Cyber Jihad - I’ll say good and quiet November 11 to you
Wednesday November 7, 2007 at 11:52 am CST
Posted by Francois Paget
Rumors circulate periodically about the approaching of a cyber jihad against Western websites. In October 2001, hackers in Pakistan declared such a battle against the US and Britain, and as early as 1995 a strategic exercise simulated an information attack on the US and its allies ( Time Magazine, August 21, 1995 Volume 146, N°. 8 ).
More recently, the controversial alerts of August 2004 and November 2006 caused us to handle such information with an enormous amount of caution. It is why, up until recently, we did not relay the last information given by an Israeli intelligence magazine reporting that such attack was announced for November 11, 2007.
However, yesterday we received a sample of a program that some have connected with this attack, and as many comments circulate today on the Web, I decided to blog on this matter.
The program is pompously named “the electronic program of Jihad” and is quoted as version 3.00. Its icon matches the one DEBKAfile presented in his November 7 article: the symbol of all Qaeda’s Cyber Warriors.
http://www.debka.com/headline.php?hid=4723
Once installed, the program asks for a username/password to join the attack network and attempts to connect to a cyber jihadist coordinating web site. Today this site is unreachable.
Another window seems related to some bonus program: you can win 24 points by referring a newcomer.
As for now the pilot website is down and I was unable to continue the analysis, but the following screenshot is available on the Anthropologist blog.
Like previous versions, it seems the program can only initiate basic DDoS attacks and as written by the Register, some are skeptical of this attack.
Attacks against websites happen every day for criminal, political, and/or hacktivist reasons and this one, if it occurs, will be added to that long list.
I wrote this blog entry to demonstrate that at least one terrorist ring is interested in malware. But it seems to me, they have not reached the technical level of some criminal groups, for now. In this case, no fast-flux network was involved; no complex Command & Control protocol was committed, no worldwide botnet was created. They are years behind! Shutting down the distribution website stopped the attack before it starts.
It is why I’ll say good and quiet November 11 to you.
November 7th, 2007 at 12:19 pm
So it’s like volunteering for a botnet. Interesting approach. I just wonder if it’s really related to any Islamic Jihadist organizations or if it’s just a social engineering attack to grow the network.
Any further details on the connectivity back to the login server? Any details from the binary on how it was built that would indicate whether it was created from a setup totally on an islamic system or whether it’s only meant to look islamic.
November 7th, 2007 at 1:07 pm
“I wrote this blog entry to demonstrate that at least one terrorist ring is interested in malware.”
Actually, you haven’t had any means to identify the source of this malware, or have you? so, it’s a bit unprofessional from your side to attribute it to any group especially that the source of the news (an israeli website) is clearly in dispute with those people.
November 8th, 2007 at 6:38 am
Update 8th November 2007
The Register is reporting that a new version of the “Electronic Program of Jihad” has been discovered. This new version has been dubbed version 3.0. It is speculated that this program is the version that will be used during the above reported threat of attack on November 11th. McAfee provide more details on their Avert Labs Blog.
November 12th, 2007 at 2:38 pm
Ramsey: I’m pretty sure its what they say it is. The 2.0 software was distributed on an Islamist al-Qaeda support site in texas that was shut down earlier this year.