Muslim Criminal Groups, Potential Jihadist-linked Cyber Attack 'Campaign' Set to Begin This Week

Criminal Groups, Potential Jihadist-linked Cyber Attack 'Campaign' Set to Begin This Week, DHS Warns

By: Anthony Kimery

05/07/2013 ( 8:35am)

 

A “group of mostly Middle East- and North Africa-based criminal hackers are preparing to launch a cyber attack campaign" beginning Tuesday “against websites of high-profile US government agencies, financial institutions and commercial entities,” according to an intelligence warning issued last week by the Department of Homeland Security (DHS).

 

Prepared by DHS' Office of Intelligence & Analysis (I&A) Cyber Intelligence Analysis Division and coordinated with the US-Computer Emergency Readiness Team (US-CERT), the Industrial Control Systems Cyber Emergency Response Team and the National Cybersecurity and Communications Integration Center, the bulletin said “The attacks likely will result in limited disruptions and mostly consist of nuisance-level attacks against publicly accessible webpages and possibly data exploitation.”

 

“Independent of the success of the attacks,” DHS warned, “the criminal hackers [also] likely will leverage press coverage and social media to propagate an anti-US message.”

Known as “OpUSA,” the DHS intelligence bulletin said “since mid-April 2013, the campaign’s members have used social media and web forums hosting violent extremist content to attract additional participants and raise awareness of the efforts.”

 

Of more concern to officials, however, is an apparent growing alliance between various criminal hacking groups and violent Islamic extremist organizations.

 

For example, the bulletin said, “Several individuals linked to websites that host violent extremist content have promoted OpUSA and called on like-minded individuals to support the effort, indicating the campaign has gained the attention of at least some violent extremist sympathizers,” including at least one “web forum that hosts Al Qaeda-inspired content” on which members have “posted messages on the forum and social media encouraging supporters of violent extremism to participate in the cyber attacks, according to open source reporting.”

 

DHS I&A said the pending cyber attacks pose only a limited threat of temporarily disrupting US websites, but warned “it may … signal an emerging trend of Middle East- and North Africa-based criminally motivated hackers collaborating with others regardless of their motivation.”

 

For some time now, counterterrorism officials have expressed growing concern about not only more aggressive and sophisticated cyber attacks by jihadist groups, but also linkages between cyber jihadists and traditional criminal and anarchist cyber attackers.

 

The DHS “For Official Use Only” bulletin said “Middle East- and North-Africa-based criminal hackers will continue issuing public statements to announce cyber attack plans against high-profile targets to attract media attention to their cause,” and that “These statements may provide insight into whether these groups are radicalizing toward violence and whether they would potentially partner with or conduct attacks on behalf of violent extremists.”

 

The DHS bulletin concluded that the perceived success of the OpUSA campaign could lead other individuals -- including those with advanced technical skills -- to undertake similar efforts and "attempt more threatening cyber attacks targeting US government and commercial websites.”

 

“I doubt that Al Qaeda or other Sunni extremist groups have much of an internal capacity for these kinds of attacks,” said Charles Faddis, a former career CIA clandestine services officer who hunted terrorists throughout the world and headed the CIA and National Counterterrorism Center’s WMD counterterrorism unit. However, “I do think that there is some significant danger posed if Islamic extremist groups begin to cooperate with criminal organizations," Faddis added.

 

Faddis cautioned though that “Some of these criminal organizations -- particularly the Russian and other Eastern European groups -- have some very advanced, very dangerous capabilities.”

According to DHS, its analysis “is based on US-CERT reporting and open source reporting,” the reliability of which it said “is excellent, giving us high confidence in our judgments.”

 

The intelligence bulletin “also is supported by US media reporting; as this information may contain political or journalistic bias and may be intended to influence as well as inform,” the warning said.

 

Nevertheless, DHS said “we have medium confidence in the analytic judgments derived from this reporting.”

 

This is a “Good alert to notify ISP and support partners that may be required to keep online banking and public facing bank sites up and usable,” said EyeLock Corp. Chief Development Officer, Jeff Carter, a leading innovator who ran innovation for Bank of America and the Center for Future Banking, a joint venture between Bank of America, MIT and Harvard University.

 

Carter said the “DHS alert becomes problematic due to the scale and scope of participants and the fact that so many varied organizations may join in to the attack,” adding that he’s “Beginning to wonder if these DDoS [Distributed Denial of Service] attacks are simply a mask for other attacks."

 

"In other words," Carter said, "the true attacker sends information to secondary groups. These secondary groups publicize the attacks from a secluded, hard to reach organization -- then have others join in the attack and 'pile on.' The primary attacker then uses the fog of war, or 'noise,' from the simple attacks to mask their more complex penetrations, fraudulent transactions, etc.”

 

[Editor's note: Read Carter's Homeland Security Today "Best Practices" report, Asymmetric Cyberwarfare: Cyber-threats, Information Warfare and Critical Infrastructure Protection]

 

Last year, “law enforcement agencies, officials and law enforcement-affiliated groups worldwide [were] primary targets of” hackers with malicious political and ideological motivations who’ve “shown both the desire and the capability … to endanger law enforcement officers and agencies," said a Jan. 5 intelligence bulletin issued by one of the nation's fusion centers that Homeland Security Today reported in Jan. The alert further warned that "it is likely that hacker groups will continue to target law enforcement officials and agencies."

 

The Jan. 5 alert was distributed just days before hackers believed to be associated with the decentralized hacker network called Anonymous obtained email addresses and encrypted passwords of hundreds of US and British military, intelligence and police officials and several hundred NATO officials and staff members and made them available on the Internet.

 

According to DHS, the criminal hackers behind the OpUSA campaign that’s expected to begin this week “most likely will rely on commercial tools to exploit known vulnerabilities, rather than developing indigenous tools or exploits.” And “This suggests some of the participants possess only rudimentary hacking skills capable of causing only temporary disruptions of targeted websites.”

 

“Nevertheless,” DHS warned that “OpUSA participants likely will exaggerate the scope and impact of their attacks as a way to attract additional press and draw more capable criminal hackers to future hacking efforts.”