Electronic Jihad (merged thread)

[Stan]

Estonia's geeks pointed me to this article among others.

Security experts are saying that a reported al-Qaeda cyber jihad attack planned against Western institutions should be treated with skepticism.

Such an attack could be launched with a known software kit, called Electronic Jihad Version 2.0, said Paul Henry, vice president of technology evangelism with Secure Computing. This software, which has been in circulation for about three years, has recently become more easily configurable so that it could be more effective in a distributed denial of service attack, such as the one suggested by the DEBKAfile report.

Attackers would download Jihad 2.0 to their own desktops and specify the amount of bandwidth they would like to consume, not unlike the SETI@home software package used to scan for signs of extraterrestrial intelligence.

However, Henry said that his law enforcement contacts are treating the report with some skepticism. "I talked to a few people today who know of DEBKAfile, who feel they are dubious, but they can be credible," he said. "I'm not looking at Nov. 11 as being the day that the Internet goes down."

[JeffC]

Estonia's geeks pointed me to this article among others.

Regardless of DebkaFile's dubious reputation, the fact remains that cyberwarfare is not only a reality, but that it's been a warfighting domain for DOD for at least a year; that the USAF is actively engaged in R&D related to it; and that we (meaning the U.S.) are quite vulnerable to such an attack, and even worse, have no recovery plan in place in the event of wide-spread Internet failure.

I've written on this subject at the following links:

http://idolator.typepad.com/intelfus...ke-fema-i.html
http://idolator.typepad.com/intelfus...ld-west-o.html
http://analysis.threatswatch.org/2007/06/terror-web-20/
http://www.esecurityplanet.com/preve...le.php/3694711

[selil]

This has been a realm of concern since the 1970's. The first computer warfare activities were in the 1980's. In the mid 1990's substantial cyber attacks occurred. The question is of scope and what you consider to be "cyber" and to be an "attack".

If you want to have this discussion about real capability this is likely not the forum for it.

[Schmedlap]

I actually hope that this report is completely true. Our geeks are nerdier, better funded, more organized, better equipped, and far more experienced than theirs. Not to be too overconfident, but this fight, if it occurs, will be about as lopsided as the Titanic versus the iceburg.

[selil]

And this just released.

Interesting article on trojan horses being installed on drives being targeted to government agencies. This is going to fuel the no foreign equipment purchased for government like the IBM debacle.

Bureau warns on tainted discs
FOCUSED ATTACK: Large-capacity hard disks often used by government agencies were found to contain Trojan horse viruses, Investigation Bureau officials warned
By Yang Kuo-wen, Lin Ching-chuan and Rich Chang
STAFF REPORTERS
Sunday, Nov 11, 2007, Page 2

Portable hard discs sold locally and produced by US disk-drive manufacturer Seagate Technology have been found to carry Trojan horse viruses that automatically upload to Beijing Web sites anything the computer user saves on the hard disc, the Investigation Bureau said.

Around 1,800 of the portable Maxtor hard discs, produced in Thailand, carried two Trojan horse viruses: autorun.inf and ghost.pif, the bureau under the Ministry of Justice said.

The tainted portable hard disc uploads any information saved on the computer automatically and without the owner's knowledge to www.nice8.OBSCURED (.org) and www.we168.OBSCURED (.org), the bureau said.

The affected hard discs are Maxtor Basics 500G discs.

The bureau said that hard discs with such a large capacity are usually used by government agencies to store databases and other information.

Sensitive information may have already been intercepted by Beijing through the two Web sites, the bureau said.

The bureau said that the method of attack was unusual, adding that it suspected Chinese authorities were involved.

In recent years, the Chinese government has run an aggressive spying program relying on information technology and the Internet, the bureau said.

The bureau said this was the first time it had found that Trojan horse viruses had been placed on hard discs before they even reach the market.

The bureau said that it had instructed the product's Taiwanese distributor, Xander International, to remove the products from shelves immediately.

The bureau said that it first received complaints from consumers last month, saying they had detected Trojan horse viruses on brand new hard discs purchased in Taiwan.

Agents began examining hard discs on the market and found the viruses linked to the two Web sites.

Anyone who has purchased this kind of hard disc should return it to the place of purchase, the bureau said.

The distributor told the Chinese-language Liberty Times (the Taipei Times' sister newspaper) that the company had sold 1,800 tainted discs to stores last month.

It said it had pulled 1,500 discs from shelves, while the remaining 300 had been sold by the stores to consumers.

Seagate's Asian Pacific branch said it was looking into the matter.

[JeffC]

This has been a realm of concern since the 1970's. The first computer warfare activities were in the 1980's. In the mid 1990's substantial cyber attacks occurred. The question is of scope and what you consider to be "cyber" and to be an "attack".

If you want to have this discussion about real capability this is likely not the forum for it.

What forum do you recommend?

[selil]

What forum do you recommend?

My concern is the management might get offended. I got warned about going off on a tangent once before.

[JeffC]

My concern is the management might get offended. I got warned about going off on a tangent once before.

Well, that's fair, but surely there must be a forum here where a discussion of Cyberwarfare is on-topic.

[selil]

Well, that's fair, but surely there must be a forum here where a discussion of Cyberwarfare is on-topic.

There really isn't a sub-forum to discuss it.

Futurists & Theorists "Future Competition & Conflict, Theory & Nature of Conflict, 4GW through 9?GW, Transformation, RMA, etc." is where most people might want to put it but it is a real and now threat.

Catch-All, Military Art & Science is the open category but really it's been more about non-standard equipment.

The Information War forum might seem like a good place for discussion of cyber warfare but they are NOT the same thing. Cyber warfare is about the manipuation of the computing asset not the communication channel.

Cyber-warfare is attacks against the infrastructures of command, control, coordination and communication. In general (staying high level) cyber warfare are attacks against the security services of confidentiality, integrity, availability, non-repudiation, and authentication (McCumber model as adapted by Schou, Maconahay, Ragsdale). Cyber-warfare can be smart bombs into the telephone company, trojan horses hidden on hard drives, laptops stolen from desks, and social engineering users. I've got a pretty extensive high level slide presentation I can put up on my blog if interested.