[SecurityRatty] tag: jihad

The DDoS Attack Against Bobbear.co.uk

Wed, 19 Nov 2008 05:35:01 +0000

When you get the "privilage" of getting DDoS-ed by a high profile DDoS for hire service used primarily by cybercriminals attacking other cybercriminals, you're officially doing hell of a good job exposing money laundering scams.

The attached screenshot demonstrates how even the relatively more sophisticated countersurveillance approaches taken by a high profile DDoS for hire service can be, and were in fact bypassed, ending up in a real-time peek at how they've dedicated 4 out of their 10 BlackEnergy botnets to Bobbear exclusively.

Perhaps for the first time ever, I come across a related DoS service offered by the very same vendor - insider sabotage on demand given they have their own people in a particular company/ISP in question. Makes you think twice before considering a minor network glitch what could easily turn into a coordinated insider attack requested by a third-party. Moreover, now that I've also established the connection between this DDoS for hire service and one of the command and control locations (all active and online) of one of the botnets used in the Russia vs Georgia cyberattack, the concept of engineering cyber warfare tensions once again proves to be a fully realistic one.

Related posts:
A U.S military botnet in the works
DDoS Attack Graphs from Russia vs Georgia's Cyberattacks
Botnet on Demand Service
OSINT Through Botnets
Corporate Espionage Through Botnets
The DDoS Attack Against CNN.com
A New DDoS Malware Kit in the Wild
Electronic Jihad v3.0 - What Cyber Jihad Isn't

Who's Behind the Georgia Cyber Attacks?

Thu, 14 Aug 2008 06:16:34 +0000

Of course the Klingons did it, or you were naive enough to even think for a second that Russians were behind it at the first place? Of the things I hate most, it's lowering down the quality of the discussion I hate the most. Even if you're excluding all the factual evidence (Coordinated Russia vs Georgia cyber attack in progress), common sense must prevail.

Sometimes, the degree of incompetence can in fact be pretty entertaining, and greatly explains why certain countries are lacking behind others with years in their inability to understand the rules of information warfare, or the basic premise of unrestricted warfare, that there are no rules on how to achieve your objectives.

So who's behind the Georgia cyber attacks, encompassing of plain simple ping floods, web site defacements, to sustained DDoS attacks, which no matter the fact that Geogia has switched hosting location to the U.S remain ongoing? It's Russia's self-mobilizing cyber militia, the product of a collectivist society having the capacity to wage cyber wars and literally dictating the rhythm in this space. What is militia anyway :

"civilians trained as soldiers but not part of the regular army; the entire body of physically fit civilians eligible by law for military service; a military force composed of ordinary citizens to provide defense, emergency law enforcement, or paramilitary service, in times of emergency; without being paid a regular salary or committed to a fixed term of service; an army of trained civilians, which may be an official reserve army, called upon in time of need; the national police force of a country; the entire able-bodied population of a state; or a private force, not under government control; An army or paramilitary group comprised of citizens to serve in times of emergency"

Next to the "blame the Russian Business Network for the lack of large scale implementation of DNSSEC" mentality, certain news articles also try to wrongly imply that there's no Russian connection in these attacks, and that the attacks are not "state-sponsored", making it look like that there should be a considerable amount of investment made into these attacks, and that the Russian government has the final word on whether or not its DDoS capabilities empowered citizens should launch any attacks or not. In reality, the only thing the Russian government was asking itself during these attacks was "why didn't they start the attacks earlier?!".

Thankfully, there are some visionary folks out there understanding the situation. Last year, I asked the following question - What is the most realistic scenario on what exactly happened in the recent DDoS attacks aimed at Estonia, from your point of view? and some of the possible answers still fully apply in this situation :

- It was a Russian government-sponsored hacktivism, or shall we say a government-tolerated one

- Too much media hype over a sustained ICMP flood, given the publicly obtained statistics of the network traffic

- Certain individuals of the collectivist Russian society, botnet masters for instance, were automatically recruited based on a nationalism sentiments so that they basically forwarded some of their bandwidth to key web servers

- In order to generate more noise, DIY DoS tools were distributed to the masses so that no one would ever know who's really behind the attacks

- Don't know who did it, but I can assure you my kid was playing !synflood at that time

- Offended by the not so well coordinated removal of the Soviet statue, Russian oligarchs felt the need to send back a signal but naturally lacking any DDoS capabilities, basically outsourced the DDoS attacks

- A foreign intelligence agency twisting the reality and engineering cyber warfare tensions did it, while taking advantage of the momentum and the overall public perception that noone else but the affected Russia could be behind the attacks

- I hate scenario building, reminds me of my academic years, however, yours are pretty good which doesn't necessarily mean I actually care who did it, and pssst - it's not cyberwar, as in cyberwar you have two parties with virtual engagement points, in this case it was bandwidth domination by whoever did it over the other. A virtual shock and awe

- I stopped following the news story by the time every reporter dubbed it the first cyber war, and started following it again when the word hacktivism started gaining popularity. So, hacktivists did it to virtually state their political preferences

Departamental cyber warfare would never reach the flexibity state of people's information warfare where everyone is a cyber warrior given he's empowered with access to the right tools at a particular moment in time.

Related posts:
People's Information Warfare Concept
Combating Unrestricted Warfare
The Cyber Storm II Cyber Exercise
Chinese Hacktivists Waging People's Information Warfare Against CNN
The DDoS Attacks Against CNN.com
China's Cyber Espionage Ambitions
North Korea's Cyber Warfare Unit 121

Chinese Hackers Attacking U.S Department of Defense Networks

Electronic Jihad v3.0 - What Cyber Jihad Isn't

Electronic Jihad's Targets List

Teaching Cyber Jihadists How to Hack

Empowering the Script Kiddies

OSINT Through Botnets

Corporate Espionage Through Botnets

Malware Infected Hosts as Stepping Stones

Hacktivism Tensions - Israel vs Palestine Cyberwars

The Current, Emerging, and Future State of Hacktivism

Internet PSYOPS - Psychological Operations

Gonzo: Two Thumbs In and Up

Thu, 17 Jul 2008 06:10:12 +0000

Just saw the Hunter S. Thompson movie - Gonzo, and if you are a fan you should to. Lots of good stuff in there, the film links various part of his life and career, and gives a pretty unvarnished view of the high highs and the low lows. Weaves in writing, politics, and fame seamlessly. I have never really had as much fun as early on in my career in the early-mid 90s I was a web programmer in Aspen, hacking CGI/PERL. Among the most fun things was building and running HST's site. My boss, Ed, was his neighbor. Ed was also seriously allergic to bees. One day he was alone in his house and got stung. He was dying. Luckily Hunter was due over to his house to watch a basketball game, walked in and called 911. My boss woke up in the ambulance with Hunter pounding on him chest and screaming at him. Ed said - "Waking up to that face screaming at me, I didn't know if I was alive or dead." Seeing the movie it was also great to see a lot of the Woody Creek folks again like George Stranahan, who lovingly said about Hunter - "my friend and neighbor who never paid his rent, broke up my marriage and taught my children to smoke dope. " Of course, there was no way he could match his early productivity and this is true of almost all artists. Most of the last two decades were wasted from a writing standpoint. However his piece written on 9/11 is as good as its gets:

The towers are gone now, reduced to bloody rubble, along with all hopes for Peace in Our Time, in the United States or any other country. Make no mistake about it: We are At War now -- with somebody -- and we will stay At War with that mysterious Enemy for the rest of our lives.

It will be a Religious War, a sort of Christian Jihad, fueled by religious hatred and led by merciless fanatics on both sides. It will be guerilla warfare on a global scale, with no front lines and no identifiable enemy. Osama bin Laden may be a primitive "figurehead" -- or even dead, for all we know -- but whoever put those All-American jet planes loaded with All-American fuel into the Twin Towers and the Pentagon did it with chilling precision and accuracy. The second one was a dead-on bullseye. Straight into the middle of the skyscraper.

Nothing -- even George Bush's $350 billion "Star Wars" missile defense system -- could have prevented Tuesday's attack, and it cost next to nothing to pull off. Fewer than 20 unarmed Suicide soldiers from some apparently primitive country somewhere on the other side of the world took out the World Trade Center and half the Pentagon with three quick and costless strikes on one day. The efficiency of it was terrifying.

We are going to punish somebody for this attack, but just who or what will be blown to smithereens for it is hard to say. Maybe Afghanistan, maybe Pakistan or Iraq, or possibly all three at once. Who knows? Not even the Generals in what remains of the Pentagon or the New York papers calling for WAR seem to know who did it or where to look for them.

This is going to be a very expensive war, and Victory is not guaranteed -- for anyone, and certainly not for anyone as baffled as George W. Bush. All he knows is that his father started the war a long time ago, and that he, the goofy child-President, has been chosen by Fate and the global Oil industry to finish it Now. He will declare a National Security Emergency and clamp down Hard on Everybody, no matter where they live or why. If the guilty won't hold up their hands and confess, he and the Generals will ferret them out by force.

Good luck. He is in for a profoundly difficult job -- armed as he is with no credible Military Intelligence, no witnesses and only the ghost of Bin Laden to blame for the tragedy.

One unintended lesson I take away from Hunter's life is how important patience is. Obama is a politician and may yet disappoint us all, but I gotta believe Hunter would be seriously impressed. If he had waited another couple of years, he may have seen a lot of the stuff he fought for in 1968 and 72 come to fruition. Sometimes you are just 36-40 years ahead of your time and you have to be ok with that and figure out how to deal if possible. (Note - it sure sometimes feels this way in software security). Speaking of security:

Security

by Hunter S. Thompson (1955).

Security ... what does this word mean in relation to life as we know it today? For the most part, it means safety and freedom from worry. It is said to be the end that all men strive for; but is security a utopian goal or is it another word for rut?

Let us visualize the secure man; and by this term, I mean a man who has settled for financial and personal security for his goal in life. In general, he is a man who has pushed ambition and initiative aside and settled down, so to speak, in a boring, but safe and comfortable rut for the rest of his life. His future is but an extension of his present, and he accepts it as such with a complacent shrug of his shoulders. His ideas and ideals are those of society in general and he is accepted as a respectable, but average and prosaic man. But is he a man? has he any self-respect or pride in himself? How could he, when he has risked nothing and gained nothing? What does he think when he sees his youthful dreams of adventure, accomplishment, travel and romance buried under the cloak of conformity? How does he feel when he realizes that he has barely tasted the meal of life; when he sees the prison he has made for himself in pursuit of the almighty dollar? If he thinks this is all well and good, fine, but think of the tragedy of a man who has sacrificed his freedom on the altar of security, and wishes he could turn back the hands of time. A man is to be pitied who lacked the courage to accept the challenge of freedom and depart from the cushion of security and see life as it is instead of living it second-hand. Life has by-passed this man and he has watched from a secure place, afraid to seek anything better What has he done except to sit and wait for the tomorrow which never comes?

Turn back the pages of history and see the men who have shaped the destiny of the world. Security was never theirs, but they lived rather than existed. Where would the world be if all men had sought security and not taken risks or gambled with their lives on the chance that, if they won, life would be different and richer? It is from the bystanders (who are in the vast majority) that we receive the propaganda that life is not worth living, that life is drudgery, that the ambitions of youth must he laid aside for a life which is but a painful wait for death. These are the ones who squeeze what excitement they can from life out of the imaginations and experiences of others through books and movies. These are the insignificant and forgotten men who preach conformity because it is all they know. These are the men who dream at night of what could have been, but who wake at dawn to take their places at the now-familiar rut and to merely exist through another day. For them, the romance of life is long dead and they are forced to go through the years on a treadmill, cursing their existence, yet afraid to die because of the unknown which faces them after death. They lacked the only true courage: the kind which enables men to face the unknown regardless of the consequences.

As an afterthought, it seems hardly proper to write of life without once mentioning happiness; so we shall let the reader answer this question for himself: who is the happier man, he who has braved the storm of life and lived or he who has stayed securely on shore and merely existed?

A ship is safest at port, but thats not why we build ships.

Chinese Hacktivists Waging People's Information Warfare Against CNN

Mon, 21 Apr 2008 22:25:00 +0000

Empowering and coordinating script kiddies by releasing DIY DDoS tools (backdoored as well) during the DDoS attacks against Estonia for instance, is exactly what is happening in the time of blogging with a massive forum and IM coordination between Chinese netizens enticed to install a pre-configured to flood CNN.com piece of malware. Both of these coordinated incidents greatly illustrate what people's information warfare, and the malicious culture of participation is all about. The PSYOPS anti-cnn.com initiative is maturing into a central coordination point for recruiting DDoS participants on a nationalism level. Some info on hackcnn.com, the malware, internal commentary on behalf of the hacktivists, and who's behind it :

hackcnn.com (58.49.59.253)
58.48.0.0-58.55.255.255 CHINANET-HB CHINANET Hubei province network China Telecom A12
Xin-Jie-Kou-Wai Street Beijing 100088,
China, Beijing 100000
tel: 101 1010000
fax: 101 1010000
china@hackcnn.com

Upon execution of the tool, 18 TCP Connection Attempts to cnn.com (64.236.91.24:80) start, trying to access the following file at CNN.com :

- Request: GET /aux/con/com1/../../[LAG]../.%./../../../../fakecnn/redflag-stay-here.php.aspx.asp.cfm.jsp
Response: 400 "Bad Request"

antiCnn.exe
Scanner results : 3% Scanner(1/36) found malware!
TROJAN.DOWNLOADER.GEN
File size: 174592 bytes
MD5...: c03abd4d871cd83fe00df38536f26422
SHA1..: 0502c74ee90e110ceed3cbb81b2ee53d26068691
Released by : Red Flag Cyber Operations nixrumor@gmail.com

From a network reconnaissance perspective, the Chinese hacktivists didn't even bother to take care of Apache's /server status, and therefore we're easily able
to obtain such juicy inside information about hackcnn.com such as :

Current Time: Tuesday, 22-Apr-2008 07:00:56
Restart Time: Monday, 21-Apr-2008 15:25:39
Parent Server Generation: 0
Server uptime: 15 hours 35 minutes 17 seconds
Total accesses: 291670 - Total Traffic: 533.8 MB
5.2 requests/sec - 9.7 kB/second - 1918 B/request
4 requests currently being processed, 246 idle workers

Internal commentary excerpts regarding the motivation and their updates on the first DDoS round :

"Our team of non-governmental organisations, We only private network enthusiasts. However, we have a patriotic heart, We will absolutely not permit any person to discredit our motherland under any name, We are committed to attack some spreading false information, and malicious slander, libel, support Tibet independence site."

"User to a black CNN website suffer the same name. Yesterday, some Internet users attacked the domain name contains a "cnn" sports Web site, leaving protest speech, but reporters did not check the site found a relationship with CNN. Yesterday's attack was the website with the domain name sports.si.cnn.com engaged in the work of the network of residents in Urumqi Mr. Chen, at about 2 pm, the attackers up a website hackcnn.com know, the "CNN sub-station" invasion and modify their pages. "Tug-of-war administrator and hackers," Mr. Chen said, after sports.si.cnn.com pages sometimes normal, and sometimes been modified. 16:50, the reporter saw on the pages left in bilingual text and flash animation, stressed that Tibet is a part of China, cnn protest against prejudice and false reports, the title page column was changed to "F * * kCNN!. " A few minutes later, the web site to enter a user ID and password before connecting, "evidently administrator of the authority." Chen analysis. Yesterday, the reporter tried to contact the attack, but received no response. Reporter verify that the contact address sports.si.cnn.com Pennsylvania in the United States, and the sports channel CNN web site is not the same, did not disclose information with the CNN."

DDoS-ing is one thing, defacing is entirely another, try sports.si.cnn.com/test.htm which was last defaced yesterday spreading "We are not against the western media, but against the lies and fabricated stories in the media", "We are not against the western people, but against the prejudice from the western society.!" messages.

According to forum postings however, now that they've sent a signal, the attitude is shifting from attacking CNN to Western media in general. Thankfully, just like the case with the Electronic Jihad program, they did not put a lot of efforts into ensuring the lifecycle of the tool will remain as long as possible, by introducing a way to automatically update the tool with new targets. In fact, in the Electronic Jihad case, the hardcoded update locations were all down priot to releasing the tool, making a bit more efforts cunsuming to finally manage to obtain the targets list.

Terror on the Internet - Conflict of Interest

Tue, 18 Mar 2008 16:58:23 +0000

Insightful article by Greg Goth, discussing various aspects of the pros and cons of monitoring cyber jihadist sites next to shutting them down, as well as mentioning my analysis of the Mujahideen Secrets encryption tool v1.0 and v2.0. Terror on the Internet: A Complex Issue, and Getting Harder :

"Indeed, politicians around the world call at regular intervals for terrorist websites to be removed from their host sites’ servers or for search engines to block access to them. They also call for laws that would make posting instructions on how to kill or maim people or destroy property punishable by law. Franco Frattini, the European Commission’s Vice President for Freedom, Justice, and Security, called for a prohibition on websites that post bomb-making instructions in September 2007. And just as quickly, he rushed to announce that in doing so he was not trying to impinge on freedom of speech or information access or to inhibit law enforcement agencies from monitoring sites."

There're three perspectives related to cyber jihad, should the virtual communities be shut down, monitored, or censored so that they cannot be accessed by people who would potentially get radicalized and brainwashed by the amazingly well created propaganda in the form of interactive multimedia? Given the different mandates given to different intelligence services and independent researchers, is where the conflict of interest begins. Moreover, don't forget that independent researchers sometimes come up with the final piece of the puzzle to have an intelligence agency come up with the big picture in a cost-effective and timely manner, given they actually believe in OSINT and trust the source of the intell data of course. Now, picture the situation where an intelligence agency is shutting down cyber jihadist sites on a large scale not believing in the value that the intelligence data they they could provide, another one given a mandate to censor cyber jihadist communities compiling reports stating that someone's shutting them down before they could even censor them, and a third one who would have to again play cat and mouse game the locate them once they've shut down by the first intel agency already. Ironic or not, different mandates and empowerment is where the contradiction begins. Let's discuss the three mandates and go in-depth into the pros and cons of each of them to come up with a philosophic solution to the problem, as I belive it's perhaps the only way to provoke some thought on the best variant.

Shutting the communities down -

Before shuting them down you need to know where they are, their neighbourhood of supporters who will indirectly tip you on the their latest location once they have their previous domain shut down. Personal experience and third party research indicates that over 90% of the cyber jihadist communities/blogs are hosted by U.S based not owned companies. And with the lack of real-time intell sharing between the agencies themselves, the first who picks up the community will be responsible for its faith, literally. But in reality, preserving the integrity of a cyber jihadist community, and convincing the right people that balanced monitoring next to shutting it down is more beneficial, remains an idea yet to be considered. Back in 2007, I did an experiment, namely I crawled ten cyber jihadist forums and blogs and extracted all the outgoing links from these communities to see their preferred choice for online video and files hosting. A couple of months later, the communities got shut down, so when the same thing happened while I was crawling the Global Islamic Media Front's, and Inshallahshaheed's web presence, it became clear that while some are crawling, and others censoring, third parties are shutting them down.

The bottom line - shutting them down doesn't mean that they'll dissapear and will never come back, exactly the opposite. Personal experience while handling the Global Islamic Media Front is perhaps the perfect and best hands-on experience on the benefits of shutting them down, given you've built enough convidence in your abilities to locate their new location. If you think that the cyber jihadist site or community you're currently monitoring is a star, look above, it's full of starts everywhere, once you start drawing the lines between them, a figure of something known emerges, in this case once a cyber jihadist community is shut down, its most loyal and closely connected cyber jihadist communities will expose their intimate connection not by just starting to promote their new location online, but even better, you'll have them use the second cyber jihadist community to directly reach their audience by the time they set up the new location and resume the propaganda and radicalization.

There's no shortage of cyber jihadist blogs, forums and sites, and personal experience shows that upon having a cyber jihadist community shut down, they re-appear at another location. It's shut down again, it re-appears for a second time. I've seen this situation with Instahaleed and GIMF, and each and every time they had their blogs and sites removed from their hosting providers, mainly because it's rather disturbing that the majority of such communities are hosted on U.S servers, it's this short time frame which will either lead you to their new location, you risk loosing their tracks. However, the vivid supporters of PSYOPs are logically visionary enough to understand what does undermining their audiences' confidence in the community's capability to remain online means.

Monitoring the communities -

In order to reach the "shut it down or monitor it" stage in your analysis process, you really need to know where the cyber jihadists forums and sites are, else, you will be wasting your time, money and energy to create fake cyber jihadist communities in the form of web honeypots for jihadist communication. Monitoring is tricky, especially when you don't know what you're looking for, don't prioritize, don't have a contingency plan or an offline copy of the communitiy and wrongly building confidence in its ability to remain online. Moreover, monitoring for too long results in terrabytes of noise, and from a psychological perspective sometimes the rush for yet another fancy social networking graph to better communicate the collected data, ends up in the worst possible way - you miss the tipping point moment.

Censoring the communities -

I often come across wishful comments in the lines of "blocking access to bomb and poison making tutorials", missing a very important point, namely, that these very same manuals, and jihadist magazines are not residing in a cyber-jihad.com/bomb-making-guide.zip domain and file extension form, making the process a bit more complex to realize. Unless of course the censorship systems figures out ways to detect the content in password encrypted archive files served with random file names and hosted on one of the hundreds free web space providers. Then again, given the factual evidence that cyber jihadists are encouraging the use of Internet anonymization services and software, your censorship efforts will remain futile.

As I'm posting this overview of various ways of handling cyber jihadist communities, yet another community is starting to attract cyber jihadists, thanks to their understanding of noise generation by teaching the novice cyber jihadists on the basics of running and maintaing such a community. What's perhaps most important to keep in mind is that, what you're currently analyzing, trying to shut down or censor whatsoever, is the public web, the Dark Web, the one closed behind authentication and invite-only access yet remains to be located and properly analyzed. If cyber jihad is really a priority, then there's nothing more effective than the combination of independent researchers and intelligence analysts.

Related posts:
Inshallahshaheed - Come Out, Come Out Wherever You Are
GIMF Switching Blogs
GIMF Now Permanently Shut Down
GIMF - "We Will Remain"
Wisdom of the Anti Cyber Jihadist Crowd
Cyber Jihadist Blogs Switching Locations

Internet PSYOPS - Psychological Operations

Electronic Jihad v3.0 - What Cyber Jihad Isn't

Electronic Jihad's Targets List

Teaching Cyber Jihadists How to Hack

A Botnet of Infected Terrorists?
Infecting Terrorist Suspects with Malware
The Dark Web and Cyber Jihad
Cyber Jihadist Hacking Teams
Cyberterrorism - don't stereotype and it's there
Tracking Down Internet Terrorist Propaganda
Arabic Extremist Group Forum Messages' Characteristics
Cyber Terrorism Communications and Propaganda
Techno Imperialism and the Effect of Cyberterrorism
A Cost-Benefit Analysis of Cyber Terrorism
Current State of Internet Jihad
Characteristics of Islamist Websites
Hezbollah's DNS Service Providers from 1998 to 2006
Full List of Hezbollah's Internet Sites
Cyber Traps for Wannabe Jihadists
Mujahideen Secrets Encryption Tool
An Analysis of the Technical Mujahid Issue One
An Analysis of the Technical Mujahid Issue Two
Terrorist Groups' Brand Identities
A List of Terrorists' Blogs
Jihadists' Anonymous Internet Surfing Preferences
Samping Jihadist IPs
Cyber Jihadists' and TOR
A Cyber Jihadist DoS Tool
GIMF Now Permanently Shut Down
Steganography and Cyber Terrorism Communications

Cyber Jihadist Hacking Teams

Mon, 17 Dec 2007 17:03:29 +0000

These groups and fractions of religiously brainwashed IT enthusiasts utilizing outdated ping and HTTP GET flooding attack tools, represent today's greatly overhyped threat possed by the cyber jihadists whose cheap PSYOPS dominate, given the lack of strategical thinking, and the lack of sustainable communication channels between them, ruined all of their Electronic Jihad campaigns so far. Religious fundamentalism by itself evolves into religious fanaticism, and with the indoviduals in a desperate psychological need for a belonging to a cause, ends up in one of the oldest and easiest methods for recruitment - the one based on religious beliefs.

The teams, and the lone gunmen cyber jihadists in this post are : Osama Bin Laden's Hacking Crew, Ansar AL-Jihad Hackers Team, HaCKErS aLAnSaR, The Designer - Islamic HaCKEr and Alansar Fantom. None of these are known to have any kind of direct relationships with terrorist groups, therefore they should be considered as terrorist sympathizers.

_Osama Bin Laden's Hacking Crew
OBL's Hacking Crew are anything but cheap PSYOPsers trying to teke advantage of outdated conversational marketing approaches to recruit more members, for what yet remains unknown given the lack of any kind of structured formulation of their long-term objectives. They're also promoting the buzz word "E-MUJAHID" to summarize all the possible taska and objectives one would have. This is how they define E-JIHAD :

"JIHAD is the term used for struggle against evil. Electronic jihad or simply, E-JIHAD, is the jihad in cyberspace against all the propagandas and false allegations against the message of truth. E-JIHAD is the struggle in cyber space against all false and evil disciplines, ideology and forces of evil. Have you ever think what is the need of army? To defend the freedom and liberty of a territory and defend it from the attacks of evil intruders. similarly , E-jihad is the battle in the field of cyber space, against all false believes, and to defend the truth against the false and mean propagandas and cults. It is as necessary as a regular army, to defend the ideological borders of a nation. It is said, “ it is not the gun, it is man behind the gun “. Do you ever think what makes a “man “? Nothing, but just the faith and ideology. Without faith and ideology, there is no man and definitely , we then have gun , but without any man ."

These are the tips provided for "defending the ideological borders" :

- They have created anti-Islamic web sites, which are full of everything except the truth. They are full of mean and vulgar allegations against our HOLY QURA’AN, HOLY PROPHAT MOHAMMAD (PEACE BE UPON HIM) and our teachings. We must defend our teachings and fight against the evils. We have to create Islamic web sites, eGroups, Forums, Message boards, & we must support our Mujahideen brothers in Iraq, Afghanistan, Palestine, Kashmir and elsewhere.

- Many non-Muslims specially jews, Christians and hindus are working in different web groups and communities (like yahoo groups and msn communities) and spreading propaganda against us Muslims. There is a strong need to join such groups and try to refute them. At the moment, the cyber space is free of their opponents. Try to join and refute them, defend your HOLY TEACHINGS OF ISLAM and bring before everyone, nothing but just the truth.

- One of the most dangerous enemies is those who impersonate themselves as a Muslims but they are not Muslims infact. They are Islamic cults. They are usually qadyanis/ahmadis/mirzais and bahais. some are jews and christians. They are all non Muslims but they impersonate as a Muslim and try to misguide others. They are spreading non-Islamic believes. It needs to be taken care of, we have to fight them. Otherwise, you can imagine how disastrous this situation can be for Muslims. These culprit groups even tried to spread a copy of their teachings in the name of HOLY QURA’ AN. but ALLAH has promised that HE will keep HOLY QURA’AN preserved. That’s why, their attempt failed. What is our job? We must fight with these muslim cults and have to tell others the difference between Muslims and muslims cults.

- You can even make your own groups and communities to send mails having Muslim news and Islamic teachings. It is a time convenient method because if you have 500 members in your group, by sending a single mail in the group, your message will be in the inboxes of 500 users, and it takes hardly 1-2 minutes. Isn’t it a time saving technique?

- Many non-Muslim specially Americans, Israelis and Indian hackers always attack our web sites, which are refuting their falsehood and spreading the truth of Islam, the truth that is the only reality. To defend us against such “satanic groups “, we have to organize teamwork, consists of team of Muslim Hackers. Diamond cuts a diamond, to fight with hackers, we need hackers who will defend our sites and make it sure to convey uninterrupted messages to refute the evil and to spread the truth.

_Ansar AL-Jihad Hackers Team and HaCKErS aLAnSaR

Both of these are actually the same, and the group's popularity comes from the al-jinan.net and the al-jinan.org Electronic Jihad campaigns, yes, the failed ones. The original message from Al-jinan's first campaign back in 2006 :

Objective : Will be updated automatically in the main program and the extra room in the conversation. Date : Saturday, 26 /8/2006 - Hours are from 6 pm to 10 Mecca Time - Jerusalem-Cairo. From 3 pm until 7 Time 05:00 Enter chat http: al-jinan.org/chat. Will work only half an hour before the attack. Leadership decided to use only the major programme in the attack, Lltali follows : The programme operates in the same manner but more strongly Durrah, Member faced many problems in the modernization Durra because of their Alcockez, and the present quality, The programme is designed to automatically update speeds.

Their "pitch" :

"We note that our enemies Zionists have such groups in order to eliminate sites and sites of resistance Islamic profess. The notes on the Internet that many of the sites Mujahideen are taking place and the closure of sites and this immoral act of brotherhood pigs. Under such a senseless war on Lebanon and Palestine, the Zionists any target in any area. The factors that are responsible for targeting this will affect them and Ihabtahm and create terror in the hearts of God."

_The Designer - Islamic HaCKEr

A defacer going by the handle of The Designer - Islamic HaCKEr was a vivid hacktivist for a while, than switched handles and continued to deface spreading cyber jihadist PSYOPS such as the following message courtesy of one of his defacements :

"Muslims are not Terrorists and U.S.A & Israel & europa are Terrorists. america and israel and europa they terrorists and we moslems not is terrorists . and It was hacked because you are supporting the war in Iraq, palestine and Afghanistan, and it was hacked because you are killing our people and our kids in Iraq, palestine and Afghanistan , and It was hacked because they invaders our land and they vandals our homes and hacked your sites is our solution."

_Alansar Fantom

In direct coordination with The Designer and Al-Ansar Hackers Team, basically a low-profile script kiddie that's also involved in spreading the campaign message and the flood tools to be used in eh Electrnic Jihad campaign.

Offensive cyber terrorism on behalf of terrorists in the sense of cyber mujahideens is overhyped if they're to do it on their own given the factual based evidence of their current state of technical know-how, with the Electronic Jihad program among the most recent such overhyped threats. Defensive cyber terrorism as an extension of cyber jihad in an asymmetric nature, is what is going on online for the time being, and has been going on for the last couple of years.

The bottom line, script kiddies cyber jihadists dominate, PSYOPS fill the gaps where there's zero technical know-how, mentors are slowly emerging and providing interactive tutorials to reach a wider audience, localization of knowledge from English2Arabic is taking place the way propaganda is also localized from Arabic2English, and there's also an ongoing networking going on between cyber jihadists and Turkish hacktivists converting into such on a religious level. Case in point - MuslimWarriors.Org defacement campaigns with "anti-infidel" related messages.

Combating Unrestricted Warfare

Sat, 15 Dec 2007 06:08:23 +0000

It's February, 1999, and two senior colonels from China's PLA, namely Qiao Liang and Wang Xiangsui depressed the world's military thinkers by coming up with a study on the future developments and potential of asymmetric warfare in a surprising move next to the overall discussion always orbiting around symmetric warfare. The study itself entitled "Unconventional Warfare" is an ugly combination of Sun Tzu's 3D perspective on warfare in combination with guerilla approaches to achieve one of Sun Tzu's most insightful quotes - "One hundred victories in one hundred battles is not the most skillful. Seizing the enemy without fighting is the most skillful." Here's a summary of the study :

"Two senior PLA Air Force colonels wrote "Unrestricted Warfare", presented here in summary translation, to explore how technology innovation is setting off a revolution in military tactics, strategy and organization. "Unrestricted Warfare" discusses new types of warfare which may be conducted by civilians as well as by soldiers including computer hacker attacks, trade wars and finance wars."

During the years, and especially since 9/11, the tipping point acting as the wake up call that asymmetric warfare is also getting embraced by the bad guys, many other niche research papers were published in the context of information warfare and cyber warfare such as :

Chinese Information Warfare: A Phantom Menace or Emerging Threat?

Information Warfare: Its Application in Military and Civilian Contexts

The Spectrum of Cyber Conflict From Hacking to Information Warfare

Globalization and Asymmetrical Warfare

Cyber Warfare: An Analysis of the Means and Motivations of Selected Nation States

Each of these is a visionary reading by itself, but perhaps it was the need for setting a new milestone into such warfare thinking that prompted the public release of the Unrestricted Warfare Symposium Proceedings Book in 2006 and in 2007. An excerpt from the introduction of the 2006 edition :

"To compensate for their weaker military forces, these actors will employ a multitude of means, both military and nonmilitary, to strike out during times of conflict. The first rule of unrestricted warfare is that there are no rules; no measure is forbidden. It involves multidimensional, asymmetric attacks on almost every aspect of the adversary’s social, economic, and political life. Unrestricted warfare employs surprise and deception and uses both civilian technology and military weapons to break the opponent’s will."

Moreover, the 2007 edition is covering in-depth such popular asymmetric threats posed by jihadists (pages 135/143) debunking the use of WMD as a priority, and the cyber dimension (pages 251/297) with some remarkable analogies post Cold-War strategies applied to modern digital threats :

"Technology alone is never going to solve the IA problem. We have no informed national defensive strategy in this area. The situation is starting to change and improve, in large part because visionaries like General Cartwright are in key slots. But we do not have a lot of time. The intelligence community is not sufficiently engaged in conducting, analyzing, and reporting those issues. During the Cold War, we analyzed Soviet capabilities exhaustively. We did everything possible to understand our adversary and manage that gap. We need to do the same thing today. The bottom line is that it is dangerous to underestimate the capabilities of our adversaries. They do whatever it takes to win. Good adversaries know our strengths and weaknesses. They develop surprising partners that sometimes do not even know they are partners—they will give someone an honorarium to talk at a conference and ask that person for information on associates. They play by a different set of rules. They see offense as a systems problem, while our defense is fragmented."

All of these reports and Ebooks are highly recomended bedtime reading, and so is the last but not least one, namely "Victory in Cyberspace" released October, 2007. Besides generalizing cyberspace war activities, it includes a comprehensive summary of the events that took place in Estonia during the DDoS attacks.

Related posts:

People's Information Warfare Concept

China's Cyber Espionage Ambitions

North Korea's Cyber Warfare Unit 121

Chinese Hackers Attacking U.S Department of Defense Networks

Electronic Jihad v3.0 - What Cyber Jihad Isn't

Electronic Jihad's Targets List

Teaching Cyber Jihadists How to Hack

Empowering the Script Kiddies

OSINT Through Botnets

Corporate Espionage Through Botnets

Overperforming Turkish Hacktivists