The Electronic Jihad 3.0 installer (Source: DailyTech)
Are cyberattacks a legitimate terrorist threat? E-Jihad, as its dubbed, most certainly was not
Early this month a story began to circulate that an online Jihad was set to take place on Nov. 11, 2007. The original source of the story, DEBKAfile, describes itself as an Israeli open source military intelligence site, though it has also been called a muckraking and political tabloid site.
DEBKAfile’s report cited anonymous “counter-terror sources” as having translated an Oct. 29, 2007, call to electronic arms for the followers of Osama bin Laden. It was said that on Nov. 11, Al Qaeda experts would use a program known as “Electronic Jihad” to coordinate attacks on Western, Jewish, Israeli, Muslim apostate and Shiite Web sites. Electronic Jihad, also known as the E-Jihad program, is currently in revision 3.00.
The plan was to first practice by taking down 15 specific sites and then move on to bigger attacks involving “hundreds of thousands of Islamist hackers.”
The report was quickly met with skepticism and dismissed as a threat by press and security experts. Johannes B. Ullrich, Chief Research Officer of the SANS Technology Institute, quipped that cyberterrorists would be unable to do more than a “lame denial of service attack.”
In the days since Nov. 11 no major attacks fitting the description have been reported. This may be due to Electronic Jihad’s dependence on servers that have been taken down.
In July of this year a report by InformationWeek detailed how E-Jihad seeks to implement distributed denial of service (DDOS) attacks by organizing online Jihadists. It allows users to choose from a list of target Web sites, and pick an attack speed of low, medium, or high. If a large enough network of users volunteer their computers, they can over whelm a single Web site by repeatedly reloading pages or pinging the server. The program updates its target list regularly and uses proxies to avoid Web site blocking technologies.
The weakness in the program is that it is dependent on individual servers to coordinate attacks. It is thought that the U.S. government has taken down many of these servers, such the Al-jinan.org jihadi Web site that InformationWeek cites as the distribution source of E-Jihad. As of the writing of this article the Web site is unavailable.
Despite its weakness, E-Jihad is a real piece of software available on the web, giving evidence that terrorists are trying to use malware as an attack vector reported Francois Paget on McAfee Avert Labs Blogs. His company recently acquired a copy of E-Jihad 3.00 and Paget explored its abilities. He described the program as “years behind” and attributed its Nov. 11 failure to the shutdown of the distribution server.
Paget mentioned E-Jihad’s inferiority to modern attack techniques. “No fast-flux network was involved; no complex Command & Control protocol was committed, no worldwide botnet was created.”
In fact, one of the incredible oversights of E-Jihad is that it does not deploy its botnet by force -- potential Jihadists must volunteer their computers to the whim of others, and potentially anyone with the E-Jihad program.
A quick demonstration confirms the E-Jihad program could even be used against itself. Security analysts, who wished to remain anonymous, demonstrated to DailyTech how E-Jihad just as easily initiates a denial of service attack against other E-Jihad distribution websites.
However, due to the ineffectiveness of the network, E-Jihad fails to takedown any site. Site monitoring logs shown to DailyTech indicate E-Jihad barely manages to scrap up a few thousand machines -- successful botnets today command hundreds of thousands of infected machines. These machines are almost always compromised without the users' knowledge, a strong difference from the "volunteer" philosophy of E-Jihad.
Regardless of the Nov. 11 no-show, it is clear that cyberattacks are a real threat to Internet dependent businesses and governments. Last June it was revealed that the Chinese military was most likely responsible for an attack that hacked the U.S. defense department so badly it was forced to take part of its system off line. The Department of Homeland security has also been compromised hundreds of times by online attacks.
If the E-Jihad program were to evolve into a worm that creates botnets like the one that attacked eBay last September things could go very badly for targets in the future. The Storm Worm is believed to have created a vast botnet with an estimated host base in the millions. Such an army of zombie computers bent to cyberterrorism will be far more dangerous than the voluntary user network that E-Jihad employs, though as Paget points out, online Jihadists have a long way to go still.
|