Radical Islamic Web sites are encouraging their supporters to wage holy war online. Their exhortations underscore U.S. vulnerability to cyberterror
By Michael Isikoff and Mark Hosenball
Updated: 3:32 p.m. ET Feb. 9, 2005
Feb. 9 - In recent months, an odd message has popped up on some radical Islamic Web sites. Readers are encouraged to use their computers to advance the cause of jihad. One preferred method touted on these sites: launch a cyberattack by jamming the Web sites and e-mail addresses of the “Zionist enemy.”
"Almost every [Islamic extremist] Web site has a section on how to do jihad over the Internet," says Rita Katz, the head of the SITE Institute, a group that closely monitors Islamic Web sites. The postings, say Katz, advise would-be holy warriors: "If you can't do jihad physically, do it on the Internet."
Some of the recent messages have gotten alarmingly specific. They include detailed attack instructions and list as apparent potential targets e-mail addresses of Israeli political groups, police and government offices and politicians, including Natan Sharansky, the conservative cabinet member and former Soviet dissident who has become a favorite of President Bush.
These postings are reminiscent of an earlier full-scale cyberwar between Israeli and Palestinian hackers—a conflict that Israeli officials believe caused noticeable damage to the country's economy four years ago. They are also a powerful reminder of the continuing threat of cyberterrorism, an issue that has caused growing concerns among national-security experts in recent years. Indeed, many experts say, the potential vulnerability of the United States to a sophisticated cyberattack is far greater than is generally understood by the public. Among the vital public services in the United States that rely on digital controls, making them potential targets for a cyberattack, are public utilities (including electrical power grids), transportation systems and broadcasting networks, experts say.
Nor are they alone. Just last week, the FBI was forced to acknowledge that it too was vulnerable. FBI officials say that unauthorized intruders had apparently tapped into one of its commercial servers, forcing the bureau to shut down more than 3,000 e-mail addresses used by its employees to communicate with members of the public. Although the bureau insisted these accounts were used exclusively for "non-sensitive" messages—such as press releases to members of the news media—sources told NEWSWEEK that some top bureau officials also used the compromised accounts to communicate with state and local police agencies; some Justice officials expressed concern that the invisible hackers may have been able to read some “sensitive" law-enforcement messages for months prior to the FBI's action shutting down the accounts.
Assuming that the FBI intruders are pranksters and not genuine terrorists, the recent hack attack on the bureau is probably no more than a case of "cybervandalism," says former White House cybersecurity and counterterrorism adviser Roger Cressey, But, he adds, "there are a multitude of vulnerabilities that, if exploited, could have far more serious consequences."
At a conference for government computer-security experts staged recently by the Defense Department's Computer Crime Center, which is organizationally part of the Air Force, one speaker warned that cyberwarfare was a conflict for which "anyone, anywhere can volunteer." Kenneth Geers, an investigator for the Navy Criminal Investigation Service also warned that "not just private citizens are hacking but also nation-states—more serious and sneaky." He added: "Retaliation is not easy."
According to Geers, the potential organized hackers have for creating serious economic or governmental damage was graphically demonstrated in the fall of 2000 when what he calls a "Middle East cyberwar" broke out. The precipitating event was the capture by Lebanese Shiite fighters of three Israeli soldiers on patrol along their border with Lebanon. After the news broke, hackers penetrated the Web site of the Shiite Hizbullah movement and replaced anti-Israeli video clips with the Israeli flag and a soundtrack of the Israeli national anthem.
The Hizbullah site was then flooded by 9 million Internet "pings" which caused it crash. The sites of several other Islamic groups, including the Palestinian resistance group Hamas, were likewise attacked. An Israeli hacker using the name Polo0 hacked into a Palestinian database and then posted sensitive information about Palestinian leaders, including their cell-phone and fax numbers. According to a paper Geers presented at the Defense Department conference, the Israeli intelligence service Mossad even got into the act, defacing Iranian government Web sites, including the Web site of the Iranian president. Noted Geers: "Why? Apart from being a rival state, Iran supports Lebanon-based Islamic groups like Hizbullah."
In retaliation, Islamic hackers launched an electronic counterattack that Geers dubs the "Interfada." This involved a "very powerful" coalition of pro-Palestinian hackers in both the Middle East and elsewhere around the world, including the United States. The Islamic hackers systematically attacked as many Israeli-based Web sites as they could locate, including the All-Kosher Index of the United Kashrut Authority.
According to Geers, in the first three months of the Middle East cyberwar, the Islamic side gained the upper hand by successfully attacking nearly five times as many Israeli Web sites as the number of Islamic Web sites attacked by pro-Israelis. Geers said the pro-Palestinian hack attacks ultimately extended to targets in the United States, including the Washington based pro-Israel lobbying group AIPAC.
According to Geers, a similar, but ultimately less damaging online conflict occurred in the spring of 2001, when Chinese military forces intercepted a U.S. spy plane and forced it to land on a Chinese island. U.S. hackers soon set to work attacking Chinese Web sites. Both sides claimed thousands of Web site defacements and denials of service, but the skirmishing was suddenly stopped, apparently on the order of the Chinese government.
At one point, according to current and former U.S. government officials, suspected Chinese hackers intruded into systems related to the operation of California's electricity transmission grid at a time when the state was suffering through a power crisis. Utility officials insisted the attacks were confined to what they claimed was a "practice network" and insisted that there was no threat to the actual power supply.
In another case, this time in Australia, a former contractor for a public utility was convicted and sent to prison for hacking into the computerized system that controlled a local sewer system, causing raw sewage to spill into public waterways and the grounds of a luxury hotel. While the incident was attributed to the wrath—and inside knowledge—of a disgruntled former employee, cybersecurity experts note that the case demonstrates how particularly clever or well-informed hack attacks clearly have the potential to pose hazards to the public.
With Andrew Horesh in Washington