worked so well to make us more secure in both feeling and fact, right?
Everybody screwing off online will have to go do real work, if the computers don't work.
The word Muslim means "one who submits to the will of God." I wouldn't use this word to describe radical Islamic terrorists. Please only use the word Muslim in reference to the peaceful followers of the Islamic faith.
How do we tell the Will of God from all the phonies that are out there? Maybe David Koresh really was right. :-D
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.