Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

4/30/2010
09:37 AM
Gadi Evron
Gadi Evron
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Al Qaeda Implicated In Cyberattacks

Some papers recently became publicly available in the case of terrorism suspect Mohamedou Ould Slahi, accused of being one of Al-Qaeda's top recruiters. The papers revealed Al-Qaeda hacking activity, which demonstrates what proof of accountability in Internet attacks is, and how many of us jump to conclusions about countries, such as China, without it.

Some papers recently became publicly available in the case of terrorism suspect Mohamedou Ould Slahi, accused of being one of Al-Qaeda's top recruiters. The papers revealed Al-Qaeda hacking activity, which demonstrates what proof of accountability in Internet attacks is, and how many of us jump to conclusions about countries, such as China, without it.It also tells us that one of Al-Qaeda's targets before 2001 was Israel.

The heavily redacted court records don't offer much detail, but they are nonetheless critical. They are the first public record showing us -- if these records are to be believed and are not taken out of context -- that Al-Qaeda, indeed, does engage in computer attacks and information warfare. So we can show a clearly defined enemy engaging us in cyberspace.

Up until now, while it seemed clear to us ("Come on! We all know they do it!"), we had no public proof of their involvement, and we know that such assumptions proved to be false in the past. Thus, the cyberterrorism that we can prove has been limited to defacements of websites, and we can't prove who was behind those unless we believe their claims of responsibility.

This emanates from the fact that it is extremely difficult to prove from technical data alone who is behind an attack due to various reasons including IP allocation records and usage, IP spoofing, VPNs, using proxies, and Trojan horses to pass our communication through, as well as the fact that a third party could be using the computer to wage a covert attack.

This case teaches us that those in power have some proof (intelligence) that indicates the threat of Al-Qaeda as a cyberwarfare player, and that public discussion of who does what without proof is meaningless. The potential risk is calculated the same way, and any information on actual threat is pure guesswork.

We need evidence, such as we have of Germany's operations with the German Trojan horse, before we can make any public claims. When it comes to national security, security experts shouldn't be consulted, but rather, intelligence analysts.

The second matter under discussion is the information on Al-Qaeda's attacks. There's a glimpse of data from two of the paragraphs in this U.S. News article by Alex Kingsbury:

Slahi told interrogators that al Qaeda "used the Internet to launch relatively low-level computer attacks." Al Qaeda "also sabotaged other websites by launching denial-of-service attacks, such as one targeting the Israeli prime minister's computer server," court records show. The Israeli embassy in Washington had no comment on the information published in the court records.
And
Slahi told interrogators that bin Laden's group posted hacking instructions "on specific websites that directed the date and time of the attack."
This is interesting because it shows that, if the information is correct and attributed in context, Al-Qaeda coordinated some of their operations via forums on the Internet. And maybe (pure guesswork) at least some of the websites and online forums used by terrorism supporters on the Internet may be used by actual terrorists associated with Al-Qaeda.

Last, it tells us that an attack was launched in 2001 against the website of Israel's prime minister, which shows a clear online enemy Israel can point to, as well as potentially compare this intelligence with remaining technical records of attacks from that time period. This might provide us more information on sources and methods -- all that while keeping in mind that the attacks discussed are very simplistic in nature.

Follow Gadi Evron on Twitter: http://twitter.com/gadievron.

Gadi Evron is an independent security strategist based in Israel. Special to Dark Reading. Gadi is CEO and founder of Cymmetria, a cyber deception startup and chairman of the Israeli CERT. Previously, he was vice president of cybersecurity strategy for Kaspersky Lab and led PwC's Cyber Security Center of Excellence, located in Israel. He is widely recognized for ... View Full Bio

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/6/2020
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
Why Cybersecurity's Silence Matters to Black Lives
Tiffany Ricks, CEO, HacWare,  7/8/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5974
PUBLISHED: 2020-07-08
NVIDIA JetPack SDK, version 4.2 and 4.3, contains a vulnerability in its installation scripts in which permissions are incorrectly set on certain directories, which can lead to escalation of privileges.
CVE-2020-15072
PUBLISHED: 2020-07-08
An issue was discovered in phpList through 3.5.4. An error-based SQL Injection vulnerability exists via the Import Administrators section.
CVE-2020-15073
PUBLISHED: 2020-07-08
An issue was discovered in phpList through 3.5.4. An XSS vulnerability occurs within the Import Administrators section via upload of an edited text document. This also affects the Subscriber Lists section.
CVE-2020-2034
PUBLISHED: 2020-07-08
An OS Command Injection vulnerability in the PAN-OS GlobalProtect portal allows an unauthenticated network based attacker to execute arbitrary OS commands with root privileges. An attacker requires some knowledge of the firewall to exploit this issue. This issue can not be exploited if GlobalProtect...
CVE-2019-19415
PUBLISHED: 2020-07-08
The SIP module of some Huawei products have a denial of service (DoS) vulnerability. A remote attacker could exploit these three vulnerabilities by sending the specially crafted messages to the affected device. Due to the insufficient verification of the packets, successful exploit could allow the a...