Webloggin » Al-Qaeda Announces a Month of Cyber Attacks

The Department of Homeland Security issued a precautionary alert to financial institutions after they translated a threat that was issued on a jihadist web site.

WASHINGTON (CNN) — A Department of Homeland Security advisory cautioning that al Qaeda may be planning cyber attacks on banking and financial institution Web sites was issued out of an abundance of caution, although there is no corroboration, a DHS spokesman told CNN Thursday.

The threat apparently was posted on a jihadist Web site, the spokesman said. It was discovered Nov. 27 by DHS and translated. The department decided to send an advisory out to financial institutions out of caution.

“There is no information to corroborate this aspirational threat,” said DHS spokesman Russ Knocke, saying the advisory was sent out “as a routine matter and out of an abundance of caution.”

The Web site warned that denial-of-service attacks would be launched against stock and banking sites during the month of December through what the Web site called the “infidel New Year’s.”

Computer security experts are being cautious although they publicly doubt that cyber terrorists can do much harm.

I disagree for a couple of reasons. To assess the true threat we have to take in a few considerations such as the source, historical trends, what they are trying to accomplish and the best way to reach that goal by evaluating vulnerabilities.

The Source

When considering the source we know that al Qaeda is serious. They have done a pretty good job of attacking our financial institutions in the past and they will continue to do so as long as American’s view that threat as a distant problem.

The Goal

Evaluating the goal is simple. Terrorists are trying to affect financial markets during one of the most important quarters for retailers and financial institutions.

Historically we already know that the cost of doing business since 9-11 due to increased security is staggering. A 2004 CRS report to Congress estimated that cyber attacks alone accounted for a staggering $226 Billion Dollar loss in 2003. Typically a target of an attack can expect to lose somewhere between 1% and 5% in the days following that attack.

Coordinated announcements of Cyber attacks bring out all sorts of people; some likely to have no affiliation with Al-Qaeda. We can probably expect other anti-American interests to jump onto this band wagon. This is usually exacerbated by the perceived challenge when experts downplay threats – a sort of a damned if you do, damned if you don’t situation.

Robert Albertson, a chief investment strategist for Sandler O’Neill & Partners in New York, told Reuters it was unlikely al Qaeda members could do serious harm to financial Web sites.
“I’m not saying there aren’t precautions to be taken, but I just can’t fathom how there would be serious havoc,” Albertson said.

A government source told the news agency that government regulators were being briefed on the warning.

Johannes Ullrich, a cyber security expert at the Sans Institute research group, told Reuters he didn’t put much stock in the threat, saying such warnings cropped up from time to time and that penetrating databases of financial institutions was far easier said than done.

It should be noted that the terrorist’s plan of attack is through denial of service attacks that are basically aimed at interrupting the flow of traffic on the Internet as opposed to stealing information. This prevents the flow of money across our cyber-infrastructures through decreased shopping and slows the flow of money from one institution to another.

Perhaps one of the most publicized examples of a denial of service attack was seen when the Nimda worm brought internet traffic to a halt in September 2001. That single attack caused some $2.6 billion dollars of damage before it was eradicated.

The problem with Nimda was that administrators were not prepared to deal with the rapid spread of the worm. This poses some concern to me because ISAC is still sitting at a threat level of low despite this latest warning.

ISAC is the Financial Services Information Sharing and Analysis Center. The organization was set up as a Presidential elective in 1998 with the stated goal of sharing information about physical and cyber threats, vulnerabilities, and events to help protect the critical infrastructure of the United States. The Treasury Department is an ISAC sponsor.

It seems strange to me that this agency would sit at the lowest threat level in the wake of the al Qaeda announcement. But hey, they are the experts - just don’t make me say I told you so in the event that administrators are caught off guard once again. Any security expert will tell you that the way into large institutions such as Citibank would be through the smaller companies that are more vulnerable. So I am less concerned about attacks on the big companies and more concerned about attacks on smaller companies that could provide a convenient on ramp to the bigger infrastructures.

Finally we should consider education. After 9/11 we saw a decrease in the number of international student enrollments due to heightened security measures and the increasing cost of education in the United States. This was viewed as an alarming trend as evidenced by the nearly spastic outrage demonstrated by the open borders lobby known simply as the American left.

While Al-Qaeda is ramping up efforts to recruit computer experts we have organizations in the United States that are actively seeking to loosen security measures for international student enrollment into the nation’s Universities. Thus we can end up training future cyber terrorists right here in our own back yard on our own systems; many of which are tied to government research networks.

The analogies between what happened on 9/11 with training of terrorist pilots and that of technology terrorists should not be taken lightly. The infrastructures of society are no longer primarily the brick and mortar type. This is a serious threat.

The latest threat by al Qaeda ought to be taken seriously enough to put everyone on watch. As with everything I urge people to use common sense. The Internet is a safe place to shop as long as it is done across well known and trusted businesses over secure ssl connections.

This is just another inconvenience laid at our door by thugs who have figured out that the easiest way to attack America is through our open hearts.

Others Bloggin on this Subject:
Wizbang, “Okie” on the Lam

Historical : The Jawa Report