Computer Crime Research Center

Digital Conflict over Iraq has begun
(Restricted Circulation - mi2g Intelligence Briefing)

London, UK, 16:00 GMT 10 September 2002 - As the talk of action on Iraq becomes increasingly heated, the associated worldwide political tensions have begun to manifest digitally. On 8th September there was a substantial digital attack on three online computer systems hosted by the AOL Time Warner network, all running the FreeBSD operating system. The systems in question were still not functional at the time of this release, three days later. The attack was launched by USG (Unix Security Guards) - a pro-Islamic macro hacking group, launched in May 2002 and consisting of Egyptian|Fighter, Inkubus, hein and rD - and stated:

“… All they want is more of the Muslims land … USA wants to bomb on Iraq just because they DOUBT that Iraq might have weapons while Israel has 95% of the weapons in the area!! (what do you think?) and now they are writing the scripts of the apologies they gonna apologize on the CNN or BBC when a plane hit a Kindergarten School by mistake! (you think with all the technology they have they can miss a target?) … Israel keeps killing innocent babies while USA doesn't comment at all and if they did they will label the Palestinian stone kids as Dangerous Terrorists.”

In an attack on an Israeli executive recruitment company USG left the message “Long live Palestine & take your dirty hands off Iraq!” together with images comparing Israeli treatment of Palestinians to Nazi treatment of Jews during the holocaust. USG have carried out 155 digital attacks since, 7 so far in September. The AIC (Anti-India Crew), another pro-Islamic group closely associated with USG have carried out 454 overt digital attacks since their inception in July 2001. The third major pro-Islamic hacking group, the WFD (World’s Fantabulous Defacers), a Pakistani alliance of 12 member groups established in November 2000 has now successfully attacked a total of 452 online systems.

mi2g Chairman and Chief Executive DK Matai said, “This is just the first sign of digital attack and protest. As the imminent US/UK action on Iraq gains momentum we are expecting more attacks of a similar nature. The digital fallout is likely to be of two types. Data attacks and Command and Control attacks.”

Data attacks are attacks on websites, online computer and payment systems and their associated databases. Command and Control attacks focus on disabling or disrupting national or corporate infrastructure. For the victims of data attacks the fallout is likely to be in the area of business interruption through denial of service, identity theft, deletion of vital business information, loss of intellectual property, loss of reputation and / or share price decline. Command and control attacks are more sophisticated and have invariably required insider help to perform and sustain. The possible consequences are going to be either the slow down or disruption of critical infrastructure, such as, transport, telecommunications, financial payment systems and utilities.

A recent example of an attack on financial services is a USG attack on the network of a US banking group, leaving the message: “Hacked By rD of USG! All The Credit Cards found on your server are public now! i made some bank transfers too :P thx a lot!”.

[ENDS]
Editor's Notes:

There were a total of 1,093 overt digital attacks on 8th September alone, the second highest number on record, only marginally lower than the all-time-high one day figure for 18th August. The cumulative for the first nine months of 2002 as of 10th September is 35,033, a number significantly higher than the figure for the whole of 2001. A conservative projection for overt digital attacks across the globe for 2002 would be over 45,000. Total figures are 31,322 for 2001; 7,821 for 2000; 4,197 for 1999 and 269 for 1998.

mi2g has been collecting data on overt digital attacks going back to 1995 via the SIPS (Security Intelligence Products and Systems) database. The SIPS database has information on over 74,000 overt digital attacks and over 6,000 hacker groups. The SIPS intelligence citations include the 2002 Computer Security Institute (CSI) / Federal Bureau of Investigation (FBI) Computer Security Issues and Trends Survey [Vol. VIII, No. 1 - Spring 2002]. Detailed copies of the SIPS reports for each month, including back issues can be ordered from the intelligence.unit@mi2g.com. A vetting process may be carried out prior to the release of the SIPS reports to individuals and for overseas orders.

mi2g solutions engineering pays particular regard to security. mi2g advises on the management of Digital Risk and incorporates Bespoke Security Architecture in its SMART sourcing solutions. mi2g has pioneered the Contingency Capability Radar to assist in rigorous business continuity planning based on ISO 17799. For further information - www.mi2g.net

What are Asymmetric Threats?

Any threat, which is disproportionate, such as the risk of a small group attacking a large country or a few individuals harming thousands is described as asymmetric. Chemical, biological, radiological, nuclear and digital (CBRN-D) attacks can all manifest asymmetrically.

What is Bespoke Security Architecture?

Bespoke Security Architecture brings together firewall layers, intrusion detection and other defensive structures, as well as automated intelligence techniques with legal, human resource and company policies.

What is Digital Risk Management?

Digital Risk Management deals with a variety of issues associated with implementing digital solutions and integrating Service Level Management. It includes selecting the optimum technology set, managing external partners and alliances, linking payments to targets, defining rigorous quality control procedures, managing the growth in online traffic post launch, achieving the expected return on investment, and bringing about the changes in the corporate culture required for successful eBusiness.

What is the Contingency Capability Radar?

The Contingency Capability Radar is an ISO 17799 based platform, containing tools and templates to assess and visualise risk exposure of an entire global enterprise.

What is SMART Sourcing?

mi2g SMART Sourcing is the careful selection of cost effective and trustworthy suppliers from around the world for building and maintaining highly secure digital platforms on a 24 by 7 basis.


intelligence.unit@mi2g.com

Home | What's New | Articles | Links
Library | Staff | Contact Us

Copyright © Computer Crime Research Center 2001, 2002 All Rights Reserved.
Contact the CCRC Office at 380-612-735-907
contacts@crime-research.org