New Forum Postings Call for Intensified Electronic Jihad against Government Websites

Publication: Spotlight on Terror Volume: 3 Issue: 8

In light of recent Internet-based attacks, including the Zotob worm that temporarily disrupted machines within the U.S. government and San Francisco International Airport, it is important for government and business groups to pay careful attention to the potential damages caused by hackers, whatever their motives.

A new section on the jihadist al-Farouq web forum [], created two weeks ago, contains postings that call for heightened electronic attacks against U.S. and allied government websites and provides information for mujahid hackers.

This forum represents a how-to manual for the disruption and/or destruction of enemy electronic resources, including e-mail, websites and computer hardware. Such attacks have been threatened by Osama bin Laden and Syrian-born Muslim cleric Omar Bakri Muhammad, dating back to mid-2002. It appears that forum members are taking up the call, sharing information and discussing strategies online. An initial survey of the forum includes detailed instructions and attached software, in addition to links to other websites containing similar utilities.

The first three posted topics form a “hacker library”, and are “stickied” to remain at the top of the page for easy viewing. This hacker library includes:

* Keylogging software to defeat password-protected systems. Such software is used to record all keystrokes made by the local user and output the result to a retrievable log file or directly to the hacker via IRC chat, typically used to report passwords for access to protected computer systems. However, the presence of a keylogger can also provide the intruder with access to any information entered in through the keyboard, such as contacts, usernames and passwords, and banking information. Most keyloggers are installed via a trojan horse attack, a worm or a virus.

* Tools to hide or misrepresent the user’s IP address. An internet protocol (IP) address is a numeric address that serves to uniquely identify each computer in a given network. Software can be used to broadcast a false IP address during connections with the internet, including a false country of origin. Such utilities are by no means foolproof, but they can confuse parties who might be monitoring the user’s web activity.

The other method proposed for anonymous web browsing is much simpler and more effective: anonymous proxy servers. In short, a proxy server stands between the originating user and the destinations on the web. Thus, the identity of the internet user remains unknown to the target website. Proxy logs can be subpoenaed by law enforcement authorities, but many such servers are maintained in countries reluctant to provide information that compromises online privacy, such as Fiji, Western Samoa and Nauru.

However, a wireless-capable laptop computer using an unsecured wi-fi network can provide a user with the same anonymity. In many cases in the United States, Europe, and parts of Asia, this can be the adjacent apartment complex or a nearby office. A person can then effectively use a private wireless network as a proxy server from their car parked on the street or from a coffee shop next door. For areas where wireless internet is less common, internet-based proxies are a more accessible method for obscuring one’s identity.

* Disk and system utilities that can be exploited to damage Windows-based computer systems and websites. Most of these utilities promise to erase the target hard disk, or to incapacitate the operating system. One user proposes a way to program a series of default commands into core Windows system files that will render it inoperable without using additional software. Forum readers are also instructed how to disrupt objectionable or “enemy” websites through ping flood attacks, whereby an individual or group can overload a web server with enough data requests that it becomes unusable to its legitimate users.

Additionally, a participant on the al-Farouq forum calling himself ‘achrafe’ submitted a formal proposal to form an operations unit within the fledgling “Islamic Hacker Army” (Jaish al-Hacker al-Islami). In his report, he lists the advantages of working to organize the electronic jihad community, as in denial of service attacks, which are much more potent when carried out simultaneously. Furthermore, those with new technical knowledge could more easily share such information within a solid group. Such a structure, implemented online, would facilitate the transmission of information both up and down the chain of command.

On the forum, members are encouraged to take measures protecting their own identities online. A list of security precautions for forum users is provided, advising them to use caution when conversing with other members, as one cannot know any other’s true identity. Users are also encouraged to hide their IP addresses, protect their passwords and clear their browser histories, including cookies and temporary Internet files. Other methods were intentionally left out of the text as a precaution against tipping off security services, but readers were encouraged to find innovative ways to safeguard their identities.

In order to provide our readers with timely insight into the virtual dimension of international terrorism, Jamestown offers this as the first in an occasional series covering recent developments on Internet forums frequented by Jihadists. This report was written and researched by Jeffrey Pool.