The Growth of Cyber Terror

Wednesday, September 07, 2011

Craig S Wright

8b5e0b54dfecaa052afa016cd32b9837

With the rise of AntiSec since the formation of LulzSec and the growing prominence of Anonymous this year, hacktivism has started to move into the mainstream world.

More and more, SCADA systems and other critical infrastructure is taken for granted and we forget just how much of our lives are managed through private systems. Exploits have been noted as being of critical concern in US government briefs.

We also forget that SCADA systems are connected to the world.

This means that there an increasing ability for attacks to result in damage of physical property and the loss of life, and that over time this trend will simply increase.

Carsten Bockstette defined terrorism as:

"political violence in an asymmetrical conflict that is designed to induce terror and psychic fear through the violent victimisation and destruction of non-combatant targets”.

Also with the recent attacks on the Arizona Police Department by LulzSec that resulted in the publication of home addresses of numerous police officers and the compromise of the National Crime Information Center (NCIC) – an organisation that has been referred to as the lifeline of law enforcement – these groups have started to induce fear.

LulzSec have stated that their "top priority is to steal and leak any classified government information, including email spools and documentation. Prime targets are banks and other high-ranking establishments.“

In doing this under the guise of freedom of information, they are actually causing more widespread damage as well as inciting distress in the mass population.

Those in these groups say that they are simply exposing the lack of security that already exists, but the truth is there is no such thing as perfect security.

Does your home have bullet proof Lucite for windows? If not, then you too are also not perfectly secure. This is the argument taken by those supporting AntiSec. If you do not spend an uneconomically viable amount on security, you deserve all you get.

The argument that these groups are helping is flawed. Their goal of promoting internet freedom and freedom of speech instead creates fear, uncertainty and doubt. They move money from valid uses to futile pursuits and place lives at risk when they target operational data such as that used by the NCIS.

If their maxim was to truly support the cause of creating a more secure world, these groups could target known cyber-criminal groups such as those running the TDL-4 botnet with over 4.5 million infected systems already.

In place of helping, these groups actually divert funds that could have been used to stop these criminal enterprises that are growing at a phenomenal rate.

Worse, they engage in activities that create true suffering. Attacks such as that on CNAIPIC and related organisations have resulted in several ongoing undercover operations being closed through the possible compromise of operational information.

Some of these operations involved undercover operatives who had been in the field for more than 12 months. These where dedicated law enforcement officials working to stop child exploitation, drug smuggling and the forced exploitation of women through people smuggling. Women sold into the illegal sex trade.

The targeting of serious crime forces in the effort to "purposefully sabotage their efforts to terrorise communities fighting an unjust 'war on drugs'" demonstrates a concerted political agenda designed to create chaos and fear.

This is what these so called harmless groups are actually doing. Undertaking protests as a form of entertainment and creating mischief, and causing widespread damage.

When will we start to look at the lives they have damaged, the damage they have forced on us all. When we see the next news story on a drug addict, will we make the effort to think of the connection to AntiSec and the damage they have caused?

Al-Qaeda and other pure terror groups have been on the back foot unable to leverage the social aspects of Web 2.0. The rise of cyber based groups engaging in hactivism is creating chaos, but it is only the start. One question we have to as is will this change as groups such as Anon and LulzSec define a distributed model for social malfeasance?

So I have to say, welcome to the Brave new world of cyber terror where the enemy can spin online media and somehow become your friend. We are not there yet, but we are on the way.

About the Author:

Craig Wright is the VP of GICSR in Australia. He holds both the GSE, GSE-Malware and GSE-Compliance certifications from GIAC. He is a perpetual student with numerous post graduate degrees including an LLM specializing in international commercial law and ecommerce law, A Masters Degree in mathematical statistics from Newcastle as well as working on his 4th IT focused Masters degree (Masters in System Development) from Charles Stuart University where he lectures subjects in a Masters degree in digital forensics. He is writing his second doctorate, a PhD on the quantification of information system risk at CSU.

Possibly Related Articles:
6847
Network->General
Information Security
SCADA Security Hacktivist Law Enforcement Cyberterrorism Lulzsec AntiSec
Post Rating I Like this!
29caf2d9c852c6936e9d8b256513d0bf
Lance Miller @Craig, from what I have seen Al-Qaeda and similar groups have embraced web 2.0.
1315494592
8b5e0b54dfecaa052afa016cd32b9837
Craig S Wright Lance,
Some argue this as they have transmitted videos and a few other things, but the core of 2.0 is social networks and Al-Qaeda have not managed to anything like the Anon networks.

Others have transmitted messages from AQ virally, but there is little at all from AQ themselves here.

I know the arguments and there are always tales from analogy, but as a whole there is not much support for it. It is changing, but they have not really created a model that works as yet.
1315513443
29caf2d9c852c6936e9d8b256513d0bf
Lance Miller Craig, what about Inspire and the many social media arms that extend from it?

Quite the following, I would say.

1315513896
8b5e0b54dfecaa052afa016cd32b9837
Craig S Wright First, I will point you to Max Fisher’s “Five Reasons to Doubt Al-Qaeda Magazine’s Authenticity,” The Atlantic, July 1, 2010, accessed at [1].

The authenticity of Inspire as a Al-Qaeda effort is doubtful at best and has been largely discredited from the materials being analysed following the capture of the AQ headquarters.

The effect of this publication on a its mainstream target audience is minimal with an appeal only to a small, self-selected segment of the population.

As Fisher notes in the July 2005 issue discussed in [2] his above, al-Zawahiri, in a allusion to captivating the “hearts and minds” of the Islamic people, noted that “the Muslim populace who love and support you will never find palatable … the scenes of slaughtering the hostages.”

AQ has not loosened its grip on secrecy enough to really make use of 2.0. So far, there has been nothing even close to the Twitter organisation of riots in London nor even hactivist organisation or attacks vis a vi Anon.

[1] http://www.theatlantic.com/international/archive/2010/07/5-reasons-to-doubt-al-qaeda-magazinesauthenticity/59035/
[2] http://www.theatlantic.com/international/archive/2010/06/al-qaedas-first-english-language-magazine-is-here/59006/
1315517300
8b5e0b54dfecaa052afa016cd32b9837
Craig S Wright Next, I have attached a link to the Federal Bureau of Investigation (FBI) testimony on this. These is little evidence of offensive attacks on cyber networks from Al- Qaeda. Those few incidents that are
Attributable to terror groups have principally been restricted to naive labours that come from the Web 1.0 days. The common methodologies include e-mail bombing, DDoS attacks (with little public success so far), and website defacement. More these few attacks have been predominantly targeted at a small set of ideological opponents.

These groups are defiantly increasing in their technical competency. They have also been growing a significant emerging competence in the area of network-based attacks, though they do have some way to come in attacking web applications.

What we can expect from the models being created in cybercrime is that terror groups will slowly develop a range of in-house skills but will more often or hire hackers for selected “missions”. They have been talking with cybercrime organisations and are definitely looking to this model as a means of funding. There is a stated goal in these groups to develop a with cyber-attack competence, but they are still on the back foot where this comes about. The main reason for this is still in support of conventional attacks and has not moved into selective cyber-based efforts.

As stated, the growth of groups such as Anon has however created a model that terror groups are seeking to exploit for their own cause.

[1] Statement of Steven Chabinsky, Deputy Assistant Director, FBI Cyber Division, before the Senate Judiciary Committee Subcommittee on Homeland Security and Terrorism, at a hearing entitled, Cybersecurity: Preventing Terrorist Attacks and Protecting Privacy Rights in Cyberspace, November 17, 2009. (http://www.fbi.gov/news/testimony/preventing-terrorist-attacks-and-protecting-privacy-rights-in-cyberspace)
1315520312
Da3ca2c61c4790bcbd81ebf28318d10a
Krypt3ia First on the reasons to doubt Inspire Magazine = Bunkum. It's a real mag run by Samir Khan.

Second, on the cyber attacks, or lack thereof by AQ, you are correct for the most part. They have not embraced the technology on a level of an "anonymous" and frankly, for the most part of what I see every day, they lack the skills to do so. They really have no interest per se either except in the kinetic attack scenario where they may be able to attack the financial or energy sectors. There has been some talk on the boars on this type of attack, but its been small and not so technical.

Frankly, the jihadi's have enbraced web2.0 though with their propaganda jihad. There is the ongoing facebook jihad and other areas of recruitment/radicalization that they have been working on and getting better at. One only need to look as far as the teachings of TNT_ON or Abu Hafs Al-Suni Al-Suni to see the plans being put into action.

K.
1315574567
44a2e0804995faf8d2e3b084a1e2db1d
Don Eijndhoven I don't know what genius came up with the notion that Inspire might not be 'real', but he/she is wrong. Inspire is as real as it gets. It may not be carried throughout the entire extremist community, but that doesn't make it any less 'real'. Thats all I'll say to that.

If you wish to see more on how extremists have embraced the internet for jihad, look up Jeff Bardin's work. Its very good.
1315755569
8b5e0b54dfecaa052afa016cd32b9837
Craig S Wright Don,
There is little debate that Inspire is “real”. That it is an Al-Qaeda exertion remains another thing. The links to AQAP are limited. The material in it is recycled. It is generally published second hand. Well after it has been distributed through other channels and is publically available.

If the leadership of AQAP was involved, it would be expected that novel signals information could be seen and colloquial English would not be so prevalent.

There is also a world of difference in disseminating a message and engaging in activities. Right now, online engagement is limited. We are yet to see a concerted cyber-attack from these groups. It remains that organised uprisings (such as London) are not a part of the existing arsenal.

Running to Yeman and stating you support AQ does not mean you have any real contact with the leadership of such.

A Discourse analysis of the language used in many of the articles does not support the assertions of the origin. Many demonstrate a strong use of American English.

Yes, they are jihadists in their own way, but more as copycats. There remains little to support this as a AQAP effort.

Craig
1315771719
Da3ca2c61c4790bcbd81ebf28318d10a
Krypt3ia Craig, first off let me say this outright كنت احم Second, please go back to writing entry level forensics books. Thirdly, please keep your 9/11 truth like arguments on boards like above top secret because this venue is for other things.
K.
1315778024
Ecadf7bc12303bf9d93a73b5ea4a6ace
Robin Jackson I'm sorry, you've got it absolutely wrong Craig. Jihadists are very social, in their own boards in their own language. They are teach others how to be anonymous and how to attack both kinetically and in cyber. You are totally wrong and naive in your analysis of all the subjects that you cover in this rambling missive.

Sorry, but I have to agree with Scott this time...
1315795703
Da3ca2c61c4790bcbd81ebf28318d10a
Krypt3ia Whoa, rjack and I on the same page... jk
1315839044
D5e39323dd0a7b8534af8a5043a05da2
Fred Williams I would agree with Robin that Jihadists are very social and know how to use the Internet wisely. A youth from here in Fuquay Varina, NC was arrested on suspicious terrorist activities and it was widely assumed that he "knew" Mohammed Atta. How did he get to know this 9/11 terrorist? Some believe through Jihadist propaganda and website forums.
1315854897
Ecadf7bc12303bf9d93a73b5ea4a6ace
Robin Jackson We got off on the wrong foot Krypt3ia...I what you do, I read your posts regularly and I love your Maltego skills (though we have to find a way to make them legible). I know that you are very cognizant of the issues and the enemy...regards ;)
1315855297
Da3ca2c61c4790bcbd81ebf28318d10a
Krypt3ia Rjack, yeah, and I am mellowing in my old age as well. All in all J is still not really doing it for me, but he hasn't really gotten in the way either.
1315856766
29caf2d9c852c6936e9d8b256513d0bf
Lance Miller Thanks to Niels Groeneveld for this link about how AQ recruits online:

http://the-diplomat.com/2011/09/13/how-al-qaeda-recruits-online/
1316179084
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.