US-CERT: Al Qaeda Plotting Financial Attacks


US-CERT, part of the Department of Homeland Security (DHS), issued the situational awareness alert Thursday to financial institutions and said they could be targeted in denial-of-service and database attacks as soon as Friday.

Islamist Web sites have increasingly focused on issues related to IT security, according to the Middle East Media Research Institute (MEMRI), a Washington-based independent think that that monitors Islamist Web sites and provides translated news and analysis.

In late November, an Islamist Website published the inaugural issue of Technical Mujahid, an online magazine that focuses on subjects such as database security, GPS and video editing, MEMRI said.

According to MEMRI, the magazine gives the following explanation of its purpose: "The Internet provides a golden opportunity ... for the mujahideen to break the siege placed upon them by the media of the Crusaders and their followers in the Muslim countries, and to use [the Internet] for [the sake of] jihad and the victory of the faith."

Sponsored post

Terrorist cyberattacks have largely been the subject of academic discussion as opposed to being an issue that organizations are actively considering, said Ted Julian, vice president of marketing and strategy at Application Security, New York.

Regardless of whether this threat is genuine, organizations need to move database security to the top of their list of security priorities, Julian added. "Database security has long been overlooked. Five years ago, there weren't threats, but now it's quite clear that they've become an obvious target for attackers," he said.

Johannes Ullrich, chief research officer at the SANS Institute's Internet Storm Center, said the potential impact of denial-of-service attacks is significant because they're relatively simple to carry out with the assistance of large botnets, or legions of compromised PCs controlled by remote attackers.

"Denial-of-service attacks aren't easy to defend against. Buying more bandwidth and having a large pipe can mitigate the attacks, but if the pipe leading up to the device is saturated, there's little that can be done [to stop them]," Ullrich said.

Denial-of-service attacks have been used in the past for political aims. In a 1998 protest against the Mexican government, a Zapatista National Liberation Army insurgency group launched attacks against the Frankfurt Stock Exchange, the Pentagon and the Web site for Mexican President Ernest Zedillo that involved urging its supporters to download FloodNet, a denial-of-service attack tool.