Al-Firdaws and the CafePress.com Denial of Service Attack: Are they Cyberspace Terrorists or “Script kiddies”?

When internet sales fulfillment company Cafepress experienced a DDoS attack during the week before Christmas it seemed kind of curious. Then yesterday a website that uses their service,  reported getting a notice from them saying images of Mohammed could no longer be used on the site, “as it is extremely offensive to the followers of Islam”. That made me wonder about DDoS (distributed denial of service) attacks. One thing led to another, and I ended up looking at a warning from Homeland Security from back in October 30 about planned attacks on financial institutions that were to begin the following Friday and continue through the “infidel new year”.

I probably missed it in all the brew-ha-ha of Halloween, but as it turns out, an organization called Al Firdaws was involved in the plan to use DoS attacks to disrupt unnamed institutions. One forum caught the online exchange in one of those puzzling Arabic/English translations that leaves as much to the imagination as it reveals.

طبعا” هذا يعطي إشارة للمجاهدين (الإلكترونيين )على أهمية التركيز على ضرب المواقع الإقتصادية الأمريكية الحساسة، وترك ما عداها، لأن ضرب أي موقع معادي (يسب لإسلام مثلا”)، فإنه يعاود العمل في غضون ساعات أو أيام وكأن شيئا” لم يحدث، أما إذا ضربت مواقع الأسهم والبنوك وتعطلت لأيام أو حتى لساعات قليلة فإن ذلك يعني خسائر بالملايين، ونقل الخبر على النشرات الإخبارية، وإحداث بلبلة وعدم ثقة في الأسهم والبنوك الأمريكية، ورفع لمعنويات الأمة عامة وللمجاهدين خاصة، وغير ذلك من المنافع والمصالح، لذا أرجو التركيز على هذه المواقع، واستنفار كل المسلمين القادرين للمشاركة في هذه :Of course, “This gives an indication of the mujahideen (electronic) the importance of focusing on attacking American economic sensitive sites, and leave everything else, because the strike against any hostile site (blasphemes Islam for example “), it reiterates the work within hours or days, if nothing, “does not happen, But if the shares hit sites, banks and disrupted for days or even for a few hours, it means losses of millions, The transfer of the news bulletins, The events of confusion and lack of confidence in the shares and American banks, and raise the morale of the nation in general and the mujahideen in particular, , and other benefits and interests, Therefore, I focus on these sites, The alert all Muslims who are able to participate in this :

This sounds like one of the posters wanted to make a big splash and attract world attention rather than just attacking some little site because it isn’t Muslim enough. The poster doesn’t like to attack the small sites anyhow because if the attacks do have any effect at all, the sites just put everything back up within hours or days. Some major financial event would give the faithful a boost in morale.

But this isn’t the first time Al Firdaws has made headlines. Al Firdaws, sometimes translated as “Paradise” is the name of the Seventh Paradise or Seventh Heaven. The Al Firdaws company was based in Amman, Jordan, and registered to Marwan Alansar. Back in November of 2005, they were kicked off their Kentucky-based internet provider after making death threats against world leaders. Making death threats apparently violated their terms of service, among other things.

The statement (at http://www.alfirdaws.org/forums/showthread.php?s=&t=9116) threatens, according to the Society for Internet Research (www.internet-haganah.us/harchives/005294.html), Italian Prime Minister Silvio Berlusconi, Australian Prime Minister John Howard, Japanese Prime Minister Junichiro Koizumi, British Prime Minister Tony Blair and U.S. President George W. Bush.

But exactly what are the capabilities of this group?

Some have wondered if, by not immediately trying to shut down sites that post information about making bombs and poisons, authorities aren’t taking a fatal risk in the name of acquiring intelligence about a bigger plan. Not to worry, says George Smith, a senior fellow at the public-policy and research organization GlobalSecurity.org. Smith dismisses the effectiveness of al-Qaeda’s online training information. “The level of sophistication is equivalent to what teenagers were distributing about 10 or 15 years ago,” he says.

GlobalSecurity.org’s Smith describes the general level of Internet security maintained by al-Qaeda as “really lousy,” and says that its sites are routinely invaded by people within U.S. borders. Moran goes so far as to call the online terrorists “script-kiddies,” a derogatory term for inexperienced hackers who use programs developed by others. For example, he says, in trying to promote denial-of-service attacks, the jihadists have simply instructed sympathizers to “download this tool and drop in an address.”

Al Firaws may have been shut down in Kentucky, but they’re back online. Among the many admonitions now listed in their rules, the website has multiple warnings not to disclose the city they operate out of, not to names any names of leaders, (the “warriors” aren’t going to think of that on their own?) and not to post any announcement that they are resigning from the group. I suppose that means they can’t post videos of their farewell suicide messages.

Their “paradise jihadist forums” have all sorts of useful advice about viruses and “security advice for those entering the forums”. New products are painstakingly photographed, both the outside of the box, and each individual screen needed for installation, with handwritten notes added in Arabic. There are posts on “to become anonymous on the internet remote display system that allows you to view and work on one mostly using a different computer and platform from anywhere on the internet,” another post on “the most serious program to control any computer in the world,” and one on “10 best programs that you hide ip particularly those who enter the jihadist sites.” Ooops. I guess I should have had one of those IP-hiding programs before entering their site.

But what was the buzz on Al Firdaws a couple weeks ago about the time of the CafePress attack? According to the “Paradise jihadist forum” this was the conversation:

“Warrior”:

“thanks to Allah to destroy the site ladeeni.net abuser of islam.”

(Deen means “religion”. La-deeni means “my religion”.)

Moderator:

“others prefer the site eljehad.netfirms.com”

(another Arabic-language site whose motto is “In the name of Allah, the merciful, the compassionate”, a phrase that prefaces many chapters of the Koran)

Another “warrior”:

“May peace and God’s mercy and blessings

al-jihan.org prefers brother karim.

The jihad official.”

Karim means “blessed”. The third word of that Arabic-language site’s motto is “jihad”.)

Drat, it looks like I just went into three more jihadist sites without my IP-hiding software. And another news article warns not to enter the Al Firdaws site so as not to pick up a virus that will turn your desktop PC into a zombie computer. Oh, dear.

But images of the Mohammed are “extremely offensive to the followers of Islam”? The best answer to that I heard last week at the post office: Those kind of people aren’t following any religion.

Advertisements

One Response to “Al-Firdaws and the CafePress.com Denial of Service Attack: Are they Cyberspace Terrorists or “Script kiddies”?”

  1. Irregular Times: News Unfit for Print » What’s Going Wrong With CafePress? Says:

    […] One of our readers suggests that there may be a connection between these attacks and a message that was sent out last week by CafePress announcing that it would no longer allow any images of Mohammed on any products sold through its system because some people regard such images as a violation of Islamic law. […]


Comments are closed.