Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

4/30/2010
09:37 AM
Gadi Evron
Gadi Evron
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Al Qaeda Implicated In Cyberattacks

Some papers recently became publicly available in the case of terrorism suspect Mohamedou Ould Slahi, accused of being one of Al-Qaeda's top recruiters. The papers revealed Al-Qaeda hacking activity, which demonstrates what proof of accountability in Internet attacks is, and how many of us jump to conclusions about countries, such as China, without it.

Some papers recently became publicly available in the case of terrorism suspect Mohamedou Ould Slahi, accused of being one of Al-Qaeda's top recruiters. The papers revealed Al-Qaeda hacking activity, which demonstrates what proof of accountability in Internet attacks is, and how many of us jump to conclusions about countries, such as China, without it.It also tells us that one of Al-Qaeda's targets before 2001 was Israel.

The heavily redacted court records don't offer much detail, but they are nonetheless critical. They are the first public record showing us -- if these records are to be believed and are not taken out of context -- that Al-Qaeda, indeed, does engage in computer attacks and information warfare. So we can show a clearly defined enemy engaging us in cyberspace.

Up until now, while it seemed clear to us ("Come on! We all know they do it!"), we had no public proof of their involvement, and we know that such assumptions proved to be false in the past. Thus, the cyberterrorism that we can prove has been limited to defacements of websites, and we can't prove who was behind those unless we believe their claims of responsibility.

This emanates from the fact that it is extremely difficult to prove from technical data alone who is behind an attack due to various reasons including IP allocation records and usage, IP spoofing, VPNs, using proxies, and Trojan horses to pass our communication through, as well as the fact that a third party could be using the computer to wage a covert attack.

This case teaches us that those in power have some proof (intelligence) that indicates the threat of Al-Qaeda as a cyberwarfare player, and that public discussion of who does what without proof is meaningless. The potential risk is calculated the same way, and any information on actual threat is pure guesswork.

We need evidence, such as we have of Germany's operations with the German Trojan horse, before we can make any public claims. When it comes to national security, security experts shouldn't be consulted, but rather, intelligence analysts.

The second matter under discussion is the information on Al-Qaeda's attacks. There's a glimpse of data from two of the paragraphs in this U.S. News article by Alex Kingsbury:

Slahi told interrogators that al Qaeda "used the Internet to launch relatively low-level computer attacks." Al Qaeda "also sabotaged other websites by launching denial-of-service attacks, such as one targeting the Israeli prime minister's computer server," court records show. The Israeli embassy in Washington had no comment on the information published in the court records.
And
Slahi told interrogators that bin Laden's group posted hacking instructions "on specific websites that directed the date and time of the attack."
This is interesting because it shows that, if the information is correct and attributed in context, Al-Qaeda coordinated some of their operations via forums on the Internet. And maybe (pure guesswork) at least some of the websites and online forums used by terrorism supporters on the Internet may be used by actual terrorists associated with Al-Qaeda.

Last, it tells us that an attack was launched in 2001 against the website of Israel's prime minister, which shows a clear online enemy Israel can point to, as well as potentially compare this intelligence with remaining technical records of attacks from that time period. This might provide us more information on sources and methods -- all that while keeping in mind that the attacks discussed are very simplistic in nature.

Follow Gadi Evron on Twitter: http://twitter.com/gadievron.

Gadi Evron is an independent security strategist based in Israel. Special to Dark Reading. Gadi is CEO and founder of Cymmetria, a cyber deception startup and chairman of the Israeli CERT. Previously, he was vice president of cybersecurity strategy for Kaspersky Lab and led PwC's Cyber Security Center of Excellence, located in Israel. He is widely recognized for ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Jai Vijayan, Contributing Writer,  4/15/2021
News
Dependency Problems Increase for Open Source Components
Robert Lemos, Contributing Writer,  4/14/2021
News
FBI Operation Remotely Removes Web Shells From Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-1074
PUBLISHED: 2021-04-21
NVIDIA Windows GPU Display Driver for Windows, R390 driver branch, contains a vulnerability in its installer where an attacker with local system access may replace an application resource with malicious files. Such an attack may lead to code execution, escalation of privileges, denial of service, or...
CVE-2021-1075
PUBLISHED: 2021-04-21
NVIDIA Windows GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the program dereferences a pointer that contains a location for memory that is no longer valid, which may lead to code execution, denial of se...
CVE-2021-1076
PUBLISHED: 2021-04-21
NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys or nvidia.ko) where improper access control may lead to denial of service, information disclosure, or data corruption.
CVE-2021-1077
PUBLISHED: 2021-04-21
NVIDIA GPU Display Driver for Windows and Linux, R450 and R460 driver branch, contains a vulnerability where the software uses a reference count to manage a resource that is incorrectly updated, which may lead to denial of service.
CVE-2021-1078
PUBLISHED: 2021-04-21
NVIDIA Windows GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel driver (nvlddmkm.sys) where a NULL pointer dereference may lead to system crash.