Dancho Danchev's Blog - Mind Streams of Information Security Knowledge: Search results for cyber terrorism

Showing posts sorted by relevance for query cyber terrorism. Sort by date Show all posts

Cyber Terrorism Communications and Propaganda

August 22, 2006

Further expanding the previous discussion on Tracking Down Internet Terrorist Propaganda, and patterns of Arabic Extremist Group Forum Messages' Characteristics, there've also been some recent developments on Hezbollah's never-ending use of U.S hosting companies as a media/communication/fund raising/recruitment/propaganda platform:

"Hezbollah used the Broadwing Communications fiber-optic network to deliver its Al-Manar web site to the world last week after finding a weakness in a Broadwing customer's connection. When that happened, Hezbollah television's web site was suddenly hosted, of all places, in Texas. When Broadwing discovered what had happened, they cut the T1 connection to their customer until the customer resolved the problems on its end, and the Al-Manar site disappeared back into the ether—only to pop up a few hours later on a server in India. Hezbollah's tactics are laid out in a brief Time article that also discusses the people trying to shut Hezbollah down. And it's not the people you might think. Those in the war and security business are no doubt involved, but some of the work is done by amateurs, as well. Volunteers from the Society for Internet Research track jihadi websites and tactics across the Internet, then alert domain registrars and web hosting companies to the presence of potentially illegal material on their servers."

Al Manar TV has long been known for delivering Hezbollah's PSYOPS through constantly relocating its stream, but information warfare capable enemies seem to be able to hijack the signal as it recently happened. Moreover, according to Haganah's most recent Table of American Internet Service Providers of Hezbollah -- detailed analyses -- Register.com remains a popular choice.

Cyber terrorism is a complex and often misunderstood term that originally emerged as the direct effect of Techno Imperialism sentiments, and, of course, the balancing power of the Internet when it comes to cyber warfare capabilities. In another great research Cyber Terrorism: A Study of the Extent of Coverage in Computer Security Textbooks, the author summarized the most commonly encountered Cyber Terrorism categories and keywords, and discussed the different explanations of the term. As for Cyber terrorism, the first issue that comes to the mind of the average expert are the SCADA systems whose IP based connectivity remains a growing concern for governments utilizing these.

Which is exactly the least issue to worry about, today's Cyber terrorism is still maturing, tomorrow's Cyber terrorism will be taking advantage of cyber warfare capabilities on demand or through direct recruitment/blackmailing practices of individuals capable of delivering them. Here's a neat table representing the maturity/evolution of Cyber terrorism.

For the time being, propaganda and recruitment are so far the most indirect and popular practices, whereas the concept itself is truly maturing thus becoming even more evident. Thankfully, various researchers are already actively combining AI and various web crawling approaches while analyzing the presence of terrorists on the web -- and here's a good starting point.

Related resources and posts:
Cyber Terrorism
Hacktivism
Information Warfare
Cyberterrorism - don't stereotype and it's there!
Cyberterrorism - recent developments
The Current, Emerging, and Future State of Hacktivism
Terrorist Social Network Analysis
Hacktivism Tensions - Israel vs Palestine Cyberwars Continue reading →

The Freedom Tower - 11th September 2006

September 11, 2006

That's of course how it's gonna look like in 2012 -- true leaders never look into the past, they're too busy defining the future. Time goes fast given you're busy and always up to something -- disruption! I still clearly remember the moment when 9/11 happened and realize how much I've changed since then. Mixed thoughts started buzzing around my mind, the type of thoughts Cryptome's Daily Photos smartly emphasises on. Anyway, someone or something always has to, either be the result, the consequence, or the foundation for the next stage. I'll leave it open to interpretations on what interacts with what :

Cold War <=> Defense/Intelligence spending/Innovation <=> Post 9/11 World
Terrorist <=> Ideology <=> War
Foreign policy <=> Terrorism <=> Geopolitical dominance
Terrorism <=> OSINT <=> Intelligence
Civil Liberties <=> Terrorism <=> Surveillance
Poverty <=> G8 <=> Developed world
Space exploration budget cuts <=> Terrorism <=> Alternative energy sources development
Paranoia <=> Terrorism <=> Security services/products market growth

I can keep on going, but that's not the point, the point is how globalisation is acting as a double edged sword, and so is paranoia, still, keep in mind that there're one million other ways to get killed compared to a terrorist attack.

There've always been and will always be "bad guys", "good guys", and "greyhat guys" -- barking dogs of course -- trouble is knowing whom to trust at a particular moment in time. I can easily argue that during the past five years, all the "bad guys" had to do was to go through the press and come up "future long term strategies" perceptional enough to shock and awe "the infidels". My point is that, OSINT is also a double edged sword, useful and dangerous to both parties. As far as the infidels are concerned, I'm not one - I believe in myself!

Underestimating an adversary is much worse than overestimating it, just cut using terrorism as the excuse for everything you do, or are about to do, which is as subjective as China's economy taking over the world -- something neither the "bad guys" nor China would do.

Related posts:
Terrorism
Data mining, terrorism and security
Terrorist Social Network Analysis
Benefits of Open Source Intelligence - OSINT
Visualization, Intelligence and the Starlight project
Cyber terrorism - don't stereotype and it's there!
Cyber terrorism - recent developments
Arabic Extremist Group Forum Messages' Characteristics
Tracking Down Internet Terrorist Propaganda
Cyber Terrorism Communications and Propaganda
Steganography and Cyber Terrorism Communications Continue reading →

Summarizing 3 Years of Research Into Cyber Jihad

September 11, 2011

On this very special day, I'd like to honor the fallen by summarizing my research into cyber jihad, a topic I'm still highly passionate about. Enjoy and share it with your social circle!

This post has been reproduced from Dancho Danchev's blog. Follow him on Twitter.
Continue reading →

Summarizing 3 Years of Research Into Cyber Jihad

September 11, 2010

From the "been there, actively researched that" department.

This post has been reproduced from Dancho Danchev's blog. Follow him on Twitter. Continue reading →

Terror on the Internet - Conflict of Interest

March 18, 2008

Insightful article by Greg Goth, discussing various aspects of the pros and cons of monitoring cyber jihadist sites next to shutting them down, as well as mentioning my analysis of the Mujahideen Secrets encryption tool v1.0 and v2.0. Terror on the Internet: A Complex Issue, and Getting Harder :

"Indeed, politicians around the world call at regular intervals for terrorist websites to be removed from their host sites’ servers or for search engines to block access to them. They also call for laws that would make posting instructions on how to kill or maim people or destroy property punishable by law. Franco Frattini, the European Commission’s Vice President for Freedom, Justice, and Security, called for a prohibition on websites that post bomb-making instructions in September 2007. And just as quickly, he rushed to announce that in doing so he was not trying to impinge on freedom of speech or information access or to inhibit law enforcement agencies from monitoring sites."

There're three perspectives related to cyber jihad, should the virtual communities be shut down, monitored, or censored so that they cannot be accessed by people who would potentially get radicalized and brainwashed by the amazingly well created propaganda in the form of interactive multimedia? Given the different mandates given to different intelligence services and independent researchers, is where the conflict of interest begins. Moreover, don't forget that independent researchers sometimes come up with the final piece of the puzzle to have an intelligence agency come up with the big picture in a cost-effective and timely manner, given they actually believe in OSINT and trust the source of the intell data of course. Now, picture the situation where an intelligence agency is shutting down cyber jihadist sites on a large scale not believing in the value that the intelligence data they they could provide, another one given a mandate to censor cyber jihadist communities compiling reports stating that someone's shutting them down before they could even censor them, and a third one who would have to again play cat and mouse game the locate them once they've shut down by the first intel agency already. Ironic or not, different mandates and empowerment is where the contradiction begins. Let's discuss the three mandates and go in-depth into the pros and cons of each of them to come up with a philosophic solution to the problem, as I belive it's perhaps the only way to provoke some thought on the best variant.

Shutting the communities down -

Before shuting them down you need to know where they are, their neighbourhood of supporters who will indirectly tip you on the their latest location once they have their previous domain shut down. Personal experience and third party research indicates that over 90% of the cyber jihadist communities/blogs are hosted by U.S based not owned companies. And with the lack of real-time intell sharing between the agencies themselves, the first who picks up the community will be responsible for its faith, literally. But in reality, preserving the integrity of a cyber jihadist community, and convincing the right people that balanced monitoring next to shutting it down is more beneficial, remains an idea yet to be considered. Back in 2007, I did an experiment, namely I crawled ten cyber jihadist forums and blogs and extracted all the outgoing links from these communities to see their preferred choice for online video and files hosting. A couple of months later, the communities got shut down, so when the same thing happened while I was crawling the Global Islamic Media Front's, and Inshallahshaheed's web presence, it became clear that while some are crawling, and others censoring, third parties are shutting them down.

The bottom line - shutting them down doesn't mean that they'll dissapear and will never come back, exactly the opposite. Personal experience while handling the Global Islamic Media Front is perhaps the perfect and best hands-on experience on the benefits of shutting them down, given you've built enough convidence in your abilities to locate their new location. If you think that the cyber jihadist site or community you're currently monitoring is a star, look above, it's full of starts everywhere, once you start drawing the lines between them, a figure of something known emerges, in this case once a cyber jihadist community is shut down, its most loyal and closely connected cyber jihadist communities will expose their intimate connection not by just starting to promote their new location online, but even better, you'll have them use the second cyber jihadist community to directly reach their audience by the time they set up the new location and resume the propaganda and radicalization.

There's no shortage of cyber jihadist blogs, forums and sites, and personal experience shows that upon having a cyber jihadist community shut down, they re-appear at another location. It's shut down again, it re-appears for a second time. I've seen this situation with Instahaleed and GIMF, and each and every time they had their blogs and sites removed from their hosting providers, mainly because it's rather disturbing that the majority of such communities are hosted on U.S servers, it's this short time frame which will either lead you to their new location, you risk loosing their tracks. However, the vivid supporters of PSYOPs are logically visionary enough to understand what does undermining their audiences' confidence in the community's capability to remain online means.

Monitoring the communities -

In order to reach the "shut it down or monitor it" stage in your analysis process, you really need to know where the cyber jihadists forums and sites are, else, you will be wasting your time, money and energy to create fake cyber jihadist communities in the form of web honeypots for jihadist communication. Monitoring is tricky, especially when you don't know what you're looking for, don't prioritize, don't have a contingency plan or an offline copy of the communitiy and wrongly building confidence in its ability to remain online. Moreover, monitoring for too long results in terrabytes of noise, and from a psychological perspective sometimes the rush for yet another fancy social networking graph to better communicate the collected data, ends up in the worst possible way - you miss the tipping point moment.

Censoring the communities -

I often come across wishful comments in the lines of "blocking access to bomb and poison making tutorials", missing a very important point, namely, that these very same manuals, and jihadist magazines are not residing in a cyber-jihad.com/bomb-making-guide.zip domain and file extension form, making the process a bit more complex to realize. Unless of course the censorship systems figures out ways to detect the content in password encrypted archive files served with random file names and hosted on one of the hundreds free web space providers. Then again, given the factual evidence that cyber jihadists are encouraging the use of Internet anonymization services and software, your censorship efforts will remain futile.

As I'm posting this overview of various ways of handling cyber jihadist communities, yet another community is starting to attract cyber jihadists, thanks to their understanding of noise generation by teaching the novice cyber jihadists on the basics of running and maintaing such a community. What's perhaps most important to keep in mind is that, what you're currently analyzing, trying to shut down or censor whatsoever, is the public web, the Dark Web, the one closed behind authentication and invite-only access yet remains to be located and properly analyzed. If cyber jihad is really a priority, then there's nothing more effective than the combination of independent researchers and intelligence analysts.

Related posts:
Inshallahshaheed - Come Out, Come Out Wherever You Are
GIMF Switching Blogs
GIMF Now Permanently Shut Down
GIMF - "We Will Remain"
Wisdom of the Anti Cyber Jihadist Crowd
Cyber Jihadist Blogs Switching Locations

Internet PSYOPS - Psychological Operations

Electronic Jihad v3.0 - What Cyber Jihad Isn't

Electronic Jihad's Targets List

Teaching Cyber Jihadists How to Hack

A Botnet of Infected Terrorists?
Infecting Terrorist Suspects with Malware
The Dark Web and Cyber Jihad
Cyber Jihadist Hacking Teams
Cyberterrorism - don't stereotype and it's there
Tracking Down Internet Terrorist Propaganda
Arabic Extremist Group Forum Messages' Characteristics
Cyber Terrorism Communications and Propaganda
Techno Imperialism and the Effect of Cyberterrorism
A Cost-Benefit Analysis of Cyber Terrorism
Current State of Internet Jihad
Characteristics of Islamist Websites
Hezbollah's DNS Service Providers from 1998 to 2006
Full List of Hezbollah's Internet Sites
Cyber Traps for Wannabe Jihadists
Mujahideen Secrets Encryption Tool
An Analysis of the Technical Mujahid Issue One
An Analysis of the Technical Mujahid Issue Two
Terrorist Groups' Brand Identities
A List of Terrorists' Blogs
Jihadists' Anonymous Internet Surfing Preferences
Samping Jihadist IPs
Cyber Jihadists' and TOR
A Cyber Jihadist DoS Tool
GIMF Now Permanently Shut Down
Steganography and Cyber Terrorism Communications

Continue reading →

Analyses of Cyber Jihadist Forums and Blogs

August 17, 2007

Where are cyber jihadists linking to, outside their online communities? Which are the most popular file sharing and video hosting services used to spread propaganda, training material and communicate with each other? What are their favorite blogs, and international news sources? How does the Internet look like through the eyes of the cyber jihadist? This post will provide links to cyber jihadist communities, with the idea to aggregate a decent sample of how cyber jihadists use, and abuse the Internet to achieve their objectives. It is based on external URLs extraction of over 5,000 web pages directly related to cyber jihadist communities. The snapshot was obtained during the last 7 days, therefore if you're to data mine the free online data hosting URLs, do so in a timely manner before they dissapear due to one reason or another.

Key summary points :

- Over 4,000 external URLs pointing to suicide bomber's videos, propaganda, warfare, bombings, recruitment, torture videos, and numerous other still not analyzed cyber jihadist forums and blogs

- In between 500 to 600 web pages per domain were crawled based on their last modified data, namely the most current 500 to 600 posts

- The sample consists of 14 jihadist blogs and forums

- Depending on the online file storage service of choice, files will remain online forever if accessed at least once every 30-to-45 days, or by the time they don't get removed due to their nature

- Video multimedia is often released in a multi-video-format fashion, and multi-quality variants with respect to the file size
- The crawled external URLs are in .txt format, in a one full URL per line format

You are what you link to, so let's assess the "tip of the iceberg" cyber jihadist communities online :

01. URL : http://3asfh.net/vb

Dates : Created 20-nov-2003 ; Updated 15-jun-2007; Expires 20-nov-2007

DNS Servers : SERVER.3ASFH.NET; SERVER1.3ASFH.NET

External URLs : 3asfh.net_vb.txt

02. URL : http://alsayf.com/forum

Dates : Created 16-aug-200; Updated 16-aug-2006; Expires 16-aug-2011

DNS Servers : NS2.MYDYNDNS.ORG; NS1.MYDYNDNS.ORG; NS3.MYDYNDNS.ORG

External URLs : alsayf.com_forum.txt

03. URL : http://egysite.com/al2nsar

Dates : Created 01-dec-2002; Updated 13-mar-2007; Expires 01-dec-2008
DNS Servers : NS1.EGYHOSTING.COM; NS2.EGYHOSTING.COM; NS1.EGYWWW.COM; NS2.EGYWWW.COM

External URLs : egysite.com_al2nsar.txt

04. URL : http://elshouraa.ws/vb

Dates : Domain created on 2006-09-15 00:08:38; Domain last updated on 2006-09-15 00:08:39

DNS Servers : ns11.uae-dns.com; ns12.uae-dns.com

External URLs : elshouraa.ws_vb.txt

05. URL : http://muslm.net/vb

Dates : Created 25-oct-2000; Updated 21-jul-2007; Expires 25-oct-2007

DNS Servers : NS1.MUSLM.NET NS2.MUSLM.NET

External URLs : muslm.net_vb.txt

06. URL : http://w-n-n.net/ - DOWN as of yesterday, best sample

Dates : Creation Date: 16-feb-2006; Updated Date: 13-aug-2007; Expiration Date: 16-feb-2009

DNS Servers : A.NS.JOKER.COM; B.NS.JOKER.COM; C.NS.JOKER.COM;

External URLs : w-n-n.net.txt

07. URL : http://minbar-sos.com

Dates : Created 28-feb-2006; Updated 10-mar-2007; Expires 28-feb-2008

DNS Servers: NS1.BRAVEHOST.COM; NS2.BRAVEHOST.COM

External URLs : minbar-sos.com.txt

08. URL - Radical Muslim
External URLs

09. URL
External URLs

10. URL

External URLs

11. URL

External URLs

12. URL

External URLs

13. URL

External URLs

14. URL

External URLs

Now, it's up to your data mining and crawling capabilities.

Hezbollah's DNS Service Providers from 1998 to 2006
Full List of Hezbollah's Internet Sites
Internet PSYOPS - Psychological Operations
Cyber Traps for Wannabe Jihadists
Mujahideen Secrets Encryption Tool
An Analysis of the Technical Mujahid Issue One
An Analysis of the Technical Mujahid Issue Two
Terrorist Groups' Brand Identities
A List of Terrorists' Blogs
Jihadists' Anonymous Internet Surfing Preferences
Samping Jihadist IPs
Cyber Jihadists' and TOR
A Cyber Jihadist DoS Tool
GIMF Now Permanently Shut Down
Steganography and Cyber Terrorism Communications

Continue reading →

Digital Terrorism and Hate 2006 CD-ROM

December 10, 2006

In some of my previous investigative posts "Tracking Down Internet Terrorist Propaganda", "Arabic Extremist Group Forum Messages' Characteristics", "Cyber Terrorism Communications and Propaganda", "Steganography and Cyber Terrorism Communications", "A Cost-Benefit Analysis of Cyber Terrorism", I extensively blogged about Cyberterrorism and emphasized on the defensive use of it, communication channels under the shadow of SCADA devices and critical infrastructure getting attacked. Perspectives like these often ruin someone's self-mythology, but the Pupper Master too made a point when saying that your desire to remain what you're is what limits you, so evolve, or end up on the verge of extinction.

Here's a little something for everyone thinking cyberterrorism is surreal. Considering for a while that even primitive forms of existence such as street gangs utilize the Internet for propaganda, wouldn't a much better financed terrorist organization be compelled to participate? In fact they've been doing so even before 9/11, but I feel it's the good guys' cavalier attitude that ended up in the now, mature cyberterrorism platform.

A great source for open source intelligence to anyone interested in, here's a summary :

"This sixth and newest version of the Simon Wiesenthal Center's annual report of problematic websites exposes the growing use of the Internet as a key propaganda weapon, marketing tool and fundraising engine by terrorist groups such as Al Qaeda and Hamas, in addition to its continuing assessment of traditional extremist groups such as the KKK and neo-Nazis. "Although they swear to destroy the West, extremists and terrorists have taken to using Western technology to recruit, finance and plan their insidious actions," said Mark Weitzman, Director of the Simon Wiesenthal Center's Task Force Against Hate."

Now what would an intelligence agency do when knowing exactly where to look? Shut them down and prosecute someone, or adapt deep within the community to gather as much OSINT as possible. Whatever the outcome, keep in mind on the possibility of indirect intelligence engineering, as the way you're watching them, the same way they're watching you, watching them. Continue reading →

Digital Terrorism and Hate 2006 CD-ROM

December 10, 2006

Here's a little something for everyone thinking cyberterrorism is surreal. Considering for a while that even primitive forms of existence such as street gangs utilize the Internet for propaganda, wouldn't a much better financed terrorist organization be compelled to participate? In fact they've been doing so even before 9/11, but I feel it's the good guys' cavalier attitude that ended up in the now, mature cyberterrorism platform.

A great source for open source intelligence to anyone interested in, here's a summary :

"This sixth and newest version of the Simon Wiesenthal Center's annual report of problematic websites exposes the growing use of the Internet as a key propaganda weapon, marketing tool and fundraising engine by terrorist groups such as Al Qaeda and Hamas, in addition to its continuing assessment of traditional extremist groups such as the KKK and neo-Nazis. "Although they swear to destroy the West, extremists and terrorists have taken to using Western technology to recruit, finance and plan their insidious actions," said Mark Weitzman, Director of the Simon Wiesenthal Center's Task Force Against Hate."

Now what would an intelligence agency do when knowing exactly where to look? Shut them down and prosecute someone, or adapt deep within the community to gather as much OSINT as possible. Whatever the outcome, keep in mind on the possibility of indirect intelligence engineering, as the way you're watching them, the same way they're watching you, watching them. Continue reading →

Cyberterrorism - don't stereotype and it's there!

December 19, 2005

I wrote my first article on “Cyberterrorism – an analysis”(in Bulgarian, HiComm Magazine) back in 2003, arguing that Cyberterrorism is a fully realistic scenario, given you don’t picture terrorists melting down nuclear power plants over the Internet, but an organization determined to achieve all of its objectives, and using the digital medium to do so.

My second article "Cyberterrorism and Cyberwars - how real's the threat?"(in Bulgarian, CIO.bg) was greatly extended, and so was my understanding of the concept by the time. I often come across badly structured articles on the topic, even worse, ones starting to discuss the wrong concept -- the biased one! Where terrorists try to attack the critical infrastructure, well, they wouldn’t, they’d rather abuse instead of destroying it!

Merely evaluating a terrorist groups ability to conduct devastating DDoS attacks, or hack into U.S government computers, is the biased wrong concept I just mentioned. If terrorist groups want DDoS power, they wouldn’t rewrite their training manuals, instead, they would simply hire the people to do it, or request on point’n’click interface for their actions. Can this kill a person? If yes, how come, if not, is this Cyberterrorism at all?

Thinking about complex topics always involves dimensional approach, understanding of motives, and implying a little bit of marginal thinking to grasp the big picture. Terrorists killing people over the Internet myth is greatly influenced by the success of any terrorist organization’s “PR” activities – spread fear, and build active propaganda though taking lives, and distributing the freely available media later on. So, if no lives are taken, why call it terrorism? Mainly because, cyberterrorism in my point of view isn’t an entirely new concept as some try to put it, it’s an extension of real life terrorism activities into cyberspace, and its evolution at a later stage.

Starting from the basic premises that terrorists need to communicate with each other, keep themselves up-to-date in today’s OSINT(open-source intelligence world), recruit potential members, and continue their active propaganda taking advantage of Internet’s many joys, in respect to anonymity(given it’s achieved), speed, and a bit of a black humor – interactivity!

Cyberterrorism as a concept from my point of view consists of their need for :

- platform for communication
No other medium can provide better speed, connectivity, and most importantly anonymity, given it’s achieved and understood, and it often is. Plain encryption might seem the obvious answer, but to me it’s steganography, having the potential to fully hide within legitimate (at least looking) data flow. Another possibility is the use secret sharing schemes. A bit of a relevant tool that can be fully utilized by any group of people wanting to ensure their authenticity and perhaps everyone’s pulse, is SSSS - Shamir's Secret Sharing Scheme. And no, I’m not giving tips, just shredding light on the potential in here! The way botnets of malware can use public forums to get commands, in this very same fashion, terrorists could easily hide sensitive communications by mixing it with huge amounts of public data, while still keeping it secret.

- platform for open source intelligence

Undoubtedly, there has never been so much publicly accessible information that could aid in the organizing and plotting terrorist acts. Measure the impact of a certain bombing? – check out the news and figure out what has changed ever since, research and obtain digital photos, even satellite imagery, it’s available. Try to figure out the latest specifications for RFID passports to come, and why it matters to you – keep on reading the specifications..! Transparency is always tricky!

The way a government can successfully identify terrorist sentiments around the Web, even precise sites to be put under close surveillance, terrorists on the other hand keep track of each and every major/minor global change anyhow affecting their goals or ambitions.

- platform for propaganda/recruitment

Now, don’t picture “Outstanding CV, here’s the address of our training camp in Pakistan, please, first introduce the idea to your friends, then share the address. Nuke the planet!” type of conversation :-)

Recruitment over the Internet is a contradictive topic, and many will argue that it’s irrelevant. I can argue too that there are people for all kinds of things, from maintaining mailings lists, to acting as freelancers whenever a resource, like an infected PC for anonymous communication is needed. Believe it or not, terrorists are silently but very actively building a web presence. In fact, these days you could even download execution clips directly from a terrorist’s web site. What’s else to note is the irony of how many terrorists web sites are actually hosted on U.S service provider’s servers, and you keep on looking for them around the world, check your backyard before looking at the neighbors :-)

Another important aspect of recruiting in such a way, is the location of people with obsessive
islamic views, someone actively expressing his/her hate towards the U.S and actually being of any use. For instance, there are cases of terrorist propaganda malware, where the author(a teenager, or sophisticated attacks?!) clearly expresses his/her support towards a “cause”.

This case is like the one I mentioned in my previous post concerning insiders, that is the way U.S government looks for democracy minded individuals in restrictive regime countries(the Win32/Cycle.A.worm), the very same way terrorists could spot similarly minded individuals holding important positions or knowledge on certain topic. Are any of these people screaming for recruitment, and would somebody listen?

- direct attack exploitation possibllities (people eventually die?!)

Is the electronically obtained a major food manufacturer's facility truck schedules of any use to terrorists interested in eventually hijacking and

Someone once mentioned a scenario related to U.S RFID passports, namely a bomb could automatically detonate, given there’re certain number of "broadcasted", note the term, U.S citizens around, that’s scary, but how about the same applies to mobile malware detecting U.S carriers for the same purpose?!

In the last article I wrote on the topic, I made an argument on where’s the line of a 19 year’s old boy shutting down 911 through ingenious technique for the fun of it, and a terrorist organization exploiting vulnerability in the system at a crucial moment in time let’s say?! What if people die out of the teen’s actions, but the terrorists’ attempt is quickly detected? Should cyberterrorism be judged based on the motives, or who’s actually behind it? I think it’s a combination of both!

- indirect attack exploitation possibilities
Should a terrorists’ use of phishing attacks, where the revenues go directly into funding further terrorist activities, both, cyber, real-life actions be considered an option?

Should a terrorist’s actions for hiring a person, directly obtaining certain social numbers, sensitive and detailed financial information, or anything else to assist a successful identity theft, with the idea to impersonate for a real-life terrorist scenario be considered an option? Yes, they both should!

This particular list is endless, the scenarios I can only leave to someone else’s psychological
imagination!

My worst case scenarios,though, consist of terrorists realizing the impact a target/mass directed intellectual property theft, cryptoviral extortion attack targeting the majority of U.S businesses. And as I often say, it’s all a matter of coordination with the idea to increase the impact!

To conclude, Terrorists are not rocket scientists unless we make them feel so!
Consider going through the following research for different point of views, and key facts :

How Modern Terrorism Uses the Internet

Examining the Cyber Capabilities of Islamic Terrorist Groups

The Power Failure and the Internet

Telecom - The Terrorism Risk

Emerging Terrorist Capabilities for Cyber Conflict against the U.S. Homeland

Myths and Realities of Cyberterrorism

Terrorism, Cyberspace and The First Amendment

Information Warfare: The Perfect Terrorist Weapon

Cyberland Security: Organised Crime, Terrorism and The Internet

Cyber Terrorism: Mass Destruction or Mass Disruption?

Cyber Warfare: An Analysis of the Means and Motivations of Selected Nation States

Technorati tags : cyberterrorism, terrorism, al qaeda, internet terrorism

Continue reading →

The Most Wanted Cyber Jihadist - An Analysis

October 26, 2022

NOTE:

I wrote this post in 2007.

This would have been an important blog post if cyber jihad were to be a issue that can be personalized, however, the reality as always has to do with another perspective, which in cyber jihad's case is diversification, localization of knowledge, and a knowledge-driven cyber jihadist communities itself.

My point is that this guy should not be considered as the public face of cyber jihad, now that he's no longer active as a cyber jihadist, he's a cyber martyr that will be inspiring another generation of wannabe cyber jihadists to come.

Here's the article:

"In addition, Tsouli Irhabi used countless other web sites as free hosts for material that the jihadists needed to upload and share. The true extent of his material distribution network is still not known. He is credited with the large scale distribution of a film produced by Zarqawi called "All Is for Allah's Religion. His arrest struck a significant blow to al Qaeda’s cyber terrorism weaponry. With cyber weaponry only requiring widely available knowledge and skills and the only equipment required a computer that can be purchased anywhere, cyber weapons proliferation cannot be controlled."

My favorite quote - "With cyber weaponry only requiring widely available knowledge and skills and the only equipment required a computer that can be purchased anywhere, cyber weapons proliferation cannot be controlled. These facts coupled with the recent cyber attacks on utilities that blackout cities and regions show this is a serious threat."

Wait a sec. PSYOPS is a practice by itself which in this case aims to increase the investments made into securing the critical infrastructure of a country, one that I bet even the bad guys stopped targeting due to the logical nature of the attack? It is such a practice. Moreover, remember another such PSYOPS practice, namely the desired "media-echo" effect achieved?

Stay tuned!

Continue reading →

Techno Imperialism and the Effect of Cyberterrorism

May 16, 2006

It's been a while since I've last blogged about Cyberterrorism, and while many did mentioned the topic in between the recent DRDoS attacks, Cyberterrorism is so much more than simply shutting down the Internet, namely the ability to communicate, research, recruit and use propaganda to achieve goals based on ideological beliefs, or the convergence of Terrorism and the Internet.

Can we argue that cyberterrorism is the direct effect of techno imperialism, or let's use a more friendly word such as IT-dependent society and information infrastructure?

What exactly does cyberterrorism mean? When does an average internet user's malicious activity turns into cyberterrorism ones? Are there clear definitions, or the lack of such as resulting in the in a total misunderstanding for both, the media and the general public. The recently released Google Trends, which I covered in a previous post, doesn't even count Cyberterrorism, so I looked further and came across to a very good research "Fear-mongering or fact: The construction of ‘cyber-terrorism’ in U.S., U.K, and Canadian news media" that aims to emphasize on the common misunderstanding when defining Cyberterrorism and the media's acceptance of the concept. The outcome? Declining media presence with the years, to end up where it is today, but what you should keep in mind is that the concept is still out there.

Trying to seperate Cyberterrorism as a tool for achieving Information Warfare dominance is like on purposely ignoring the the big picture -- that Cyberterrorism, one that sometimes results out of hacktivism tensions is a powerful tool for achieving the full effect of information warfare. Whereas such attacks occur all the time, I can argue that the actual impact of cyberterrorism cannot be easily and quantitatively justified. We all know that it's theoretically logical for terrorists to use the Internet for various cyberplanning and cyber communication, what can we do about it?

Crawling for terrorist web sites clearly associated with different organizations, or trying to spot terrorist symphatizers have been in the execution stage for yers. Projects such as the Terrorism Knowledge Discovery Project, take a very deep look into the subject by introducing Terrorism Knowledge Portal, an aggregated source for intelligence. Moreover, according to a recent article :

"SAIC has a $US7 million Defence Department contract to monitor 1500 militant websites that provide al Qaeda and other militant organisations with a main venue for communications, fund-raising, recruitment and training." It's also interesting to note other initiatives that started back in 2001, such as the Automatic Identification of Extremist Internet Web Sites.

Another concept goes in-depth into Confronting Cyberterrorism with Cyber Deception as "if it is possible to deceive terrorists, then it should also be possible to deceive cyberterrorists. The reliance of cyberterrorists on information technology makes them vulnerable to cyber deceptions. In addition, many of the methods and tools that cyberterrorists would use are similar to those used by other less malicious hackers, so we can plan specific deceptions to use against them in advance." As you can see on the grid above, the actors, the deception target and the level of difficulty provide more insight into the idea, great research!

Steganography embedded images used by terrorists on the public web can be doubtful, but on the Dark Web, why not? According to a research I came across to some time ago :

"In academia, graduate students Niel Provos and Richard Honeyman at the University of Michigan have written a web crawling program to detect steganographic images in the wild. The program has already digested 2 billion JPEG’s on popular sights such as ebay and has so far found only one stego-image in the wild. The detected image was on an ABC web page that dealt with the topic of steganography."

Detecting Steganographic Content on the Internet as a concept has been around for ages, while plain old encryption is the de-facto practice according to a well researched news article :

• Wadih El Hage, one of the suspects in the 1998 bombing of two U.S. embassies in East Africa, sent encrypted e-mails under various names, including "Norman" and "Abdus Sabbur," to "associates in al Qaida," according to the Oct. 25, 1998, U.S. indictment against him. Hage went on trial Monday in federal court in New York.

• Khalil Deek, an alleged terrorist arrested in Pakistan in 1999, used encrypted computer files to plot bombings in Jordan at the turn of the millennium, U.S. officials say. Authorities found Deek's computer at his Peshawar, Pakistan, home and flew it to the National Security Agency in Fort Meade, Md. Mathematicians, using supercomputers, decoded the files, enabling the FBI to foil the plot.

• Ramzi Yousef, the convicted mastermind of the World Trade Center bombing in 1993, used encrypted files to hide details of a plot to destroy 11 U.S. airliners. Philippines officials found the computer in Yousef's Manila apartment in 1995. U.S. officials broke the encryption and foiled the plot. Two of the files, FBI officials say, took more than a year to decrypt.

Among the many cases I am aware of worth mentioning are :

- What are the real risks of cyberterrorism? In 1998, a 12-year-old hacker broke into the computer system that controlled the floodgates of the Theodore Roosevelt Dam in Arizona, according to a June Washington Post report. If the gates had been opened, the article added, walls of water could have flooded the cities of Tempe and Mesa, whose populations total nearly 1 million.

- Cyberterrorism: How Real Is the Threat? Yonah Alexander, a terrorism researcher at the Potomac Institute—a think tank with close links to the Pentagon—announced in December 2001, the existence of an “Iraq Net.” This network supposedly consisted of more than one hundred websites set up across the world by Iraq since the mid-1990s to launch denial-of-service or DoS attacks against U.S. companies. The concept of botnets wasn't that popular at the time, so that's an example of marginal thinking on acquiring DoS power.

- In the indictment against Zacharias Moussaoui, it states that Moussaoui had among his possessions a flight simulator program, software for reviewing pilot procedures for a Boeing 747 Model 400, and a computer disk of information on aerial spraying of pesticides. The indictment also outlines Moussaoui’s use of e-mail to inquire about flight training.

- For almost two years, intelligence services around the world tried to uncover the identity of an Internet hacker who had become a key conduit for al-Qaeda. The savvy, English-speaking, presumably young webmaster taunted his pursuers, calling himself Irhabi -- Terrorist -- 007. He hacked into American university computers, propagandized for the Iraq insurgents led by Abu Musab al-Zarqawi and taught other online jihadists how to wield their computers for the cause.

I can argue which article is more intriguing compared to BusinesWeek's writeup on catching the ShadowCrew, but anyway all you need to a get a reader's attention is a name such as Abu Musab al-Zarqawi, a point that I feel is totally brainwashed in this paragraph :)

Cyberterrorism is an inseparable part of Information Warfare, and while we would hopefully never witness a catastrophic scenario, that is offensive use of Cyberterrorism, recruitment and propaganda flood the Internet on a daily basis. Just stop being suspicious about everyone, and try to enjoy life in between, can you, as terrorists are not everywhere -- but where we see them at the bottom line! Continue reading →

Cyber Jihadist Hacking Teams

December 17, 2007

These groups and fractions of religiously brainwashed IT enthusiasts utilizing outdated ping and HTTP GET flooding attack tools, represent today's greatly overhyped threat possed by the cyber jihadists whose cheap PSYOPS dominate, given the lack of strategical thinking, and the lack of sustainable communication channels between them, ruined all of their Electronic Jihad campaigns so far. Religious fundamentalism by itself evolves into religious fanaticism, and with the indoviduals in a desperate psychological need for a belonging to a cause, ends up in one of the oldest and easiest methods for recruitment - the one based on religious beliefs.

The teams, and the lone gunmen cyber jihadists in this post are : Osama Bin Laden's Hacking Crew, Ansar AL-Jihad Hackers Team, HaCKErS aLAnSaR, The Designer - Islamic HaCKEr and Alansar Fantom. None of these are known to have any kind of direct relationships with terrorist groups, therefore they should be considered as terrorist sympathizers.

_Osama Bin Laden's Hacking Crew
OBL's Hacking Crew are anything but cheap PSYOPsers trying to teke advantage of outdated conversational marketing approaches to recruit more members, for what yet remains unknown given the lack of any kind of structured formulation of their long-term objectives. They're also promoting the buzz word "E-MUJAHID" to summarize all the possible taska and objectives one would have. This is how they define E-JIHAD :

"JIHAD is the term used for struggle against evil. Electronic jihad or simply, E-JIHAD, is the jihad in cyberspace against all the propagandas and false allegations against the message of truth. E-JIHAD is the struggle in cyber space against all false and evil disciplines, ideology and forces of evil. Have you ever think what is the need of army? To defend the freedom and liberty of a territory and defend it from the attacks of evil intruders. similarly , E-jihad is the battle in the field of cyber space, against all false believes, and to defend the truth against the false and mean propagandas and cults. It is as necessary as a regular army, to defend the ideological borders of a nation. It is said, “ it is not the gun, it is man behind the gun “. Do you ever think what makes a “man “? Nothing, but just the faith and ideology. Without faith and ideology, there is no man and definitely , we then have gun , but without any man ."

These are the tips provided for "defending the ideological borders" :

- They have created anti-Islamic web sites, which are full of everything except the truth. They are full of mean and vulgar allegations against our HOLY QURA’AN, HOLY PROPHAT MOHAMMAD (PEACE BE UPON HIM) and our teachings. We must defend our teachings and fight against the evils. We have to create Islamic web sites, eGroups, Forums, Message boards, & we must support our Mujahideen brothers in Iraq, Afghanistan, Palestine, Kashmir and elsewhere.

- Many non-Muslims specially jews, Christians and hindus are working in different web groups and communities (like yahoo groups and msn communities) and spreading propaganda against us Muslims. There is a strong need to join such groups and try to refute them. At the moment, the cyber space is free of their opponents. Try to join and refute them, defend your HOLY TEACHINGS OF ISLAM and bring before everyone, nothing but just the truth.

- One of the most dangerous enemies is those who impersonate themselves as a Muslims but they are not Muslims infact. They are Islamic cults. They are usually qadyanis/ahmadis/mirzais and bahais. some are jews and christians. They are all non Muslims but they impersonate as a Muslim and try to misguide others. They are spreading non-Islamic believes. It needs to be taken care of, we have to fight them. Otherwise, you can imagine how disastrous this situation can be for Muslims. These culprit groups even tried to spread a copy of their teachings in the name of HOLY QURA’ AN. but ALLAH has promised that HE will keep HOLY QURA’AN preserved. That’s why, their attempt failed. What is our job? We must fight with these muslim cults and have to tell others the difference between Muslims and muslims cults.

- You can even make your own groups and communities to send mails having Muslim news and Islamic teachings. It is a time convenient method because if you have 500 members in your group, by sending a single mail in the group, your message will be in the inboxes of 500 users, and it takes hardly 1-2 minutes. Isn’t it a time saving technique?

- Many non-Muslim specially Americans, Israelis and Indian hackers always attack our web sites, which are refuting their falsehood and spreading the truth of Islam, the truth that is the only reality. To defend us against such “satanic groups “, we have to organize teamwork, consists of team of Muslim Hackers. Diamond cuts a diamond, to fight with hackers, we need hackers who will defend our sites and make it sure to convey uninterrupted messages to refute the evil and to spread the truth.

_Ansar AL-Jihad Hackers Team and HaCKErS aLAnSaR

Both of these are actually the same, and the group's popularity comes from the al-jinan.net and the al-jinan.org Electronic Jihad campaigns, yes, the failed ones. The original message from Al-jinan's first campaign back in 2006 :

Objective : Will be updated automatically in the main program and the extra room in the conversation. Date : Saturday, 26 /8/2006 - Hours are from 6 pm to 10 Mecca Time - Jerusalem-Cairo. From 3 pm until 7 Time 05:00 Enter chat http: al-jinan.org/chat. Will work only half an hour before the attack. Leadership decided to use only the major programme in the attack, Lltali follows : The programme operates in the same manner but more strongly Durrah, Member faced many problems in the modernization Durra because of their Alcockez, and the present quality, The programme is designed to automatically update speeds.

Their "pitch" :

"We note that our enemies Zionists have such groups in order to eliminate sites and sites of resistance Islamic profess. The notes on the Internet that many of the sites Mujahideen are taking place and the closure of sites and this immoral act of brotherhood pigs. Under such a senseless war on Lebanon and Palestine, the Zionists any target in any area. The factors that are responsible for targeting this will affect them and Ihabtahm and create terror in the hearts of God."

_The Designer - Islamic HaCKEr

A defacer going by the handle of The Designer - Islamic HaCKEr was a vivid hacktivist for a while, than switched handles and continued to deface spreading cyber jihadist PSYOPS such as the following message courtesy of one of his defacements :

"Muslims are not Terrorists and U.S.A & Israel & europa are Terrorists. america and israel and europa they terrorists and we moslems not is terrorists . and It was hacked because you are supporting the war in Iraq, palestine and Afghanistan, and it was hacked because you are killing our people and our kids in Iraq, palestine and Afghanistan , and It was hacked because they invaders our land and they vandals our homes and hacked your sites is our solution."

_Alansar Fantom

In direct coordination with The Designer and Al-Ansar Hackers Team, basically a low-profile script kiddie that's also involved in spreading the campaign message and the flood tools to be used in eh Electrnic Jihad campaign.

Offensive cyber terrorism on behalf of terrorists in the sense of cyber mujahideens is overhyped if they're to do it on their own given the factual based evidence of their current state of technical know-how, with the Electronic Jihad program among the most recent such overhyped threats. Defensive cyber terrorism as an extension of cyber jihad in an asymmetric nature, is what is going on online for the time being, and has been going on for the last couple of years.

The bottom line, script kiddies cyber jihadists dominate, PSYOPS fill the gaps where there's zero technical know-how, mentors are slowly emerging and providing interactive tutorials to reach a wider audience, localization of knowledge from English2Arabic is taking place the way propaganda is also localized from Arabic2English, and there's also an ongoing networking going on between cyber jihadists and Turkish hacktivists converting into such on a religious level. Case in point - MuslimWarriors.Org defacement campaigns with "anti-infidel" related messages. Continue reading →

Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

Cyber Terrorism Communications and Propaganda

The Freedom Tower - 11th September 2006

Summarizing 3 Years of Research Into Cyber Jihad

Summarizing 3 Years of Research Into Cyber Jihad

Terror on the Internet - Conflict of Interest

Analyses of Cyber Jihadist Forums and Blogs

Digital Terrorism and Hate 2006 CD-ROM

Digital Terrorism and Hate 2006 CD-ROM

Cyberterrorism - don't stereotype and it's there!

The Most Wanted Cyber Jihadist - An Analysis

Techno Imperialism and the Effect of Cyberterrorism

Cyber Jihadist Hacking Teams

RSS Feed

Search This Blog

About Me

Blog Archive

Tags

Popular Posts