Archive for June, 2011

Jihadist web forum knocked off Internet

Cyberattack hits website, server of ‘key al-Qaida propaganda forum.’

By The Associated Press

A popular jihadist Internet forum has been knocked off the Internet, and counterterrorism experts say it appears it was hacked.

Cybersecurity analysts say the al-Shamukh forum appears to have been taken down by a fairly sophisticated cyberattack that hit not only the website, but the server – which is the main computer that enables people to access the site over the Internet.

Evan Kohlmann, a counterterrorism expert who tracks jihadist websites as a senior partner with Flashpoint Partners consultancy in New York, described the site as a key al-Qaida propaganda forum.

He said it bounces around between Internet hosts every few months, but has seemingly been allowed to exist as an open secret, possibly allowing a Western government to use it as an intelligence resource.

“These sites can be like spy satellites, they’re great ways of gathering information about your adversaries,” he said in an interview late Wednesday. “Bringing them down is like shooting at your own spy satellites. But there are others who don’t agree with that.”

He said there’s been a “struggle behind the scenes” in the U.S. ¬government about whether to allow the site to stay up.

Other cyber experts agreed that the site is a popular jihadist forum.

“The al-Shamukh website had become the most trusted and exclusive haunt for e-jihadists,” said Jarret Brachman, a terrorism expert who has spent a decade monitoring al-Qaida’s media operations and advises the U.S. ¬government. “If it doesn’t come back up soon, the forum’s registered members will start migrating to the half a dozen other main forums, all of whom are probably chomping at the bit to replace Shamukh as the pre-eminent al-Qaida forum.”

The Defense Department said late Wednesday that it was aware of reports that al-Qaida’s Internet operations had been disrupted, but could not comment on the specific incident.

Kohlmann raised the possibility that a government could be behind the website’s problems.

If true, this would not be the first time that government officials have sabotaged an al-Qaida website.

U.S. and British officials have acknowledged that British intelligence authorities launched a cyberattack against al-Qaida’s English-language Internet magazine, Inspire, taking down directions for bomb-making and replacing them with cupcake recipes.

U.S. authorities had considered knocking the magazine off the Internet but realized it would just go down for a few days, then reappear, according to one U.S. official. The official, who spoke on condition of anonymity because of the sensitivity of the issue, said the U.S. ¬believed it was more productive to keep an eye on the site and glean intelligence from it.

Kohlmann said chatter from another message board known to be frequented by al-Qaida members confirmed that there was a technical problem with the al-Shamukh forum website and that the outage wasn’t intentional, such as performing site maintenance.

The fact that the forum wasn’t knocked out sooner is revealing. Forcing a website offline can be a relatively easy matter. A so-called denial-of-service attack, which floods a website’s servers with enormous amounts of webpage requests is a popular hacking activity. But it apparently wasn’t used in this instance. Instead, cyber experts said it was a more complex attack.

Keynote Systems Inc., a California-based company that specializes in measuring Internet and cell phone network response times, confirmed that the site was completely down from 14 cities around the world.

Based on the kind of error the site was giving people who tried to view the site, it is likely that someone stole the domain name and caused traffic to go to the wrong server, or that someone got access to the system and directed it to not return content, said Berkowitz, spokesman for Keynote.

Kohlmann said it appears that the people who control the website were diligent about backing up the content, so it could be back online soon.

NBC News first reported the site was hacked Wednesday.


Anti-Virus Pioneer Evgeny Kaspersky: ‘I Fear the Net Will Soon Become a War Zone’

Evgeny Kaspersky is one of Russia’s top Internet virus hunters and IT entrepreneurs. In a SPIEGEL interview, he discusses a raft of recent hacker attacks on multinationals, the “total professionals” behind the Stuxnet virus and his fear of both personal and widespread cyber violence.

SPIEGEL: Mr. Kaspersky, when was the last time that a virus hunter like you fell victim to a cyber attack?


Evgeny Kaspersky:My computer was almost infected twice recently. When someone returned my flash card to me at a conference, it was infected with a virus. But then our own virus program helped me. The second time, the website of a hotel in Cyprus was infected. These kinds of things can happen to anyone, no matter how careful you are. I need protection just like anyone else. After all, a specialist on sexually transmitted diseases also relies on condoms for protection.

SPIEGEL: Virologists sometimes rave about the deadly perfection of the viruses they study. Do you still ever get excited yourself about the technology of a computer virus?

Kaspersky: The more sophisticated a virus is, the more exciting it is to crack its algorithm. I’m happy if I can do it. Okay, sometimes there’s a little professional respect involved, too. But it has nothing to do with enthusiasm. Every virus is a crime. Hackers do bad things. I would never hire one.

SPIEGEL: You and your company are the winners of a new era in warfare.

Kaspersky: No, because this war can’t be won; it only has perpetrators and victims. Out there, all we can do is prevent everything from spinning out of control. Only two things could solve this for good, and both of them are undesirable: to ban computers — or people.

SPIEGEL: Although your company Kaspersky Lab now employs more than 2,000 employees, it’s a small business compared with antivirus software makers like McAfee and Symantec. Can you ever catch up with them?

Kaspersky: We’re certainly trying. Russia is our most important competitive advantage. Moscow produces the world’s best programmers. It has a large number of outstanding technical universities. And although Russians can’t build cars the way you Germans can, they do write brilliant software.

SPIEGEL: You were once trained as a cryptologist by the KGB. Does that at all hinder your expansion in the West?

Kaspersky: No, but the fact that we are a company with Russian roots does. We occasionally sense a certain amount of suspicion. Nevertheless, we are now No. 1 in Germany, are growing rapidly in the United States and even have customers within NATO.


Kaspersky: A defense ministry. I won’t reveal the name of the country.

SPIEGEL: Which countries do most viruses come from?

Kaspersky: It’s hard to say because viruses unfortunately don’t carry ID cards. We can at least usually identify the originator’s language, and that’s at the moment the inventor communicates with his virus and gives it a command.

SPIEGEL: Russian programmers don’t only do good things. We assume that they also dominate the virus business.


Kaspersky:Based on the number of programmed viruses, we are in third place behind China and Latin America. Unfortunately, Russians are also among the most sophisticated and advanced players in criminal cyber activity. These days, they invent viruses and complex Trojan programs on demand. They launder money through the Internet. However, the largest number of harmful programs are written in Chinese. This means that they can be coming directly from the People’s Republic, but also from Singapore, Malaysia and even California, where there are Mandarin-speaking hackers.

SPIEGEL: Surprisingly enough, very few viruses seem to be coming from India even though it’s a rising star in the IT world.

Kaspersky: In general, the crime level in India is low. It’s probably a matter of the mentality. India and China have roughly the same population, the same computer density, a similar standard of living and similar religious roots. But China spits out viruses like they were coming off an assembly line.

Part 2: Amateurs and Professionals

SPIEGEL: Why is Russia producing some of the most dangerous hacker rings but very few world-class software companies like your own?

Kaspersky: There are a few, but I see a basic problem: In Russia, the level of technical training has traditionally been high, and it has been transferred from teachers to students for generations. But there are no teachers who know how to build a business with this training because, over seven decades of communism, doing business was never allowed to be the focus. Most of today’s business leaders are around 50, which means they were born during the Soviet era. They often have a type of Iron Curtain in their minds. They like to go abroad for vacation; but when they do business, they limit themselves to countries that once belonged to the Soviet Union because that’s where people speak their language and understand them culturally. I hope to see a new generation that is no longer afraid of other cultures and that speaks English.

SPIEGEL: The Russian search engine Yandex recently raised $1.3 billion (€912 million) in its initial public offering in New York, which was the highest IPO figure in the industry since Google…

Kaspersky: …which is an unbelievably important signal for many people here. A Russian company has shown that it can be successful with the power of our brains rather than with our natural resources. There is an American dream, and now there is a Russian dream, as well: to make money without oil and gas.

SPIEGEL: You once described yourself as an extremely paranoid person. What is the worst possible disaster that a computer viruses could cause?

Kaspersky: In the Soviet days, we used to joke that an optimist learns English because he is hoping that the country will open up, that a pessimist learns Chinese because he’s afraid that the Chinese will conquer us, and that the realist learns to use a Kalashnikov. These days, the optimist learns Chinese, the pessimist learns Arabic…

SPIEGEL: …and the realist?

Kaspersky: …keeps practicing with his Kalashnikov. Seriously. Even the Americans are now openly saying that they would respond to a large-scale, destructive Internet attack with a classic military strike. But what will they do if the cyber attack is launched against the United States from within their own country? Everything depends on computers these days: the energy supply, airplanes, trains. I’m worried that the Net will soon become a war zone, a platform for professional attacks on critical infrastructure.

SPIEGEL: When will that happen?

Kaspersky: Yesterday. Such attacks have already occurred.

SPIEGEL: You’re referring to Stuxnet, the so-called “super virus” that was allegedly programmed to sabotage Iranian nuclear facilities.

Kaspersky: Israeli intelligence unfortunately doesn’t send us any reports. There was a lot of talk — on the Internet and in the media — that Stuxnet was a joint US-Israeli project. I think that’s probably the most likely scenario. It was highly professional work, by the way, and one that commands a lot of respect from me. It cost several million dollars and had to be orchestrated by a team of highly trained engineers over several months. These were no amateurs; these were total professionals who have to be taken very seriously. You don’t get in a fight with them; they don’t mess around.

SPIEGEL: What kind of damage can a super virus like this inflict?

Kaspersky: Do you remember the total power outage in large parts of North America in August 2003? Today, I’m pretty sure that a virus triggered that catastrophe. And that was eight years ago.

SPIEGEL: Firemen tend to describe the dangers of fire in particularly dramatic terms because they make their money fighting fires. Aren’t you just trying to scare people about viruses because that’s your bread and butter?

Kaspersky: If I were only interested in the money, my company would have gone public by now. Believe it or not, my primary concern is making the world a cleaner place. Money is important; but if I do my job well, that will take care of itself.

SPIEGEL: Hackers have recently been taking aim at companies like Lockheed Martin, Google and Sony…

Kaspersky: …simply because they can now infiltrate their well-protected security systems to access secret information. This puts companies at risk, but it also jeopardizes entire nations. It’s a matter of private industrial espionage, but countries are also involved.

SPIEGEL: Are you saying that governments are behind many of the attacks?

Kaspersky: I don’t rule it out.

SPIEGEL: Google has claimed that the attack on its e-mail services was traced back to China.

Kaspersky: I have no information pointing toward China as the actual originator. Professionals do their work through proxy servers. They can be located in China but controlled from the United States. Perhaps it was just competitors — but people then pointed the finger at China. Anything can happen in our business.

Part 3: Sources of Future Threats

SPIEGEL: In 2007, Estonia provoked the Russians when it moved a Soviet-era war memorial. Do you think the Kremlin was behind the subsequent cyber attack on the small country?

Kaspersky: Not the government, but enraged Russian spammers who directed special computer networks known as “botnets” against Estonia. It became the prototype of a belligerent cyber attack on a country. The attackers didn’t just cripple government websites; they also sent so many spam e-mails that the entire Internet channel to Estonia quickly collapsed. The country was cut off from the world. The banking system, trade, transportation — everything ground to a halt.

SPIEGEL: Could Russian hackers figuratively “checkmate” Germany?

Kaspersky: (laughing) We won’t do that. If we did, who would buy our natural gas?

SPIEGEL: A number of computer geeks and hackers have banded together into an elusive online group known as “Anonymous,” which is constantly staging fresh guerilla cyber campaigns. What are your thoughts about it?

Kaspersky: I don’t think Anonymous has done any major damage yet. But I also don’t support this group. Some of these people have good intentions and are merely trying to draw attention to security loopholes. But there are also those with bad intentions. Imagine you left the key in your front door. Some would call to let your know, whereas others would spread the news throughout the entire city that your front door is open. That’s Anonymous; it’s unpredictable.

SPIEGEL: In the future, terrorist organizations like al-Qaida could also wage cyber wars.

Kaspersky: Terrorists primarily use the Internet for communication, propaganda and recruiting new members and funding sources. So far, highly qualified cyber criminals have had enough sense to not get involved with terrorists. But, in the future, we should count on seeing cyber attacks on factories, airplanes and power plants. Just think of Die Hard 4

SPIEGEL: …in which Bruce Willis had to fight his way through an army of young hackers.

Kaspersky: Half of the film is Hollywood fiction, but the other half is quite realistic. That really worries me.

SPIEGEL: Your 20-year-old son Ivan was recently kidnapped by a gang but liberated unharmed a few days later. How dangerous is it to be rich in Russia?

Kaspersky: More dangerous than it is in Munich, but not as dangerous as it is in Colombia, where I usually traveled in an armored car when I was there on vacation. The children of successful entrepreneurs are kidnapped in other countries, too. Thank God the Russian authorities and my security service were able to rescue Ivan. My son was partly to blame for his kidnapping: He had broadcast his address on Facebook even though I’d been warning him for years not to reveal any personal information on the Internet. Social networks like Facebook and Twitter make it easier for criminals to do their work.

SPIEGEL: Your son is studying mathematics and works as a programmer. Do you expect him to take over your company one day?

Kaspersky: If he’s good, maybe so.

SPIEGEL: Silicon Valley is teeming with Russian scientists. Didn’t you ever want to emigrate to America?

Kaspersky: Once, in 1992. I had just returned to Moscow from Hanover, from my first trip to the West. At the time, I could do nothing but shake my head in disgust over my country. The prosperity gap was enormous. It’s become significantly smaller today. And because I travel so much, I know there are pros and cons everywhere — whether social, economic or political.

SPIEGEL: Mr. Kaspersky, thank you for this interview.

Interview conducted by Matthias Schepp and Thomas Tuma


Hackers wage war on LulzSec

While LulzSec continues to target organizations around the globe through cyber attacks, the hacking collective themselves is reportedly becoming the subject of an infiltration being attempted by Internet rivals. (RT)

“We’re here to show the world that they’re nothing but a bunch of script kiddies,” says “Hex0010” in an interview with The 23-year-old hacker claims affiliation to the group TeaMp0isoN, who is taking credit for defacing the website of an alleged LulzSec member this week.

Swen Slootweg’s website was hacked with a message from TeaMp0ison saying that “The Lulzboat has officially sank.”

The collective, made up of Hex, “TriCk” aka “Saywhat?” and “iN^SaNe,” claims that, unless LulzSec steps down, they will release detailed information on members of the group, including names, addresses, passwords, pictures and phone numbers.

“Not so anonymous anymore, are you?” reads the TeaMp0ison hack. “Let’s hope that you can swim because the lulzboat just got titanic’d.”

Slootweg has since alleged that he is not affiliated with LulzSec. Hex, however, says he will out another member of the group next, so far only saying that it will be someone from California.

Hex also says that he has received death threats from members of Anonymous, the hacking collective that has targeted corporations and banks for several years now. LulzSec is believed to be a splinter sect of Anonymous.

While preserving their anonymity, LulzSec has taken credit for high-profile online attacks in only its two months of existence. Following hacks against the US Senate, the CIA, Sony and Nintendo, LulzSec’s latest document dump was of several hundred files it claims it has lifted from Arizona law enforcement servers. The leak, posted on Thursday evening, is said to be a response to the state’s controversial anti-immigration bill that was approved in 2010.

Hex’s partners have been publically linked to both the Mujahideen Hacking Unit and the Pakistan Cyber Army, but when quizzed by Fox, Hex says the matter is complicated. In 2010, a Daily Beast article quotes another TeaMp0isoN member as saying they aimed to “wiped clean the pages of their Zionist opponents.”

“We’re a group that consists of political hackers,” says Hex. “A lot of people consider us being a religious type thing – in reality it’s not. When international governments are doing wrong and trying to hide from it, we’re there.”

News sources have since linked Palestinians, Americans and citizens of the United Arab Emirates to the group.