Computer Crime Research Center

Al-Qaeda hackers break into websites
(by Rob Lever)

The al-Qaeda terror network has begun using hackers who break into websites to create secret pages that send messages to its followers, Internet specialists say.

An example of this practice came earlier this month when a message purportedly from al-Qaeda chief Osama bin Laden appeared on cenobite.com, a website started by a fan of science fiction writer Clive Barker.

Andrew Weisburd, an online activist who tracks terrorist groups, said he believes al-Qaeda began using this technique to communicate after the rights expired to alneda.com, a website often linked to al-Qaeda.

"Al Neda is continuing its practice of hijacking Web servers and placing their site in obscure subdirectories," says Weisburd.

Weisburd said a number of other websites have been used this way, but he did not want to reveal the names of the sites "in the hopes of sheltering the rightful owners of the victimized websites and servers from the consequences of being linked to al-Qaeda."

David Wray, a spokesman for the FBI's cybercrime arm, the National Infrastructure Protection Center, said the agency was aware of the reports about al-Qaeda's activity, but added, "I can't comment on its veracity or lack thereof."

Michael Vatis, a former NIPC director who now heads the Institute for Security Technology Studies at Dartmouth College, said it is plausible that al-Qaeda is using the hacking techniques.

"We haven't seen it, but it is a confluence of several things we've been studying," Vatis said.

"It's further evidence of the organization's increased sophistication in using modern technologies for covert communications and to evade detection."

What is unusual, say security specialists, is that the operators of the innocent websites are often unaware of the intrusion until well after the fact, because the data is place on a hidden file that can only be accessed with the correct code.

"I don't consider this a hijack of a website, I'd call it a parasite attack," said Mike Sweeney, an Internet security specialist who operates the site packetattack.com

"You break into the website, you get permission to create a folder, you add a file and you cover up your tracks. For the rest of the world, the site looks ordinary, but if you know the path you can find it."

Sweeney said it is difficult to know without examining the computers whether al-Qaeda was behind the intrusions. But he said it is a likely scenario because it is an easy way to spread information quickly.

"It's fast, cheap and almost impossible to trace," he said.

Weisburd agreed that the messages appear to be real.

"I'm not an expert in this area, but my feeling is that the messages are legit, that Osama is alive and well, and the al-Qaeda, while depleted of many of their older and more experienced members, is alive, is well, and is on the offensive," he told AFP.

"They are not just posting a single message. The Al Neda site is huge, roughly 135 megabytes, and mostly text ... They can't hide the site, because then it couldn't be found by their own people. They can't just send e-mail, because it's being monitored. Steganography (hiding information in images) generally requires software support, and if you rely on public computers, at cyber cafes or libraries or universities, that software may not be available."

Weisburd said that after he uncovered the technique, al-Qaeda "released a statement decrying our 'unusual' and effective methods and declaring a Jihad against us."

Source: theMezz.com/

Home | What's New | Articles | Links
Library | Staff | Contact Us

Copyright Computer Crime Research Center 2001, 2002 All Rights Reserved.
Contact the CCRC Office at 380-612-735-907

>