Rumours that al-Qaeda will carry out a “cyber jihad” attack against Western institutions next month should be treated with scepticism, experts say.
The attack was reported by DEBKAfile, an online military intelligence magazine. Citing anonymous "counter-terror sources," DEBKAfile said it had intercepted an "internet announcement" calling for a volunteer-run online attack against 15 targeted sites starting 11 November. The operation is supposed to expand after its launch date until "hundreds of thousands of Islamist hackers are in action against untold numbers of anti-Muslim sites," the magazine reported.
Such an attack could be launched with a known software kit, called Electronic Jihad Version 2.0, said Paul Henry, vice president of technology evangelism with Secure Computing. This software, which has been in circulation for about three years, has recently become more easily configurable so that it could be more effective in a distributed denial of service attack, such as the one suggested by the DEBKAfile report.
Attackers would download Jihad 2.0 to their own desktops and specify the amount of bandwidth they would like to consume, not unlike the [email protected] software package used to scan for signs of extraterrestrial intelligence.
However, Henry said that his law enforcement contacts are treating the report with some scepticism. "I talked to a few people today who know of DEBKAfile, who feel they are dubious, but they can be credible," he said. "I'm not looking at November 11 as being the day that the Internet goes down."
Security expert Gadi Evron, who recently studied the cyber attacks in Estonia, expressed similar scepticism.
"DEBKAfile gets a lot of news that no one else has, and fast," he said. "But it's a community-driven tabloid. Treat it as a golden source to be taken with 5 grains of salt," he said.
Even if an attack is planned, it would likely be nothing new, Evron added. "Cyber jihad on the level of attacking websites happens every day for numerous causes by enthusiasts. The content of this warning is doubtful. There are not hundreds of thousands of infosec workers worldwide, not to mention working for al-Qaeda," he said.
He believes that some low-skilled hackers may be planning something, but that DEBKAfile has probably not uncovered plans of a major online attack.
This is not the first time that the West has been threatened with cyber jihad.
In December 2006, the US Department of Homeland Security's Computer Emergency Readiness Team (US-CERT) warned US banks and financial institutions of a possible al-Qaeda cyber attack.
That operation, nicknamed "the Electronic Battle of Guantanamo," turned out to be a dud.