Al Qaeda Cyber Attacks Against Databases And Servers

The US Computer Emergency Readiness Team (US-CERT) issued a warning of possible cyber attacks by Islamic militant groups associated with the Al Qaeda network. Aimed at penetrating Web sites, disrupting online service and destroying data, these attacks will probably target US online stock trading and banking Web sites.

According to MEMRI (Middle East Media Research Institute), Islamic Web sites have increased their focus on IT security related issues and one of the latest spates is the Technical Mujihad, an online magazine published by al-Fajr Information Center. The 64-page edition magazine was electronically distributed to password-protected Jihadist forums (according to SiteInstitute.org) on the 28th November and contained computer and Internet security related articles. SiteInstiture.org reports such articles as “The Technique of Concealing Files from View” and “How to Protect Your Files, Even if Your Device was Penetrated,” were written for the intermediate to advanced user, and describe a variety of methods and software that provide security: “the editorial…emphasizes the great purpose of jihad in the information sector.”

The situational awareness alert was issued by US-CERT, part of the Department of Homeland Security (DHS), on Thursday 30th December, stating that financial institutions could be targeted in denial-of-service and database attacks as soon as Friday. Online trading and banking Web sites are urged to take the necessary precautions against the infiltration and destruction of their Web site.

Assessing the security of a Web site
According to the Privacy Clearing House over 97 million personal records were stolen through hack and related attacks over an 18 month period spanning February 2005 through late November 2006. Although terrorist attacks go beyond the profit intentions of hackers, organizations are now at great risk.

If the servers and/or Web applications are compromised, any militant group could gain complete access to backend data. Web applications are designed to allow Web site visitors to retrieve and submit dynamic content (with varying levels of personal and sensitive data) through any Web browser. Therefore Web applications require direct and open access to backend databases to function properly. Hackers may easily gain access to sensitive data through several types of vulnerabilities including SQL Injection and cross-site scripting. It is fundamental for any institution with an online presence to regularly audit the security of its Web assets, answering fundamental questions – “Which elements of our network infrastructure we thought are secure, are open to hack attacks?” and “What code can be thrown at Web applications to cause them to misbehave?”

Acunetix provides on-demand site audit to help companies determine the security of their Web sites
Acunetix SiteAudit is a new on-demand Web security audit service that provides an immediate and comprehensive security audit of all off-the-shelf and bespoke Web applications at an introductory price of only $395. In addition to performing a thorough Web application scan, Acunetix is also offering a complimentary audit of a company’s Web and database servers to ensure that Web security is completely up to scratch.

Acunetix SiteAudit:

  • Provides an immediate and comprehensive Web site security audit
  • Ensures Web site is secure against Web attacks
  • Checks for SQL injection, Cross site scripting and other vulnerabilities
  • Audits shopping carts, forms, and dynamic content
  • Scans entire Web site and Web applications including Javascript / AJAX applications for security vulnerabilities

[tags]Acunetix, SiteAudit, Al Qaeda, Cyber Attack[/tags]

US IT Infrastructure Not Adequately Prepared For Cyber Attacks

Because our nation’s information technology infrastructure is highly vulnerable to hackers, terrorists, organized crime syndicates and natural disasters, increased funding for cyber security research and development is needed, according to a recent position adopted by IEEE-USA.

“Because of society’s complete reliance on information technology and cyber networks, all the critical infrastructures and networks are interdependent and interconnected,” IEEE-USA stated. “A cyber attack on one sector’s infrastructure may have devastating consequences to another sector. U.S. infrastructure is not adequately prepared to defend against such risks.”
Continue reading “US IT Infrastructure Not Adequately Prepared For Cyber Attacks”