Organised anarchy

Recent attacks on Al-Jazeera have highlighted the increasingly political nature of hacking. Furthermore, a number of market commentators suggest that the Middle East is becoming a popular target for such assaults.

  • E-Mail
By  Matthew Southwell Published  April 24, 2003

I|~||~||~|Al-Jazeera’s English language website suffered a barrage of attacks from the end of March into early April. Initially, it was brought down by a distributed denial of service (DoS) attack before hackers hijacked the Arabic news broadcaster’s domain name and redirected users to an American patriot’s website.

The assaults started after the broadcaster published images of dead and captured US soldiers and, at its peak, the site was down for over three days. At other times, the broadcaster’s URL redirected users to a variety of locations, including porn sites and a page displaying an American flag with the message: “God bless our troops!”

The identity of those responsible for bringing the site down has yet to be confirmed. However, a number of commentators have suggested that politically motivated or government sponsored groups were to blame. For example, Faisal Bodi, a senior editor for aljazeera.net, used the Guardian’s letters page to link the attacks to the US government.

“One measure of the importance of those American PoW [prisoner of war] pictures and the images of the dead British soldiers is surely the sustained ‘shock-and-awe’ hacking campaign directed at aljazeera.net since the start of the war,” he wrote. “The Al-Jazeera web site has been down for three days and few here doubt that the provenance of the attack is the Pentagon,” he continued.

Nabil Hegazi, deputy managing editor of Al-Jazeera’s English language web site, also pointed the finger at American officials when US-based Akamai Technologies refused to help the broadcaster deal with attacks, despite having worked with Al-Jazeera in the past.
“We think it’s political pressure,” Hegazi told Associated Press.

In addition to the attacks on Al-Jazeera, a number of other web sites have been damaged in recent weeks. Finnish security firm, F-Secure, reports that more than 20,000 websites have been hacked since the war began and a number of Iraq war-related viruses, including Lioten, Prune and the Ganda worm, were launched in the same time frame. Dubai-based Arabia.com was also reportedly blocked and antiwar groups defaced the White House’s web site.

“We certainly noticed an increase in hacking the last few weeks ... that was attributable to Iraq war sentiments,” says David Wray, spokesman for the department of homeland security’s information analysis & infrastructure protection directorate in the US.

While the assault on Al-Jazeera and the other Iraq related attacks has highlighted the use of hacking for political gain, many market pundits believe that this has been the case for some time. Furthermore, some suggest that an increasing number of organisations are being sponsored to wreak havoc in cyberspace and disseminate propaganda.

“We see more and more groups and organisation trying to complete attacks. We see less and less students carrying out attacks and it is no longer about the glory of breaking into a system, but about creating disruption in something they [certain groups] want to break,” says Alain Dang Van Mien, research director for software infrastructure, enterprise systems management & information security at Gartner Group.

“It [hacking] is not being done for the challenge, but for ethics... Groups of individuals, such as terrorists, are now using cyberspace,” he adds.

||**||II|~||~||~|Moustapha Sarhank, president of Internet Security Systems (ISS), suggests that such attacks are also becoming more commonplace in the Middle East, and that a number of government like groups are specifically targeting the region.

“We have been witnessing an increased predetermination to hacker attacks and we have seen organisations and groups targeting the region in a predetermined manner,” he says. “We are talking about quasi government groups [attacking the Middle East]. These are people that have the muscle, the financial might and the technical savvy to start slowly but surely looking for and exploiting holes in our [the Middle East’s] IT infrastructure.”

“It is quite clear to us that there is a higher level of organisation [among hackers]. We also see that hacking is more targeted than before and these targets are being selected much more carefully. Certain companies within the Middle East are being targeted repeatedly,” adds Patrick Hayati, regional director of Network Associates in the Middle East.

Such attacks are growing in popularity for a number of reasons. Dang Van Mien suggests that it is related to the increased coverage the internet now receives, while others point to the growing availability of hacking tools and their increased sophistication.

“The tools that used to be very hard to use have become automated. This is why today you have script kiddies that used to hack with no predetermination capable of carrying out a global hack. There are also more opportunities to join the ‘underworld’ and carry out DoS attacks,” says Sarhank.

“The threat is becoming more technical and specialised. We in the industry are of the opinion that it is not unlikely that tools can be developed and released that may be platform or industry specific and that exploit known loopholes,” adds Justin Doo, managing director of Trend Micro Middle East, Africa & Benelux countries.

The nature of attacks is also morphing and even simple defacement is becoming more sophisticated. The days have now past when obvious changes would be made to a site and now hackers are changing only small portions of sites. This leaves users with mixed messages and unsure as to whether or not they are viewing a ‘real’ site.

“We are no longer talking about defacement. We are talking about a group of people who have the capability of entering web sites, changing a little bit, and getting out without being noticed. Rather than causing defacement they are providing mixed messages, which is more sophisticated and more damaging,” explains Sarhank.

Furthermore, an increasing number of hackers want to retrieve certain data from organisations rather than just disrupting services. “The types of attacks are evolving with time… and they are coming from people who know a little about what is inside a company and they want to get something, not just to get through the network,” confirms Dang Van Mien.||**||

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code