[iwar] [fc:Al-Qaida.Cyber.Capability]

From: Fred Cohen (fc@all.net)
Date: 2002-01-14 09:10:36


Return-Path: <sentto-279987-4299-1011028174-fc=all.net@returns.groups.yahoo.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Mon, 14 Jan 2002 09:13:08 -0800 (PST)
Received: (qmail 18148 invoked by uid 510); 14 Jan 2002 17:09:45 -0000
Received: from n34.groups.yahoo.com (216.115.96.84) by all.net with SMTP; 14 Jan 2002 17:09:45 -0000
X-eGroups-Return: sentto-279987-4299-1011028174-fc=all.net@returns.groups.yahoo.com
Received: from [216.115.97.162] by n34.groups.yahoo.com with NNFMP; 14 Jan 2002 17:09:34 -0000
X-Sender: fc@red.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-8_0_1_3); 14 Jan 2002 17:09:34 -0000
Received: (qmail 30393 invoked from network); 14 Jan 2002 17:09:34 -0000
Received: from unknown (216.115.97.167) by m8.grp.snv.yahoo.com with QMQP; 14 Jan 2002 17:09:34 -0000
Received: from unknown (HELO red.all.net) (12.232.72.98) by mta1.grp.snv.yahoo.com with SMTP; 14 Jan 2002 17:09:33 -0000
Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id g0EHAan30243 for iwar@onelist.com; Mon, 14 Jan 2002 09:10:36 -0800
Message-Id: <200201141710.g0EHAan30243@red.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL3]
From: Fred Cohen <fc@all.net>
X-Yahoo-Profile: fcallnet
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Mon, 14 Jan 2002 09:10:36 -0800 (PST)
Subject: [iwar] [fc:Al-Qaida.Cyber.Capability]
Reply-To: iwar@yahoogroups.com
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Al-Qaida Cyber Capability

Office of  Critical Infrastructure Protection and Emergency
Preparedness, Government of Canada, 1/14/2002
<a href="http://www.epc-pcc.gc.ca/emergencies/other/TA01-001_E.html">http://www.epc-pcc.gc.ca/emergencies/other/TA01-001_E.html>

Key Judgements:

Al-Qaida (the group formed and led by Osama bin Laden) has not engaged
in computer-based attacks in the past. However, in the wake of the World
Trade Center (WTC) attacks, bin Laden has suggested that Al-Qaida has
the expertise to use the computer as a weapon. Given the economic damage the United 
States suffered due to the WTC
attacks, it is possible that those responsible may shift their sights
away from primarily symbolic targets, such as heavily populated
buildings or sports stadiums, toward critical infrastructures. Bin Laden's base 
for his operations, Afghanistan, does not provide an
ideal venue for staging cyber attacks. A potential cyber terrorist attack by the 
Al-Qaida group, or its
sympathizers, would likely be launched or coordinated outside
Afghanistan. Retaliatory cyber attacks -- primarily web defacements -- from
individual sympathetic hackers on both sides have commenced and will
continue to occur.


Background Osama bin Laden established Al-Qaida in the late 1980s to
bring together Arabs who fought in Afghanistan against the Soviet
invasion. It helped finance, recruit, transport and train Sunni Islamic
extremists for the Afghan resistance. Its current goal is to establish a
pan-Islamic Caliphate throughout the world by working with allied
Islamic extremist groups to overthrow regimes it deems "non-Islamic" and
to expel Westerners and non-Muslims from Muslim countries. In February
1998, Al-Qaida issued a statement under the banner of the "World Islamic
Front for Jihad Against the Jews and Crusaders" claiming it was the duty
of all Muslims to kill US citizens--civilian or military--and their
allies everywhere. 
The size of Al-Qaida is unclear. The group itself has been reported to
have several hundred to several thousand members. Al-Qaida also serves
as a focal point, or umbrella organization, for a worldwide terrorist
network that includes many Sunni Islamic extremist groups such as
Egyptian Islamic Jihad, some members of al-Gama'at al-Islamiyya, the
Islamic Movement of Uzbekistan and the Harakat ul-Mujahidin. Al-Qaida
has a worldwide reach with cells in a number of countries and is
reinforced by its ties to global Sunni extremist networks. 
Bin Laden and his key lieutenants reside in Afghanistan and the group
maintains terrorist training camps there. Bin Laden, son of a
billionaire Saudi family, is said to have inherited approximately US$300
million which he uses to finance the group. Al-Qaida also maintains
moneymaking front organizations, solicits donations from like-minded
supporters and illicitly siphons funds from donations to Muslim
charitable organizations. 
Threat to Critical Infrastructure Some insight into the thinking of
Islamic extremists was obtained in July 2001. At this time, Ahmed Ressam
(convicted of attempting to place a bomb at the Los Angeles
International Airport around 1 January 2000) testified in court that he
was trained to attack the infrastructure of countries. Specifically, he
stated that he was trained to target "such installations as electric
plants, gas plants, airports, railroads, large corporations and military
installations also." When asked why he chose an airport as a target, he
said, "an airport is sensitive politically and economically." Ressam
received terrorist training in Afghanistan and is linked to the Al-Qaida
network. 
The targeting of the World Trade Center by Islamic extremists in 1993
and 2001 was a symbolic act, ideal for sowing fear in the United States.
However, the 11 September attack had an even deeper ripple effect: the
temporary disruption of the entire US financial and transportation
infrastructure. If the terrorists did not fully anticipate these
aftershocks, they can see them clearly now. This raises the possibility
that those responsible may shift their sights away from primarily
symbolic targets, such as heavily populated buildings or sports
stadiums, toward critical infrastructures. 
Cyber Capability to Target Critical Infrastructure There are no known
examples of Al-Qaida launching cyber attacks against critical
infrastructure. Although it has demonstrated a very sophisticated
logistical and organizational ability, to date, its attacks have been
physical and clearly "low-tech". For example, past attacks have included
blowing up a dingy packed with explosives next to the USS Cole and
exploding bombs near US embassies in Africa. Even the attacks on the
World Trade Center and Pentagon on 11 September were done with
conventional means. 
Nevertheless, there has been significant, albeit unsubstantiated,
reporting that bin Laden and his Al-Qaida organization are sophisticated
users of computer and telecommunication technology. For example, it has
been reported that Al-Qaida personnel use the Internet for sending
encrypted communications. 
Interestingly, in the wake of the 11 September 2001 attacks, Osama bin
Laden reportedly gave a statement to Hadmid Mir (editor of the Ausaf
newspaper) indicating that:

"hundreds of young men had pledged to him that they were ready to die
and that hundreds of Muslim scientists were with him and who would use
their knowledge in chemistry, biology and (sic) ranging from computers
to electronics against the infidels. He said they had no atom bombs and
missiles but the passion for jihad was more important than those
weapons." 
This statement suggests that Bin Laden is threatening to use
computer-based attacks against the West. However, due to its very poor
communications infrastructure, Afghanistan does not provide an ideal
venue for staging such attacks. According to the CIA World Fact Book,
the capital city of Kabul had only 21,000 main phone lines in use in
1998. Domestically, there are telecommunication links between the cities
of Mazar-e Sharif, Herat, Kandahar, Jalalabad and Kabul through
microwave and satellite systems. There are reportedly very few links
abroad. Osama bin Laden's personnel reportedly go to Peshawar, Pakistan
to maintain phone, fax and modem communication with the outside world. 
Bin Laden's choice to use Afghanistan as a base for his operations
limits Al-Qaida's ability to use that country as a base for malicious
cyber activity. Therefore, a potential cyber terrorist attack by the
Al-Qaida group, or their sympathizers, against the West would most
likely have to be launched or coordinated outside Afghanistan. Likewise,
Taliban forces would appear to be very ill-equipped to launch any sort
of cyber effort from within the country. 
Cyber Threat Related to 11 September The events of 11 September will
engender cyber attacks between individuals sympathetic to the United
States and those who support the terrorists. US supporters have already
begun cyber attacks against Arab and bin Laden-linked computer systems.
When this becomes significant, a retaliatory response can be expected
against networks perceived to be connected to the US and its allies. 
On 14 September, a group calling itself the "Dispatchers" posted a
statement on the Web saying it has already disabled Internet Service
Providers (ISPs) in the Middle East and has been targeting ISPs in
Afghanistan with the explicit goal of destroying them. The Dispatchers,
claiming to be approximately 300 strong, said it would target Pakistan,
Iraq and several other Middle Eastern countries. The hacker group said
it is planning a coordinated attack against Internet infrastructure in
targeted countries and other critical information systems. The US
National Infrastructure Protection Center has issued an alert suggesting
that the Dispatchers may inadvertently cause collateral damage to
American computer systems during attempts to damage Arab/Muslim foreign
computer systems via distributed denial of service attacks. 
Groups that may be sympathetic to the terrorists, and may themselves
launch cyber attacks against US and western computer systems, include
the "Iron Guard". The Iron Guard is a group of hackers formed during the
Israeli-Palestinian cyber conflict late in 2000. This group is believed
to be technically adept and is reported to have ties to Hezbollah and
other Muslim extremist groups. The group's initial call for cyber jihad
was supported and promoted by al-Muhajiroun, whose leader (Sheik Omar
Bakri Mohammed) has known ties to bin Laden. The Iron Guard has
suggested in the past that it considers American commercial companies to
be responsible for their government's actions. 
Analysis of Threat While bin Laden' s comments that his organization was
prepared to use experts with knowledge of computers to launch further
attacks are noteworthy, there is no history of Al-Qaida engaging in
cyber attacks and no information suggesting that it has already prepared
itself for such action. Bin Laden's vast financial resources, however,
would enable him or his organization to purchase the equipment and
expertise required for a cyber attack and mount such an attack in very
short order. Regardless of Al-Qaida' s actions, a cycle of attacks and
reprisals has commenced and will continue to occur between hackers
sympathetic to Islamic extremist action and supporters of the United
States. 
Contact Us For urgent matters or to report any incidents, please contact
OCIPEP's Emergency Operations Centre at:

Phone: (613) 991-7000 Fax: (613) 996-0995 Secure Fax: (613) 991-7094
Email: <a href="mailto:opscen@ocipep-bpiepc.gc.ca?Subject=Re:%20(ai)%20Al-Qaida%20Cyber%20Capability%2526In-Reply-To=%2526lt;200201141616.g0EGGCk06541@smtpsrv1.mitre.org">opscen@ocipep-bpiepc.gc.ca</a>

For general information, please contact OCIPEP's Communications division
at:

Phone: (613) 991-7066 or 1-800-830-3118 Fax: (613) 998-9589 Email:
<a href="mailto:communications@ocipep-bpiepc.gc.ca?Subject=Re:%20(ai)%20Al-Qaida%20Cyber%20Capability%2526In-Reply-To=%2526lt;200201141616.g0EGGCk06541@smtpsrv1.mitre.org">communications@ocipep-bpiepc.gc.ca</a>

Web Site: www.ocipep-bpiepc.gc.ca

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Tiny Wireless Camera under $80!
Order Now! FREE VCR Commander!
Click Here - Only 1 Day Left!
http://us.click.yahoo.com/WoOlbB/7.PDAA/ySSFAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 



This archive was generated by hypermail 2.1.2 : 2002-12-31 02:15:03 PST