Some people say to me that they have their site totally under control. And when I ask them how, they say that they watch any change to their homepage every minute. Well, that is a start, but it only takes into account part of the defacements.
An enormous part of the defacements is by ADDING pages to your website. That is also the reason why many websites don't see this. A google alert isn't enough because Google only comes around every so many weeks and you shouldn't wait that long. You should really activate the logs that tell you when somebody logs in and when somebody adds a page or changes something on any other page. Off course the homepage is the flag for the defacer, but it looks like many off them are already very proud to have added a page to your website and don't bother to change the homepage itself.
and meteo sites that stay being hacked over and over again, maybe they are on holiday to spain, these sites were already hacked once and have fallen victim again to their own ignorance.
and a website that does ecommerce with cars. But no problem it disappeared already and should really have high confidence in the belgian ecommerce, you can take my word for it..... They don't need any audits or reglementation, they do it all by themselves and for themselves. They are serious professionals. Really. You should trust all your credit and personal information to them. They will really take care of it. And they surely don't need any audits or reglementation because they really know what they are doing.
a good news is that the turkish hacker clans seem very busy hacking websites all over the world. One day it is australia, than France, than canada, than thailand, vietnam and their biggest favourite China. This is good news for us because it means they are not really concentrating their efforts on us and are just trying to collect the most hacked websites possible. Period. Yeah keep on hacking the world and leave us alone, even if this is very very very egoistic - and stupid because cyberdefense is built on cooperation.
You will get enormous spikes of traffic just after infection and sometimes after and this can even be as HTTP traffic (website traffic) or if you have blocked IRC traffic you will see a huge quantity of connections (dropped). If you didn't drop IRC yet on your firewall, you should. There is no business reason to keep it open and this way you block most of the botnetcontrol traffic and furthermore if you block it you can have an idea who is infected by the drops you have at your firewall.
There are some good freeware/shareware products that you can install on your switch to monitor traffic and there are nowadays very cheap big screens that you can put on your computer to have a monitoring screen.
First there are cyberjihad websites around which have sometimes 110.000 members (how much of them are poilice and intelligence or just the curious is another matter)
Secondly it is very easy for someone to participate in this massive attack. THe only thing he has to find is the software cyberjihad 2.0. It works a bit like a the seti software (distributed software) and it gives every computer that participates a list of servers that it has to ping (together with some thousands of others they hope). This way they hope they will create a huge DDOS campaign that could bring down hosts as they are overwhelmed by traffic.
This means that ISP's and hosters have to - as an exercise - watch their traffic flows and prepare for DDOS attacks. This would be a very good exercise for Belnet who had much trouble keeping up with traffic demands during a certain RTBF documentary and the french elections.
I haven't found an example of a traffic package made by this software but as a precaution it would maybe be wise to make one so that snort, IDS and routers can be installed to drop all such packages.
The new version of the software claims that it is commanded by an mailserver that is highly secured while the old version send all credentials in clear text ofver the wires (even passwords).
A warning for all kidz out there. It could be that you have a full bag of resasons to participate in something like that that seems so easy. But you have to take the following things into account - after you have drunk your tea and have sit down for a minute instead of clicking without thinking.
* It is totally illegal to host or participate in such activities and if you try to do this from Belgium or many other countries you will get caught and you will be sentenced, period. Even if this will get big, you can be assured that the authorities will set things into motion and that you won't believe what will hit you when they come banging at your door, especially in some countries.
* You don't have any idea what you have downloaded and you don't have any idea who is behind it. You don't know if it is the real software or just an undercover operation or just a bunch of spammers or pornhosters using this as a new 'phishing' scheme.
* You don't know how long the central server that says it is coordinating it will stay in the hands of jihadists or that some police or intelligence service won't be looking over their heads. Do you really think that the governments don't have the will, the power and the counter-hacking knowledge and that they will never use it ? They use it permanently against the cyberjihad sites and networks, so why would they leave this attempt without response ?
It can be hype or grandstanding - and it wouldn't be the first time. But we have always seen that the declarations of Al quaida leadership have always been followed up by some of its active cells or linked groups or some lunatic. Not always at the exact time or location or with the announced bloodshed, but some way or another these declarations aren't to be taken lightly.
It is time - while we are in Turkish hacker attack and the storm worm virus is collecting zombies for its botnet (even within the skynet network probably) - for the ISP's to start stopping the zombies and botnets using their collective power to get out who-ever they want.
Those who own websites - especially governmental, financial and political ones - need to stay on alert and upgrade permanently their backup, monitoring and security defenses.
If you haven't heard of a Reverse Proxy start reading about it. One tip take a reverse proxy with a totally different OS than the one you use to host the site. Tip two set the website behind an application firewall. Tip three let only port 80 traffic go between the reverse proxy and the website.
you were warned .... if nothing happens, look at it as an exercise.
Translation by Joseph Shahda of the Al Qaida 11/11 cyberwar declaration
Beginning of the translation:
….From this blessed forum I call on to the formation of “Jihadi Battalions to Attack the Internet” for the triumph of truth in the age of darkness so contribute with us in establishing these blessed Battalions.
A. The definition of “Jihadi Battalions to Attack the Internet”:
They are large group made from faithful members who love the truth and want the triumph of the religion and their job is to bring the truth to large segments in the world that do not have the full truth or get the real truth, and to do so by using the available means or create new methods.
B. The mission of “Jihadi Battalions to Attack the Internet”:
Spreading the truth of the muslim nation, of Jihad, and of Mujahedeen to the world and in particular to the place that live in darkness.
C. The vision of “Jihadi Battalions to Attack the Internet”:
Our vision is to draw a map of the world internet and reach 85% of the internet users, for example we see that the “Messenger Program” is used by approximately 99.9% of the internet users therefore we want to establish our own “Jihadi Messenger Program” to enter each house in the world.
The types of “Jihadi Battalions to Attack the Internet”:
1. The Information Battalions:
Formation of battalions in different languages to gather information about the threads posted in the islamic forum in all languages and non ilsmaic forums, as well as the youth forums in general and the islamic in particular.
2. Hacking Battalions:
The formation of Hackers groups from among the Moujahedeen to study the method of hacking the forums and develop new hacking methods.
3. Literature Attack Battalions:
The formation of writers groups from among our brothers to publish their old and new writings in all the forums presented by the Information Battalions.
4. E-mailing Battalions
The formation of groups from among the brothers to send all what is being published by the Moujahedeen in particular the “Sahab” and “Furqan” institutes to all e-mail boxes and here we pay a standing ovation to our brothers in “Al Nusara E-mail” because they were first in this domain but this time we not only send e-mail to who register his e-mail address but also to all humanity.
5. The Research and Development Battalions
The formation of the Research and Development Battalions to research, develop, and create new method to spread the information to the largest possible number of people or figure out the active people to send them the information.
6. The Advocacy Battalions:
The formation of advocacy battalions to call on people to join the “Jihadi Battalions to Attack the Internet”
7. Production Battalions:
The formation of battalions from among the brothers who are specialized on audio, video, flashes, and banners production to support the blessed battalions in its publications and to support the Advocacy battalions in its mission.
8. Translation Battalions:
The formation of translators battalions to translate from Arabic to the main languages or to other languages
9. The Security and Technical Battalions:
The formation of battalions form among the technical experts of forums and chat rooms and the security of the internet so they can from private chat rooms for each battalion and these chat rooms is not for visitors or reading or commenting but for the members of the battalions to discuss how to divide the work among themselves.
…….. Important Note:
Sheikh Osama may allah protect him said: “90% of the battle is through the media and the remaining is through weapons”.
End of the Translation source