As many of u might have heard of the recent warning/alert by US Dept of Homeland Security (DHS) for Al Qaeda’s Cyber attack on financial institutions. I think many people know, and it has been also said many times by the US officials that the group has been dismantled. How could Al-Zawahiri and the team could launch cyber attack from Waziristan or anywhere they are? … that’s just absurd.
Lets say, some supporters (independent of Al Qaeda leadership’s involvement) or hired-ones would be thinking about it. How likely it is that Al Qaeda could hire elite hackers? One can find n00bs everywhere, but launching a cyber attack on US banks is not the job of rookies. I believe finding some elite hackers in the muslims world and hiring 'em is not at all easy. The probability of finding good people for their work is already very low. And do you think they 'd be able to convince educated people for their plans? …
…then why every now-and-then articles/research-papers appear on “Cyber Terrorism” and now these DHS alerts/warnings? … are there any real basis for all this crap? …or this is a ground-work to nab educated muslim people (specially related to IT)? …The past practices of US govt. have been, they do media propaganda first and then do what they actually had planned for.
Re: Al Qaeda cyber attack ..... how real is the threat?
I just put my opinion .... it is possible that some people could have different opinion. If ur opinion is same as mine, then thank you.
However, there is still one thing that i am not sure myself .... is this media propaganda a campaign before starting a crack down in the name of "Cyber Terrorism" this time? Because before Iraq war, they kept talking about WMDs. Recently it has been Iran's nukes, and now cyber terrorism.
Re: Al Qaeda cyber attack ..... how real is the threat?
Its just a wrst time going on... They say that and then sit back... now they will lose some security to break some one in any after wards saying:' That ws saddam' Even he is in jail with no internetconnection or Laptop or H Elite info.
Re: Al Qaeda cyber attack ..... how real is the threat?
first virus is disputed. it was the first mass spreading virus;caught the media attention.
Pakistan on stuff like electronic warfare are massively behind. You only hear of vandals breaking websites for defacements. That is not particularly difficult. Unlike US, N.Korea and China they dont have a specialst group whose job it is to probe and attack national infrastructure over networks. e.g. let all water from a dam, or disable a power station. The more interesting scenario is playing 'malory' in a command and control network.
Re: Al Qaeda cyber attack ..... how real is the threat?
There might be some hackers, expert in website defacement, but people call them script kiddies. For the past one year, i've been involved in the field as part of my job, but i didn't see any big names from pakistan or other countires. There might be some under-ground people but even from such groups there were just a couple of noticeable incidents from chinese groups.
So what does that "large population of very knowledgeable hackers" do? I haven't seen any contributions from them as a White Hat community (except from one guy which was not a responsible disclosure of MS Office flaw though), whereas i can't say anything about under-ground acitivities. Since, i'm NOT very experienced in the practical field, so i would like to know about them. Were they active in the past? I mean in helping vendors to patch flaws in their software etc.
Re: Al Qaeda cyber attack ..... how real is the threat?
Yeah, it's good to be cautious. I'm wondering, what extra measures have you taken for it?
According to the alert, this threat is for the whole month of December. Do you think Admins would relax and sit back after this month? I mean what is generally the strategy in case of alerts and after alerts (just curious :)).
Re: Al Qaeda cyber attack ..... how real is the threat?
@Curios
Take it from someone in the security field PK is not a big player on electronic warfare. Our government agency relied on FBI to trace e-mail's regarding Daniel Perl murder.
One never knows of underground activities, whole idea being underground but to date PK has been mainly in Hactivism i.e. defacing websites. Indians claim GForce is sponsored by ISI - if you speak to these guys they will tell you themselves they basically use known vulnerabilities for defacement. Not quite the material to mount attacks on finite field cryptos. In all honesty this is exactly not terror.
The threat comes form Al-Qaeda website saying on principle they would like to electronically attack USA. What's new their? they want to destory USA this is just one possible path. They would in principle like to assassinate George Bush but it does not mean they have the means to do so. As usual media to a lessextent and now individuals dont understand what electronic warfare is and go silly with presumptions.
Re: Al Qaeda cyber attack ..... how real is the threat?
IMO some wannabe group might have the patience to build a zombie network or pay for the use of one to launch a DDoS attack. This is not particularly sophisticated, although the media would make you believe it's Martian technology. Most large, and most certainly critical infrastructure will have protection against these kind of attacks. A few products on the market, including Cisco where packets using heuristics likely to be from DDoS are rejected. Some other methods relying on multi path redundancy to allow known users access only through some clever routing. From my knowledge a large UK payment gateway now does not even bother with extortion requests. They simply dont work if you plan properly.
Re: Al Qaeda cyber attack ..... how real is the threat?
its bs, pure and simple, remember the mansions inside caves that were suppose to be in afghanistan, from rumsfeld mouth, he said they had sophisticated systems inside the caves...its bs...so they can hack everyones email, control the internet, without much complaint, when people r in fear, they give up their freedom without hesitation.
Re: Al Qaeda cyber attack ..... how real is the threat?
risc ....thx buddy. Yes, i've pretty much same opinion abt PK security progress.
As far as DDoS is concerned, yes it could be pretty much evaded. I witnessed a small incident of flooding on a mailing list to which i was subscribed. Some idiot(s) were targetting it; after making some rules it was very much under control in like couple of hours.
If someone steals financial credentials, using them for fraud could also be very much traced. And if someone wipes out a hard disk on a server, there is always backup & recovery stuff to resume. It sure causes pain, but sky doesn't fall due to that :)