and meteo sites that stay being hacked over and over again, maybe they are on holiday to spain, these sites were already hacked once and have fallen victim again to their own ignorance.
and a website that does ecommerce with cars. But no problem it disappeared already and should really have high confidence in the belgian ecommerce, you can take my word for it..... They don't need any audits or reglementation, they do it all by themselves and for themselves. They are serious professionals. Really. You should trust all your credit and personal information to them. They will really take care of it. And they surely don't need any audits or reglementation because they really know what they are doing.
a good news is that the turkish hacker clans seem very busy hacking websites all over the world. One day it is australia, than France, than canada, than thailand, vietnam and their biggest favourite China. This is good news for us because it means they are not really concentrating their efforts on us and are just trying to collect the most hacked websites possible. Period. Yeah keep on hacking the world and leave us alone, even if this is very very very egoistic - and stupid because cyberdefense is built on cooperation.
You will get enormous spikes of traffic just after infection and sometimes after and this can even be as HTTP traffic (website traffic) or if you have blocked IRC traffic you will see a huge quantity of connections (dropped). If you didn't drop IRC yet on your firewall, you should. There is no business reason to keep it open and this way you block most of the botnetcontrol traffic and furthermore if you block it you can have an idea who is infected by the drops you have at your firewall.
There are some good freeware/shareware products that you can install on your switch to monitor traffic and there are nowadays very cheap big screens that you can put on your computer to have a monitoring screen.
First there are cyberjihad websites around which have sometimes 110.000 members (how much of them are poilice and intelligence or just the curious is another matter)
Secondly it is very easy for someone to participate in this massive attack. THe only thing he has to find is the software cyberjihad 2.0. It works a bit like a the seti software (distributed software) and it gives every computer that participates a list of servers that it has to ping (together with some thousands of others they hope). This way they hope they will create a huge DDOS campaign that could bring down hosts as they are overwhelmed by traffic.
This means that ISP's and hosters have to - as an exercise - watch their traffic flows and prepare for DDOS attacks. This would be a very good exercise for Belnet who had much trouble keeping up with traffic demands during a certain RTBF documentary and the french elections.
I haven't found an example of a traffic package made by this software but as a precaution it would maybe be wise to make one so that snort, IDS and routers can be installed to drop all such packages.
The new version of the software claims that it is commanded by an mailserver that is highly secured while the old version send all credentials in clear text ofver the wires (even passwords).
A warning for all kidz out there. It could be that you have a full bag of resasons to participate in something like that that seems so easy. But you have to take the following things into account - after you have drunk your tea and have sit down for a minute instead of clicking without thinking.
* It is totally illegal to host or participate in such activities and if you try to do this from Belgium or many other countries you will get caught and you will be sentenced, period. Even if this will get big, you can be assured that the authorities will set things into motion and that you won't believe what will hit you when they come banging at your door, especially in some countries.
* You don't have any idea what you have downloaded and you don't have any idea who is behind it. You don't know if it is the real software or just an undercover operation or just a bunch of spammers or pornhosters using this as a new 'phishing' scheme.
* You don't know how long the central server that says it is coordinating it will stay in the hands of jihadists or that some police or intelligence service won't be looking over their heads. Do you really think that the governments don't have the will, the power and the counter-hacking knowledge and that they will never use it ? They use it permanently against the cyberjihad sites and networks, so why would they leave this attempt without response ?
It can be hype or grandstanding - and it wouldn't be the first time. But we have always seen that the declarations of Al quaida leadership have always been followed up by some of its active cells or linked groups or some lunatic. Not always at the exact time or location or with the announced bloodshed, but some way or another these declarations aren't to be taken lightly.
It is time - while we are in Turkish hacker attack and the storm worm virus is collecting zombies for its botnet (even within the skynet network probably) - for the ISP's to start stopping the zombies and botnets using their collective power to get out who-ever they want.
Those who own websites - especially governmental, financial and political ones - need to stay on alert and upgrade permanently their backup, monitoring and security defenses.
If you haven't heard of a Reverse Proxy start reading about it. One tip take a reverse proxy with a totally different OS than the one you use to host the site. Tip two set the website behind an application firewall. Tip three let only port 80 traffic go between the reverse proxy and the website.
you were warned .... if nothing happens, look at it as an exercise.
Translation by Joseph Shahda of the Al Qaida 11/11 cyberwar declaration
Beginning of the translation:
….From this blessed forum I call on to the formation of “Jihadi Battalions to Attack the Internet” for the triumph of truth in the age of darkness so contribute with us in establishing these blessed Battalions.
A. The definition of “Jihadi Battalions to Attack the Internet”:
They are large group made from faithful members who love the truth and want the triumph of the religion and their job is to bring the truth to large segments in the world that do not have the full truth or get the real truth, and to do so by using the available means or create new methods.
B. The mission of “Jihadi Battalions to Attack the Internet”:
Spreading the truth of the muslim nation, of Jihad, and of Mujahedeen to the world and in particular to the place that live in darkness.
C. The vision of “Jihadi Battalions to Attack the Internet”:
Our vision is to draw a map of the world internet and reach 85% of the internet users, for example we see that the “Messenger Program” is used by approximately 99.9% of the internet users therefore we want to establish our own “Jihadi Messenger Program” to enter each house in the world.
The types of “Jihadi Battalions to Attack the Internet”:
1. The Information Battalions:
Formation of battalions in different languages to gather information about the threads posted in the islamic forum in all languages and non ilsmaic forums, as well as the youth forums in general and the islamic in particular.
2. Hacking Battalions:
The formation of Hackers groups from among the Moujahedeen to study the method of hacking the forums and develop new hacking methods.
3. Literature Attack Battalions:
The formation of writers groups from among our brothers to publish their old and new writings in all the forums presented by the Information Battalions.
4. E-mailing Battalions
The formation of groups from among the brothers to send all what is being published by the Moujahedeen in particular the “Sahab” and “Furqan” institutes to all e-mail boxes and here we pay a standing ovation to our brothers in “Al Nusara E-mail” because they were first in this domain but this time we not only send e-mail to who register his e-mail address but also to all humanity.
5. The Research and Development Battalions
The formation of the Research and Development Battalions to research, develop, and create new method to spread the information to the largest possible number of people or figure out the active people to send them the information.
6. The Advocacy Battalions:
The formation of advocacy battalions to call on people to join the “Jihadi Battalions to Attack the Internet”
7. Production Battalions:
The formation of battalions from among the brothers who are specialized on audio, video, flashes, and banners production to support the blessed battalions in its publications and to support the Advocacy battalions in its mission.
8. Translation Battalions:
The formation of translators battalions to translate from Arabic to the main languages or to other languages
9. The Security and Technical Battalions:
The formation of battalions form among the technical experts of forums and chat rooms and the security of the internet so they can from private chat rooms for each battalion and these chat rooms is not for visitors or reading or commenting but for the members of the battalions to discuss how to divide the work among themselves.
…….. Important Note:
Sheikh Osama may allah protect him said: “90% of the battle is through the media and the remaining is through weapons”.
End of the Translation source
Who could have thought that conversative bloggers would fight each other as much as communists do with each other ?
Well, they do and one of the players in the game is our own belgian brussels journal, the european "conservative" (other names come to my mind when reading this) blog by excellence. One of the writers is mr Belien whose wife is elected for the Vlaams Belang that by some US conservatives is being seen as a 'flemish interest party' (sic) but where another group of American conservatives grouped around this blog is calling them facists and racists and so on and refuse to have anything to do with them or with anyone - even conversatives - that have anything to do with them. Other American conservatives don't agree with this and want to have an united front to defend our morals and civilisation and so on, but these American conservatives don't want anything to do with that kind of people, because conservatism has nothing to do with racism and neo nazi's and so on. Needless to say that these democratic conservatives are hardly lamblasted for this, but they seem to have decided to stand firm. I normally have not much sympathy for them, but I always respect people who break away from silence, apathy and collaboration to defend democracy and freedom.
http://littlegreenfootballs.com/weblog/?entry=27801_WN_We... The last post untill now
the post that started it all http://littlegreenfootballs.com/weblog/?entry=27784_The_M...
and if you read those posts you find that the brussels journal is not so much a conservative democratic blog but a linkbelt of all kinds of extreme rightwing and oddright marginal groups and people that use the so called intellectual impression of the blog to give themselves some credibility. This is one of those 'intellectual links'
real conservatives are democrats and humanists, not scum
It is reconforting that not all US conservatives fall for the prins charming offensive that Vlaams Belang tries to set up in the US to upgrade their image here. Belien is the submarine for this task. It seems that this cover has been blown. Better late than never.
The turkish hackercampaign against .be sites is not slowing down, but it luckily didn't take the numbers and efforts from a real campaign that brought down substantial parts of the internet or the websites in some other countries. Let's hope it will stay that way. Or better that they cool down and understand that this cyberrioting has nothing to do with patriotism. It doesn't convince one man that they should think or act otherwise, on the contrary.
the numbers of hacked .be sites are still higher than normal and some like
and so on and so on..... not very big sites but like a botnet many small ones make one big network .....
Some of the sites that are being defaced this weekend were also defaced in the last several months. It could be that some hackers-crackers are only going through a list and methods that were successful before.
At the other side it is sorry to see that even professionals only put back their sites without closing the security holes that were responsable for the first hack and without controlling their website on other security problems. If you can't stand the heat, don't host yourself on the internet, go to REAL professionals (I am not linked to any of them - you don't see any advertising around here don't you ?).
The political question is if this campaign stays going the way it does if it isn't time that someone of something starts getting the responsabilities and instruments as written in the New Telecom Law to coordinate the Belgian ISP's and maybe major hosters and DNS to take appropriate measures. Or do we really have to wait untill a big major Belgian websites goes down ?
So if you were defaced-hacked last year look again at your logs and watch out for the scans and attacks coming your way. Also recheck your site for any other mistakes. There are some free opensource tools to do this quite efficiently like Nmap and metasploit. More such tools you can find on http://freeware.skynetblogs.be between the other free stuff.
If you wanna read about security, go to http://ebooks.skynetblogs.be for free books.