Al-Qaeda hackers break into websites

[InfoSec News <isn () c4i org>]

Forwarded from: Mike Gauthier <mike () a-and-m net>

http://cooltech.iafrica.com/technews/179588.htm

by Rob Lever
Posted Mon, 28 Oct 2002

The al-Qaeda terror network has begun using hackers who break into
websites to create secret pages that send messages to its followers,
Internet specialists say.

An example of this practice came earlier this month when a message
purportedly from al-Qaeda chief Osama bin Laden appeared on
cenobite.com, a website started by a fan of science fiction writer
Clive Barker.

Andrew Weisburd, an online activist who tracks terrorist groups, said
he believes al-Qaeda began using this technique to communicate after
the rights expired to alneda.com, a website often linked to al-Qaeda.

"Al Neda is continuing its practice of hijacking Web servers and
placing their site in obscure subdirectories," says Weisburd.

Weisburd said a number of other websites have been used this way, but
he did not want to reveal the names of the sites "in the hopes of
sheltering the rightful owners of the victimized websites and servers
from the consequences of being linked to al-Qaeda."

David Wray, a spokesman for the FBI's cybercrime arm, the National
Infrastructure Protection Center, said the agency was aware of the
reports about al-Qaeda's activity, but added, "I can't comment on its
veracity or lack thereof."

Michael Vatis, a former NIPC director who now heads the Institute for
Security Technology Studies at Dartmouth College, said it is plausible
that al-Qaeda is using the hacking techniques.

"We haven't seen it, but it is a confluence of several things we've
been studying," Vatis said.

"It's further evidence of the organization's increased sophistication
in using modern technologies for covert communications and to evade
detection."

What is unusual, say security specialists, is that the operators of
the innocent websites are often unaware of the intrusion until well
after the fact, because the data is place on a hidden file that can
only be accessed with the correct code.

"I don't consider this a hijack of a website, I'd call it a parasite
attack," said Mike Sweeney, an Internet security specialist who
operates the site packetattack.com

"You break into the website, you get permission to create a folder,
you add a file and you cover up your tracks. For the rest of the
world, the site looks ordinary, but if you know the path you can find
it."

Sweeney said it is difficult to know without examining the computers
whether al-Qaeda was behind the intrusions. But he said it is a likely
scenario because it is an easy way to spread information quickly.

"It's fast, cheap and almost impossible to trace," he said.

Weisburd agreed that the messages appear to be real.

"I'm not an expert in this area, but my feeling is that the messages
are legit, that Osama is alive and well, and the al-Qaeda, while
depleted of many of their older and more experienced members, is
alive, is well, and is on the offensive," he told AFP.

"They are not just posting a single message. The Al Neda site is huge,
roughly 135 megabytes, and mostly text ... They can't hide the site,
because then it couldn't be found by their own people. They can't just
send e-mail, because it's being monitored. Steganography (hiding
information in images) generally requires software support, and if you
rely on public computers, at cyber cafes or libraries or universities,
that software may not be available."

Weisburd said that after he uncovered the technique, al-Qaeda
"released a statement decrying our 'unusual' and effective methods and
declaring a Jihad against us."



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.