Cyberterrorism U Of M


Published on

Published in: News & Politics
1 Comment
  • thank u to responsible heads for coperate to me
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Cyberterrorism U Of M

  1. 1. The Jihadi Cyberterror Threat SUMIT 07 Dorothy E. Denning Naval Postgraduate School [email_address]
  2. 2. Outline <ul><li>What is cyberterrorism? </li></ul><ul><li>Paths to cyberterrorism </li></ul><ul><li>Model for assessing cyberterrorism threat of a particular terrorist group or network </li></ul><ul><li>al-Qa’ida and jihadi cyberterrorism threat </li></ul><ul><li>Precursors to cyberterrorism </li></ul>
  3. 3. What is Cyberterrorism? <ul><li>What is terrorism? [Webster’s 1991] </li></ul><ul><ul><li>The use of violence and threats </li></ul></ul><ul><ul><li>To intimidate or coerce </li></ul></ul><ul><ul><li>Especially for political purposes </li></ul></ul><ul><li>Adding prefix “cyber” could be used in 2 ways </li></ul><ul><ul><li>A terrorist attack that uses cyber weapons </li></ul></ul><ul><ul><ul><li>Akin to “bioterrorism” and “nuclear terrorism” </li></ul></ul></ul><ul><ul><ul><li>Then what is violence in cyberspace? </li></ul></ul></ul><ul><ul><li>Use of cyberspace to support terrorism </li></ul></ul><ul><ul><ul><li>Akin to “narcoterrorism” </li></ul></ul></ul><ul><li>Term “cyberterrorism” coined by Barry Collin in 1980’s </li></ul><ul><ul><li>Refer to convergence of physical and virtual worlds where cyber weapons produce physical consequences – i.e., the terrorist act is committed with cyber weapons (1 st interpretation above) </li></ul></ul>
  4. 4. Barry Collin’s Scenarios <ul><li>Cyber attack alters processing control system of cereal manufacture, introducing lethal levels of iron </li></ul><ul><li>Cyber attack on air traffic control system causes planes to collide </li></ul><ul><li>Cyber attack alters drug formulas of pharmaceutical manufactures, resulting in unfathomable loss of life </li></ul><ul><li>Cyber attack changes pressure in gas lines, causing valve failure, and then explosions (similar attack against electrical grid) </li></ul><ul><li>Cyber attack disrupts banks, international financial transactions, and stock exchanges – results in lost confidence in economic system </li></ul><ul><ul><li>But is it terrorism if there is no violence? </li></ul></ul><ul><li>Deployed bombs communicate through cyberspace – when one stops transmitting, the rest explode </li></ul><ul><li>[Barry Collin, “The Future of Cyberterrorism: The Physical and Virtual Worlds Converge,” Crime & Justice International , March 1997] </li></ul>
  5. 5. Virtual Terrorism ≠ Cyberterrorism <ul><li>Second Life terror campaign </li></ul><ul><ul><li>Bombed ABC headquarters </li></ul></ul><ul><ul><li>Flew helicopter into Nissan building </li></ul></ul><ul><ul><li>Shot customers in apparel store </li></ul></ul><ul><li>3 jihadi terrorists registered </li></ul><ul><li>2 jihadi terrorist groups </li></ul><ul><ul><li>Second Life Liberation Army </li></ul></ul><ul><li>SL can be used to launder money across borders </li></ul>Weapons shopping in Second Life Natalie O’Brien, “Virtual Terrorists,” The Australian , July 31, 2007,,22161037-28737,00.html?from=public_rss
  6. 6. Paths to Cyberterror <ul><li>Evolution of existing terrorist groups </li></ul><ul><ul><li>Tech-savvy members or new recruits develop cyber capability, or </li></ul></ul><ul><ul><li>Group hires hackers to conduct attacks </li></ul></ul><ul><li>Emergence of new terrorist groups </li></ul><ul><ul><li>New group has interest in cyberterror – develops skills or hires hackers </li></ul></ul><ul><li>Individuals or groups with hacking skills </li></ul><ul><ul><li>Operate independently </li></ul></ul><ul><ul><li>May align themselves with terrorist networks and objectives </li></ul></ul><ul><ul><li>May have insider help </li></ul></ul>
  7. 7. Model for Assessing Cyberterror Threat <ul><li>Assessment based on indicators/evidence of capability and intent </li></ul><ul><li>Indicators grouped into five areas: </li></ul><ul><ul><ul><li>Conduct of cyber attacks </li></ul></ul></ul><ul><ul><ul><li>Cyber weapons acquisition, development, and training </li></ul></ul></ul><ul><ul><ul><li>Statements about cyber attacks </li></ul></ul></ul><ul><ul><ul><li>Formal education in IT </li></ul></ul></ul><ul><ul><ul><li>General experience with cyberspace </li></ul></ul></ul><ul><li>Populations considered </li></ul><ul><ul><ul><li>Active terrorists associated with a given group or network </li></ul></ul></ul><ul><ul><ul><li>Supporters and sympathizers, especially hackers </li></ul></ul></ul><ul><ul><ul><li>Potential recruits, especially hackers and IT specialists </li></ul></ul></ul><ul><li>[Dorothy E. Denning, “A View of Cyberterrorism 5 Years Later,” Chapter 7 in Internet Security: Hacking, Counterhacking, and Society (K. Himma, ed.), Jones and Bartlett, 2006.] </li></ul>
  8. 8. 1. Conduct of Cyber Attacks <ul><li>Objectives </li></ul><ul><ul><li>Cause damage and intimidate vs make money or support organization </li></ul></ul><ul><li>Targets </li></ul><ul><ul><li>Critical infrastructures or control systems vs public websites </li></ul></ul><ul><li>Sophistication of attacks </li></ul><ul><ul><li>Tools, methods, coordination </li></ul></ul><ul><li>Results and impact </li></ul><ul><li>Prevalence </li></ul>
  9. 9. 2. Cyber Weapons Acquisition, Development, Training <ul><li>Cyber weapons </li></ul><ul><ul><li>Hacking tools and methods </li></ul></ul><ul><ul><li>Acquired from others or developed in-house </li></ul></ul><ul><li>Terrorist cyber training facilities </li></ul><ul><ul><li>Akin to terrorist training camps </li></ul></ul><ul><li>On-line education and training in hacking </li></ul><ul><ul><li>Within open or restricted forums </li></ul></ul>
  10. 10. 3. Statements About Cyber Attacks <ul><li>Types of statements </li></ul><ul><ul><li>Exploratory discussion of cyber attacks </li></ul></ul><ul><ul><li>Advocacy of cyber attacks </li></ul></ul><ul><ul><li>Forecast of cyber attacks </li></ul></ul><ul><ul><li>Threats of cyber attack </li></ul></ul><ul><ul><li>Call to action to conduct cyber attack </li></ul></ul><ul><ul><li>Claim responsibility for cyber attack </li></ul></ul><ul><li>Objectives </li></ul><ul><ul><li>Cause disruption or severe harm vs </li></ul></ul><ul><ul><li>Make money or support organization </li></ul></ul><ul><li>Credibility of statements </li></ul><ul><ul><li>Who from? </li></ul></ul>
  11. 11. 4. IT Formal Education <ul><li>General IT education </li></ul><ul><ul><li>Computer science </li></ul></ul><ul><ul><li>Computer engineering </li></ul></ul><ul><ul><li>Information science, etc </li></ul></ul><ul><li>Security studies </li></ul><ul><ul><li>Information security </li></ul></ul><ul><ul><li>Network security </li></ul></ul>
  12. 12. 5. Cyber Experience <ul><li>Internet availability </li></ul><ul><li>Technologies used </li></ul><ul><ul><li>Email, chat, IM, web, blogs, forums, groups, etc </li></ul></ul><ul><ul><li>Network security: encryption, steganography, web security </li></ul></ul><ul><li>Internet use </li></ul><ul><ul><li>Distribution of news, documents, videos, etc </li></ul></ul><ul><ul><li>Communications, coordination, command and control </li></ul></ul><ul><ul><li>Intelligence collection </li></ul></ul><ul><ul><li>Recruitment </li></ul></ul><ul><ul><li>Training </li></ul></ul><ul><ul><li>Fund raising </li></ul></ul><ul><li>Jobs in IT </li></ul><ul><ul><li>Own ISPs, host websites, operate organization networks, etc </li></ul></ul><ul><ul><li>Insider with critical infrastructure </li></ul></ul>
  13. 13. Al Qa’ida and the Global Jihad <ul><li>Conduct of cyber attacks </li></ul><ul><ul><li>Hacking for money and organizational support </li></ul></ul><ul><ul><li>Disruptive hacking by cyber jihadists against websites </li></ul></ul><ul><li>Cyber weapons acquisition, development, and training </li></ul><ul><ul><li>Acquiring, developing, and distributing hacking tools and information </li></ul></ul><ul><li>Statements about CNA </li></ul><ul><ul><li>Statements of forecast, advocacy, and calls for action </li></ul></ul><ul><li>Formal education in IT </li></ul><ul><ul><li>A few with formal education </li></ul></ul><ul><li>Cyberspace experience </li></ul><ul><ul><li>Extensive Internet experience </li></ul></ul><ul><ul><li>Development and use of cyber tools, including network and data security tools </li></ul></ul>
  14. 14. 1. Conduct of Cyber Attacks <ul><li>Few attacks attributed to al-Qa’ida </li></ul><ul><ul><li>Allegedly broke into diplomats e-mail account and retrieved bank statements using simple hacking tools like L0phtCrack </li></ul></ul><ul><ul><li>Irhabi 007 (Terrorist 007) exploited anonymous FTP sites </li></ul></ul><ul><li>Numerous disruptive attacks from cyber jihadists aligned with al-Qa’ida and Islamic hackers who might be potential recruits </li></ul><ul><ul><li>Denial of service (DoS) attacks, often coordinated from jihadi websites </li></ul></ul><ul><ul><li>Web defacements </li></ul></ul><ul><li>Cyber attack goals </li></ul><ul><ul><li>Support the jihad (e.g., by stealing credit cards or hijacking websites) </li></ul></ul><ul><ul><li>Eliminate/damage websites that harm or are offensive to Islam (under their interpretation) </li></ul></ul><ul><ul><li>Inflict damage on Western economy; bring about collapse of West </li></ul></ul><ul><ul><li>Revenge </li></ul></ul>
  15. 16. Irhabi 007 (Terrorist 007) <ul><li>Used FTP site of Arkansas Highway and Transportation Dept. to post 70 terrorist-related files, including audio & video files, in July 2004 </li></ul><ul><ul><li>David McGuire, Washington Post , 7/13/04 </li></ul></ul><ul><ul><li>Also used GWU & other sites </li></ul></ul><ul><li>Active on Jihadi forums </li></ul><ul><li>Posted 20p “Seminar on Hacking Websites” </li></ul><ul><li>Younis Tsouli, 23, sentenced July 2007 10 yrs for inciting terrorist murder on Internet </li></ul><ul><li>In UK trio that stole & used credit cards </li></ul>Links to Arkansas Highway Department website posted on Al Ansar forum by Irhabi 007 [Internet Haganah]
  16. 17. Coordinated Cyber Attacks <ul><li>Examples </li></ul><ul><ul><li>Danish cartoon attacks </li></ul></ul><ul><ul><li>Attack against Vatican website </li></ul></ul><ul><ul><li>Electronic Battle of Guantanamo </li></ul></ul><ul><li>Web forums used for coordination and to deliver attack tools </li></ul>
  17. 18. Danish Cartoon Attacks <ul><li>Response to publication of cartoons satirizing Prophet Mohammad in Danish paper Jyllands-Posten </li></ul><ul><li>Web defacements [] </li></ul><ul><ul><li>2,817 Danish websites [1/21/06 - 2/22/06] </li></ul></ul><ul><ul><li>Roberto Preatoni, Zone-h, said that it was about 10-20 times more than normal and “the biggest, most intense assault” he’d seen </li></ul></ul><ul><li>Denial of Service (DoS) attacks </li></ul><ul><ul><li>Jyllands-Posten website primary target </li></ul></ul><ul><ul><li> released video purportedly documenting their attack </li></ul></ul><ul><ul><ul><li>Video and still shots at </li></ul></ul></ul><ul><ul><li>Republishers also hit, including Michelle Malkin’s blog </li></ul></ul><ul><li>Coordinated through al-Ghorabaa website </li></ul>
  18. 19. =3281674/ ISLAMIC SECURITY GUARDS Defaced 14 .dk websites 1/29/06 Protesting Danish Cartoons
  19. 20. DoS Attack Still shots posted at
  20. 21. Attack Against Vatican Website <ul><li>Response to Pope Benedict’s statement about the Prophet Mohammad </li></ul><ul><li>DoS attack planned for October, 2006 </li></ul><ul><li>Call for volunteers posted on jihadi forums: </li></ul><ul><ul><li>“ We ask all our brothers to be present at the hour of the attack for a joint action, because they (Catholics) have struck our religion” </li></ul></ul><ul><li>Attack had little impact </li></ul><ul><li>Newsmax , Nov 28, 2006 </li></ul>Benedict XVI “ Show me just what Muhammad brought that was new and there you will find things only evil and inhuman, such as his command to spread by the sword the faith he preached.”
  21. 22. Electronic Battle of Guantanamo <ul><li>Planned DoS attack against websites of American stock exchanges and banks </li></ul><ul><li>Announced on jihadi forum Nov 27, 2006 with call for participants </li></ul><ul><li>Attack to run from Dec 1 through end of month </li></ul><ul><li>Revenge for incarceration of Muslims at Guantanamo Bay </li></ul><ul><li>Volunteers advised to use anonymity services </li></ul><ul><li>Attack cancelled because banks had been warned </li></ul><ul><li>Grant Ross and Robert McMillan, “al-Qaeda ‘Battle of Guantanamo’ Cyberattack a No-Show,” IDG News Services , Dec 1, 2006; E. Alshech, Cyberspace as a Combat Zone </li></ul>
  22. 23. Al-Jinan <ul><li>Web forum at </li></ul><ul><li>Forum to plan, organize, and support electronic jihad on behalf of all Muslims to defend Islam </li></ul><ul><ul><li>Claims electronic jihad can inflict “financial damage that may reach millions” </li></ul></ul><ul><li>Software downloads to simplify DoS attacks </li></ul><ul><ul><li>Electronic Jihad Program 1.5 (Silver Edition) – designed by Saudi national </li></ul></ul><ul><li>Chat room to plan and coordinate attacks </li></ul><ul><li>Forum lists websites attacked and impact </li></ul><ul><ul><li>Claims to have shut down Internet Haganah </li></ul></ul><ul><li>Source - Terrorism Research Center, August 31, 2006 </li></ul>
  23. 24. Electronic Jihad Program <ul><li>Targets websites critical of Islam </li></ul><ul><ul><li>Claims they have had anti-Islamic websites pulled off web </li></ul></ul><ul><li>Version 2.0 features </li></ul><ul><ul><li>Handles different Internet speeds </li></ul></ul><ul><ul><li>Use proxies to override website blocking </li></ul></ul><ul><ul><li>Sets up account for each user with </li></ul></ul><ul><ul><li>Awards to those who spend most time attacking targets and have most “successful attacks” </li></ul></ul>Version 1.5 Forum Users Improve Electronic Jihad Technology, Terrorism Focus , Vol IV, Issue 20, June 26, 2007, .
  24. 25. Al-Firdaws Forum <ul><li>Al-Firdaws at </li></ul><ul><li>Credit card theft </li></ul><ul><ul><li>Forum discusses program that generates and validates credit card numbers, suggesting it could be used to “strike the infidel’s economy” [Terrorism Research Center, Jan 8, 2007] </li></ul></ul><ul><li>Ansar Al-Jihad Hackers Team for Electronic Jihad </li></ul><ul><ul><li>Irhabi 11 posted statement May 10, 2007, identifying group </li></ul></ul><ul><ul><li>Claimed group had hacked a “crusader website”. </li></ul></ul><ul><ul><li>Urged jihad sympathizers to visit group’s website to participate </li></ul></ul><ul><ul><li>Sites at and </li></ul></ul>
  25. 27. More Cyber Jihadists <ul><li>Prominent groups identified by MEMRI </li></ul><ul><ul><li>Hackboy* </li></ul></ul><ul><ul><li>Ansal Al-Jihad Lil-Jihad Al-Electroni* </li></ul></ul><ul><ul><li>Munazamat Fursan Al-Jihad Al-Electroni </li></ul></ul><ul><ul><li>Majmu’at Al-Jihad Al-Electroni* </li></ul></ul><ul><ul><li>Majma’ Al-Hakar Al-Muslim* </li></ul></ul><ul><ul><li>Inhiyar Al-Dolar </li></ul></ul><ul><li>* maintain own websites for recruiting volunteers for and coordinating attacks </li></ul><ul><li>E. Alshech, Cyberspace as a Combat Zone: The Phenemenon of Electronic Jihad, MEMRI , No. 329, Feb. 27, 2007 </li></ul>
  26. 28. More Muslim Hackers <ul><li>Al Qaeda Alliance Online </li></ul><ul><li>OBL Crew </li></ul><ul><li>Abu Syf3r </li></ul><ul><li>Hilf Al-Muhajirin </li></ul><ul><li>Q8Army </li></ul><ul><li>Cyber Jihad </li></ul><ul><li>Hackers for Palestine </li></ul><ul><li>Arab Electronic Jihad Team </li></ul><ul><ul><li>Sought to bring down all US websites </li></ul></ul><ul><li>Arabian-Fighterz Team </li></ul><ul><ul><li>About 3,000 defacements </li></ul></ul><ul><ul><li> </li></ul></ul><ul><li>Muslim Hackers Club </li></ul><ul><ul><li>Active in 1998-99 </li></ul></ul><ul><ul><li>Goal: “a nonstate capability in information warfare, err, research.” </li></ul></ul><ul><ul><li>Provided training to local chapters on hacking and network admin </li></ul></ul>
  27. 29. Al-Qaeda Alliance Online <ul><li>Formed post Sep 11, 2001 </li></ul><ul><ul><li>Disappeared shortly thereafter </li></ul></ul><ul><li>Three Pakistani hacker groups: </li></ul><ul><li>GForce Pakistan </li></ul><ul><ul><li>212 defacements in </li></ul></ul><ul><ul><li>Last recorded 10/27/01 </li></ul></ul><ul><ul><li>Said they weren’t “cyber terrorists” </li></ul></ul><ul><ul><li>Said “all we ask for is PEACE for everyone” </li></ul></ul><ul><li>Pakistan Hackerz Club </li></ul><ul><li>Anti India Crew </li></ul>Oct 17, 2001 Gforce Pakistan defacement of National Oceanic & Atmospheric Administration
  28. 30. OBL Crew <ul><li>Osama Bin-Laden Crew </li></ul><ul><li>Aka Cyber Army of Allah (CA) </li></ul><ul><li>Members came from Islamic hackers / Afghan Hackers </li></ul><ul><li>Threatened Internet Haganah & Anti-Terrorism Coalition in 2004 </li></ul><ul><ul><li>Tried to recruit 600 Muslim hackers for attacks </li></ul></ul><ul><li>Threatened ATC again in 2007 </li></ul>
  29. 31. Hilf Al-Muhajirin <ul><li>“ Pact of the Immigrants” </li></ul><ul><ul><li>Agreement to stand united under the banner of the Muhajirun Brigades in order to promote cyber warfare and allegiance to leadership </li></ul></ul><ul><ul><li>Goal to wage media jihad and attack websites harmful to Islam and Muslims </li></ul></ul><ul><li>Initiative launched Jan 3, 2007 on Islamic websites </li></ul><ul><li>Mujahideen operating on Internet invited to sign </li></ul><ul><li>Source: E. Alshech, Cyberspace as a Combat Zone </li></ul>
  30. 32. 'Abu Syf3r' Defaces Internet Haganah And brags about it on April 6, 2007 Internet Haganah helped remove over 1,000 jihadi Websites using legal means
  31. 33. Q8Army <ul><li>Operated botnet </li></ul><ul><li>Computers compromised via IM-borne adware that delivered malware rootkits </li></ul><ul><li>Software stole credit card information </li></ul><ul><li>Software served up pop-ups that carried URLs of militant Arabic Web sites endorsing violence to achieve “world domination” </li></ul><ul><li>Stolen funds used to buy mobile communications gear and used PCs </li></ul><ul><li>Group’s origin traced to Middle East by researchers at FaceTime Communications </li></ul><ul><li>Source: Matt Hines, Botnet Stalkers Share Takedown Tactics at RSA, Feb 8, 2007, </li></ul>
  32. 34. 2. Cyber Weapons Acquisition, Development, Training <ul><li>Hacking tools developed by jihadists and acquired from other hackers </li></ul><ul><li>Terrorist training centers </li></ul><ul><ul><li>al-Qa’ida safe house in Pakistan reportedly used for training in computer hacking and cyber warfare, and cyber reconnaissance of infrastructure and SCADA systems [Magnus Ranstorp, “Al-Qaida in Cyberspace,” in Terrorism in the Information Age, 2004] </li></ul></ul><ul><li>Documents on how to hack </li></ul><ul><li>Numerous web forum </li></ul>
  33. 35. “Hacking, Why Not?” <ul><li>By Imam Samudra </li></ul><ul><ul><li>Sentenced to death for 2002 Bali bombings </li></ul></ul><ul><li>Book chapter in Me Against the Terrorist! , 2004 </li></ul><ul><ul><li>Written in prison </li></ul></ul><ul><li>Advocates cyber attacks to raise money, especially via credit card fraud, and “bring America and its cronies to its knees.” </li></ul><ul><li>Rudimentary guide to hacking (mainly “carding”) methods and resources </li></ul><ul><li>Credit card numbers found on his computer </li></ul>
  34. 36. Cyber Weapons & Training Websites <ul><li>Minbar ahl al-Sunna wal-Jama (“The Pulpit of the People of the Sunna”) forum </li></ul><ul><ul><li>Article posted in fall 2005 on how to become a hacker </li></ul></ul><ul><ul><li>Three categories of hacking </li></ul></ul><ul><ul><ul><li>Intrusions into corporate and government networks </li></ul></ul></ul><ul><ul><ul><li>Intrusions into personal computers to steal personal information </li></ul></ul></ul><ul><ul><ul><li>Interception of sensitive information, e.g., credit cards, in transit </li></ul></ul></ul><ul><li>Al-Ghorabaa website </li></ul><ul><ul><li>Site used to coordinate attacks against Jyllands-Posten </li></ul></ul><ul><ul><li>Offered an encyclopedia on hacking websites and a 344-page book on hacking techniques, with step-by-step guide for “terminating pornographic sites and those intended for the Jews and their supporters.” </li></ul></ul><ul><ul><li>Source – Jamestown Foundation </li></ul></ul><ul><li>Al-Firdaws and al-Jinan forums (earlier slide) </li></ul>
  35. 37. al-Qa’ida University for Jihad Studies <ul><li>First announced late 2003 with “college” on electronic jihad </li></ul><ul><li>Announced again in Oct 2005 on al-Farouq web forum </li></ul><ul><li>Forum offers library of hacking tools and instructions for cyber attacks </li></ul>Keylogger Jihad
  36. 38. 3. Statements About Cyber Attacks <ul><li>After 9/11, OBL allegedly told Hadmid Mir (ed. Ausaf newspaper) </li></ul><ul><ul><li>“… hundreds of Muslim scientists were with him and who would use their knowledge in chemistry, biology and (sic) ranging from computers to electronics against the infidels.” </li></ul></ul><ul><li>Mohammad Razzak, suspected member of al Qaida, said in Dec 2001 </li></ul><ul><ul><li>Terrorists had penetrated Microsoft (by gaining employment) and attempted to plant Trojan horses and bugs in Windows XP. [ Newsbytes ] </li></ul></ul><ul><li>Sheikh Omar Bakri Muhammad, London-based head of al-Muhajiroun, told Computer World in Nov 2002 </li></ul><ul><ul><li>“… would not be surprised if tomorrow I hear of a big economic collapse because of somebody attacking the main technical systems in big companies.” </li></ul></ul><ul><li>Principle 34 (electronic jihad) of The 39 Principles of Jihad , 2003 </li></ul><ul><ul><li>Directs computer users to use their skills and experience in destroying American, Jewish and secular websites </li></ul></ul>
  37. 39. Statements About Cyber Attacks <ul><li>Fouad Hussein, al-Zarqawi–al-Qaeda’s Second Generation , 2005, in Arabic </li></ul><ul><ul><li>Describes 7 phases of al-Qa’ida’s long-term war based on interviews of top lieutenants </li></ul></ul><ul><ul><li>Phase 4, 2010-2013, includes cyberterrorism against US economy </li></ul></ul><ul><li>jihadi al-Farouq web forum, - 2005 </li></ul><ul><ul><li>Postings call for cyber attacks against US and allied government websites </li></ul></ul><ul><ul><li>Participant “achrafe” proposed forming an operations unit within the Islamic Hacker Army (Jaish al-Hacker al-Islami) </li></ul></ul><ul><li>Al-Ekhlaas web forum posting on Sep 11, 2006 </li></ul><ul><ul><li>Proposals to counter “Crusader media campaign in Iraq” </li></ul></ul><ul><ul><li>One proposal is for a group of young hackers to disable websites that attack Islam, jihad, etc, including </li></ul></ul><ul><li>Statements about inflicting economic damage </li></ul><ul><ul><li>Numerous postings about using cyber attacks to achieve this </li></ul></ul>
  38. 40. Statements About Attacks on Critical Infrastructures <ul><li>Massive DoS attack to disable 13 root name servers </li></ul><ul><ul><li>Posting on jihadi forum discusses possibility, but got no response </li></ul></ul><ul><ul><li>Claims it “would help destroy all of the west” and cause fall of the global economy </li></ul></ul><ul><ul><li>Source – Terrorism Research Center, Jun 26, 2006 </li></ul></ul><ul><li>Attack against Telehouse hub in London </li></ul><ul><ul><li>Proposal to infiltrate hub and blow it up </li></ul></ul><ul><ul><li>Source – The Sunday Times , Mar 11, 2007 </li></ul></ul><ul><li>Disabling all electronic networks around the world </li></ul><ul><ul><li>To include military nets that control radars, missiles, and communications </li></ul></ul><ul><ul><li>Claims that disabling for a day will bring about total collapse of the West and breakdown of world economy and stock markets </li></ul></ul><ul><ul><li>Source – Alshech, Cyberspace as a Combat Zone, MEMRI , Feb 27, 2007 </li></ul></ul>
  39. 41. Suggestions for Electronic War <ul><li>Posting on jihadist website </li></ul><ul><li>Objective: provide logistical support to mujahidin on the ground </li></ul><ul><li>Admits lack of technical knowledge in viruses and programming languages </li></ul><ul><li>Suggestions include </li></ul><ul><ul><li>Disable and paralyze communication devices for battlefield C2 networks, GPS, GPRS, GSM </li></ul></ul><ul><ul><li>Disrupt enemy banks, oil control grids, navigation techniques </li></ul></ul><ul><ul><li>Target enemy’s data flowcharts to paralyze life in country – but “do not ask me what flow charts are” </li></ul></ul><ul><ul><li>Disable American missile attack or redirect missiles to go back to where they came fro m </li></ul></ul>
  40. 42. 4. IT Formal Education <ul><li>A few members/supporters with CS/CND education </li></ul><ul><li>Some recruits from countries offering CS/CND education </li></ul><ul><li>Sami Al-Arian </li></ul><ul><ul><li>Professor, CSE, U of S. Florida, Tampa </li></ul></ul><ul><ul><li>Met with Bush (photo right) </li></ul></ul><ul><ul><li>Charged with raising money for Palestinian Islamic Jihad (PIJ) </li></ul></ul><ul><ul><li>Jury found not guilty </li></ul></ul><ul><ul><li>Pled guilty to engage in conspiracy to aid PIJ </li></ul></ul><ul><ul><li>In prison as of Oct 2007 </li></ul></ul>President Bush and Sami Al-Arian
  41. 43. Computer Science/Security Education <ul><li>Sami Omar Al-Hussayen </li></ul><ul><ul><li>Saudi CS grad student at U. of Idaho studying computer security </li></ul></ul><ul><ul><li>Charged with operating websites used to recruit terrorists, raise money, and disseminate inflammatory rhetoric </li></ul></ul><ul><ul><li>Acquitted 2004 and deported to SA </li></ul></ul><ul><li>Ali S. Marri </li></ul><ul><ul><li>Went to Bradley U. on 9/10/2001 for grad degree in computer information systems </li></ul></ul><ul><ul><li>Assigned by al-Qa’ida to explore hacking </li></ul></ul><ul><ul><li>Seized computers contained 1,000 credit card numbers and bookmarks for hacking sites, hazardous chemicals, and fake IDs </li></ul></ul>
  42. 44. 5. Cyber Experience <ul><li>Technologies used </li></ul><ul><ul><li>Email, chat, IM, etc </li></ul></ul><ul><ul><li>Websites, blogs, forums, groups, etc – thousands of sites, many hosted in US </li></ul></ul><ul><ul><li>Network security – methods, tools, training </li></ul></ul><ul><li>Software development </li></ul><ul><ul><li>Hacking and security tools </li></ul></ul><ul><ul><li>Jihadi video games </li></ul></ul><ul><ul><li>Jihadi web browser – to restrict user to jihadi websites </li></ul></ul><ul><li>Internet activities </li></ul><ul><ul><li>Distributing news, documents, electronic magazines, videos, etc </li></ul></ul><ul><ul><li>Discussing, planning and coordinating attacks </li></ul></ul><ul><ul><li>Recruiting and cultivating support </li></ul></ul><ul><ul><li>Training – manuals, videos, software, virtual worlds </li></ul></ul><ul><ul><li>Fund raising </li></ul></ul><ul><ul><li>Collecting intelligence </li></ul></ul>
  43. 45. Jihadi Electronic Magazines <ul><li>Sawt al-Jihad ( Voice of Jihad) </li></ul><ul><ul><li>Oct 2003 – (with lapses) </li></ul></ul><ul><ul><li>AQ in Arabian peninsula </li></ul></ul><ul><li>Sada al-Jihad (Echo of the Jihad) </li></ul><ul><ul><li>Jan 2006 - </li></ul></ul><ul><ul><li>By Global Islamic Media Front </li></ul></ul><ul><li>Al-Muhahid al-Taqni (The Technical Mujahid) </li></ul><ul><ul><li>Oct 2006 - </li></ul></ul><ul><ul><li>Focus so far on infosec technologies </li></ul></ul><ul><li>Mu’askar al-Battar (Al Battar Camp) </li></ul><ul><ul><li>Jan - Nov 2004 </li></ul></ul><ul><ul><li>Military training manual </li></ul></ul><ul><li>Al Khansa </li></ul><ul><ul><li>Aug 2004 only </li></ul></ul><ul><ul><li>For female mujahidin </li></ul></ul>
  44. 46. On-line Distribution of Videos <ul><li>Recruitment </li></ul><ul><ul><li>MTV-quality rap video inspiring viewers to take up jihad against West (right) </li></ul></ul><ul><li>Recordings of terrorist acts </li></ul><ul><ul><li>Bombings, hostages, beheadings, etc </li></ul></ul><ul><li>Recorded statements by </li></ul><ul><ul><li>Leaders </li></ul></ul><ul><ul><li>Suicide bombers </li></ul></ul><ul><li>Weapons training </li></ul><ul><ul><li>Videos and manuals on mixing explosives, making dirty bombs, using Stinger missiles, etc </li></ul></ul>
  45. 47. <ul><li>IRHABEAT Blog </li></ul><ul><li> </li></ul><ul><li>Some videos posted: </li></ul><ul><ul><li>Attack on Iraqi police convoy (posted 9/21/07) </li></ul></ul><ul><ul><li>IED attack on Americans </li></ul></ul><ul><ul><li>IED attack in Baghdad </li></ul></ul><ul><ul><li>Martyrdom against Iraqi National Guard </li></ul></ul><ul><ul><li>Using stinger missiles </li></ul></ul><ul><ul><li>Attack in al-Anbar </li></ul></ul>
  46. 48. On-line Training <ul><li>Al-Battar Training Camp </li></ul><ul><ul><li>6 th issue (cover left) discusses cell organization and command structure </li></ul></ul><ul><li>The Technical Mujahid </li></ul><ul><li>al-Qa’ida University for Jihad Sciences </li></ul><ul><ul><li>Colleges for e-jihad, media jihad </li></ul></ul><ul><li>Training manuals and videos </li></ul><ul><ul><li>Explosives of all types </li></ul></ul><ul><ul><li>Surface-to-air missiles </li></ul></ul><ul><ul><li>Flying planes </li></ul></ul><ul><ul><ul><li>18 videos on flying 747’s </li></ul></ul></ul>
  47. 49. Training with Web Videos
  48. 50. Talking About Flight Simulator Software Post #23489 on Internet Haganah, 1/28/06,
  49. 51. Network Security Methods & Tools <ul><li>Encryption </li></ul><ul><ul><li>Global Islamic Media Front developed “Mujahideen Secrets” with encryption, compression, and file shredding </li></ul></ul><ul><ul><ul><li>256 bit symmetric (AES) </li></ul></ul></ul><ul><ul><ul><li>2048 bit asymmetric </li></ul></ul></ul><ul><ul><li>Software can be used from thumb drive </li></ul></ul><ul><li>Anonymous accounts </li></ul><ul><li>Dead drops </li></ul><ul><ul><li>Draft messages in shared e-mail accounts </li></ul></ul><ul><li>Web security </li></ul><ul><ul><li>Password-protected websites and forum </li></ul></ul><ul><li>File hiding </li></ul><ul><li>Code words </li></ul><ul><li>Steganography </li></ul>Mujahideen Secrets [ MEMRI ]
  50. 52. Security Education and Training <ul><li>The Technical Mujahid </li></ul><ul><ul><li>Issue 1 (Dec 2006 – at right) discusses </li></ul></ul><ul><ul><ul><li>Password-protected web forum </li></ul></ul></ul><ul><ul><ul><li>ChaosMash – free encryption tool with 45 methods </li></ul></ul></ul><ul><ul><ul><li>Alternative Data Streams (ADS) – conceal one file in another </li></ul></ul></ul><ul><ul><ul><li>Hacker Defender – Windows rootkit </li></ul></ul></ul><ul><ul><ul><li>Pretty Good Privacy (PGP) – not good enough </li></ul></ul></ul><ul><ul><li>Issue 2 (Mar 2007) </li></ul></ul><ul><ul><ul><li>Reviews Mujahideen Secrets </li></ul></ul></ul><ul><ul><ul><li>Discusses steganography </li></ul></ul></ul><ul><ul><li>Sources – Global Issues Report; TRC </li></ul></ul><ul><li>Numerous other articles and manuals on hiding data, identity, and activity </li></ul>
  51. 53. AQ/Jihadist Cyberterror Summary <ul><li>Cyber attacks will continue and cause economic harm </li></ul><ul><ul><li>To disrupt websites </li></ul></ul><ul><ul><li>Make money through online fraud </li></ul></ul><ul><li>There is some desire to conduct more damaging attacks, but there are no plans or capability to conduct devastating attacks against critical infrastructures or digital control systems </li></ul><ul><li>Terrorists and jihadists make extensive use of Internet to further their strategic and operational objectives </li></ul><ul><ul><li>Does not translate into a hacking capability </li></ul></ul><ul><ul><li>But does provide opportunity for monitoring and disrupting their activities </li></ul></ul><ul><li>Caveats </li></ul><ul><ul><li>Information is based on open sources </li></ul></ul><ul><ul><li>This is a fast moving field </li></ul></ul>
  52. 54. Precursors to Cyberterror? <ul><li>Failed cyber attacks that would be characterized as cyberterror if successful, e.g., against SCADA systems </li></ul><ul><li>Extensive discussions and planning relating to cyber attacks against such – not just vague wishful thinking </li></ul><ul><li>Research and training in methods and tools for attacking such systems, preferably within labs </li></ul><ul><li>Distribution of methods and tools in general hacking/security research community for use against control systems like SCADA </li></ul><ul><ul><li>SCADA vulnerabilities are now being disclosed </li></ul></ul>