[ISN] Al-Qaeda hackers break into websites

From: InfoSec News (isnat_private)
Date: Thu Oct 31 2002 - 02:23:38 PST

  • Next message: InfoSec News: "[ISN] Orissa cops to check cyber crime"

    Forwarded from: Mike Gauthier <mike@a-and-m.net>
    by Rob Lever
    Posted Mon, 28 Oct 2002
    The al-Qaeda terror network has begun using hackers who break into
    websites to create secret pages that send messages to its followers,
    Internet specialists say.
    An example of this practice came earlier this month when a message
    purportedly from al-Qaeda chief Osama bin Laden appeared on
    cenobite.com, a website started by a fan of science fiction writer
    Clive Barker.
    Andrew Weisburd, an online activist who tracks terrorist groups, said
    he believes al-Qaeda began using this technique to communicate after
    the rights expired to alneda.com, a website often linked to al-Qaeda.
    "Al Neda is continuing its practice of hijacking Web servers and
    placing their site in obscure subdirectories," says Weisburd.
    Weisburd said a number of other websites have been used this way, but
    he did not want to reveal the names of the sites "in the hopes of
    sheltering the rightful owners of the victimized websites and servers
    from the consequences of being linked to al-Qaeda."
    David Wray, a spokesman for the FBI's cybercrime arm, the National
    Infrastructure Protection Center, said the agency was aware of the
    reports about al-Qaeda's activity, but added, "I can't comment on its
    veracity or lack thereof."
    Michael Vatis, a former NIPC director who now heads the Institute for
    Security Technology Studies at Dartmouth College, said it is plausible
    that al-Qaeda is using the hacking techniques.
    "We haven't seen it, but it is a confluence of several things we've
    been studying," Vatis said.
    "It's further evidence of the organization's increased sophistication
    in using modern technologies for covert communications and to evade
    What is unusual, say security specialists, is that the operators of
    the innocent websites are often unaware of the intrusion until well
    after the fact, because the data is place on a hidden file that can
    only be accessed with the correct code.
    "I don't consider this a hijack of a website, I'd call it a parasite
    attack," said Mike Sweeney, an Internet security specialist who
    operates the site packetattack.com
    "You break into the website, you get permission to create a folder,
    you add a file and you cover up your tracks. For the rest of the
    world, the site looks ordinary, but if you know the path you can find
    Sweeney said it is difficult to know without examining the computers
    whether al-Qaeda was behind the intrusions. But he said it is a likely
    scenario because it is an easy way to spread information quickly.
    "It's fast, cheap and almost impossible to trace," he said.
    Weisburd agreed that the messages appear to be real.
    "I'm not an expert in this area, but my feeling is that the messages
    are legit, that Osama is alive and well, and the al-Qaeda, while
    depleted of many of their older and more experienced members, is
    alive, is well, and is on the offensive," he told AFP.
    "They are not just posting a single message. The Al Neda site is huge,
    roughly 135 megabytes, and mostly text ... They can't hide the site,
    because then it couldn't be found by their own people. They can't just
    send e-mail, because it's being monitored. Steganography (hiding
    information in images) generally requires software support, and if you
    rely on public computers, at cyber cafes or libraries or universities,
    that software may not be available."
    Weisburd said that after he uncovered the technique, al-Qaeda
    "released a statement decrying our 'unusual' and effective methods and
    declaring a Jihad against us."
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Thu Oct 31 2002 - 08:43:10 PST