Cyber Jihad? Yeah, right...

Published: 2007-11-11
Last Updated: 2007-11-12 00:42:39 UTC
by Marcus Sachs (Version: 2)
3 comment(s)

In the news this past week were the ominous stories about a Cyber Jihad on November 11th.  OK terrorists, it's November 11th and we haven't seen your little Jihad yet.  As Johannes said in his diary a few days ago, it seems to have been called off.  What happened?  If there are any terrorists hanging out here reading this diary I'd like to hear from you.  Please use our contact page.

This whole cyber terrorism thing has always bothered me, especially since every time some nut decides that the "next attack" is going to be against an online target the press goes into hyper alert mode.  Folks, let's get serious about this for a few minutes.  I know that this is politically incorrect, but the odds of a terrorist group "terrorizing" the Internet with cyber bullets and e-bombs are about as small as the odds of the Morse Code coming back as a primary means of communication.  It's not zero, but it's also not much more than zero.  (Remember, math fans, that odds are a comparison expression such as 1:20 or 1:100 and can also be expressed as a real number by dividing the first value by the second.)  The terrorists use the Internet for the same thing everybody else does - communicating with each other.  They also use it to raise money through criminal activity, then launder it via one of the many electronic payment systems.  Ever look at the spam and phishing junk mail you receive?  It's not just the Russian Business Network operating in the shadows.  With the Internet providing near-perfect communications and a seemingly endless supply of money why would a terrorist group want to blow it up?

So for those looking for something to do while we remember our military veterans and fallen comrades in arms today (don't forget today is Armistice Day, also known as Veterans Day or Remberance Day in several countries) think about how a terrorist group might actually go about terrorizing the Internet.  Send us your ideas and we'll publish them here.  The point is to learn from this exercise, to see what is possible and then to ask what we can do to prevent it or mitigate any consequences should it happen.

Thank You, Veterans, for your service to your country!


I'm so bummed.  No terrorists took me up on my request today.  We did receive several emails from readers who agreed with the thesis above, and a couple of notes that pointed out (correctly) that there are some critical infrastructure nodes in some countries that if physically damaged could cause regional outages.  But nobody came up with any good attack scenarios that could be used for a terrorist group wanting to conduct a Cyber Jihad.  So, let's get back to the real problem at hand - the criminal abuse of the Internet.  In case you have not noticed we've created a near "perfect storm" for criminal behavior: 

  • No taxes, therefore no tax evasion
  • Value in everything online
  • Anonymous access to vast resources
  • Criminal tools look and act like lawful tools
  • No national or political boundaries
  • Laws and law enforcement are limited
  • Numerous opportunities for money laundering (PayPal, etc.)
  • Virtually unlimited interconnectivity
  • Millions of clueless victims

Oh, and don't forget the 30-year old protocols with no security in them.  I don't think we have to worry about the terrorists.  We've got plenty of other problems to solve first.

Marcus H. Sachs
Director, SANS Internet Storm Center

3 comment(s)


.... .- .--. .--. -.-- / ...- . - . .-. .- -. ... / -.. .- -.-- / -- .- .--- --- .-. / -- .- .-. -.-. ..- ... / ... .- -.-. .... ... .-.-.- / ..-. .-. --- -- / .- / .-. . - .. .-. . -.. / .- .-. -- -.-- / .-. . ... . .-. ...- . / ... ..-. -.-. .-.-.- / .. / .- .-.. ... --- / --. .-. . .- - .-.. -.-- / .- .--. .--. .-. . -.-. .. .- - . / .-.. --- ..- .-. / .--. .- ... - / -- .. .-.. - .- .-. -.-- / ... . .-. ...- .. -.-. . / .- -. -.. / -.-. --- -. - ..- .. -. --. / ... ..- .--. .--. --- .-. - / --- ..-. / --- ..- .-. / -. .- - .. --- -. .-.-.-

(Spelling errors are in original coded message)
Hey nobody is perfect! I haven't used Morse in the 25+ years since I was a novice and general class Ham radio operator. I just couldn't resist since Marcus brought it up. The words (your, military and continuing) were garbled somewhere in the translation between thought, remembering the code and the keyboard.

Back to the subject... I agree with Marcus that it would not be in the best interests of terrorists to seriously degrade or take down the internet (assuming they had the means to do so) as it would also adversely affect their communications, operational capabilities and other nefarious usage. Personally, I am more concerned about targeted attacks on commerce, banking, military, government and infrastructure systems from a variety of sources. Targeted attacks are much more plausible than trying to bring down the whole internet. Attacks of this type occur daily from both inside and outside threats (think TJMax, numerous educational institutions or the many local, state and federal government agencies that have announced security breaches and the subsequent release of Personally Identifiable Information [PII]).

As network defenders, we need to build increased awareness of the issues within our organizations and management and continually assess, reassess, and improve our capabilities to secure our networks, computers, and data. We should be encrypting sensitive data (at rest and in transit) and encrypting portable devices (too many lost thumb drives, backup tapes, and stolen laptops). We should be discovering and patching vulnerabilities quicker (zero day exploits are becoming more and more common). We should assess the effectiveness of, or the need for new or additional, firewalls, detection and prevention systems (and network access control). We need to continually educate our users about social engineering, email attachments, thumb drives that they've "found", surfing to questionable websites, phishing techniques, etc. (then test them covertly). We also need to keep our front line defender's skills current through relevant and meaningful training (and exersizes) this should improve incident handling and response times. Speaking of incident handling we need to ensure that we've developed, tested and then follow Standard Operating Procedures for network operations, change management and incident handling. Baked (and followed) processes and procedures are the meat to policy and they are where the rubber meets the road when it comes to day-to-day operations.

I'll stop with one last thought... We have to stop writing (and implementing) crappy, vulnerable code! Imagine a world with bullet-proof operating systems and software. Zero vulnerabilities equals zero exploits! Impossible? Yes but I think we could do MUCH MUCH better! We need to demand more secure code.

Happy Veterans Day to all who have served this great country!

Diary Archives