Hackers strike at Islamic Web sites

Outraged at last Tuesday's events, so-called 'patriot hackers' have begun a campaign against Web sites belonging to the governments of Islamic states
Written by Matt Loney, Contributor

Hackers have begun attacking Web sites connected to Afghanistan's Taliban rulers and to other Islamic nations including Iran, prompting the FBI to issue warnings to system administrators everywhere to tighten up their security.

On Monday, hackers outraged at the terrorist attack on the World Trade Center defaced the Web site belonging to the Iranian government's ministry of the interior. The site, at www.moi.gov.ir, now carries the message "Owned ! Ya biatch !" and several graphics, one of which includes a picture of the Saudi Arabian dissident named last week by the US government as their prime suspect, Osama bin Laden, with two guns to his head and the caption "Osama die". (Update - ZDNet has been advised that the moi.gov.ir site has been infected by the Nimda virus. We have been unable to verify this, but as a precaution advise readers not to visit the site).

Below the image, the hackers -- who have adopted the name The Dispatchers -- describe themselves as a group of computer security enthusiasts "who are outraged at the acts of terrorism and such which are taking place in this day in age. It is our cause to fight back in everyway which we can."

The group says it is a composed of people of "all races and of many countries, not just Americans," and is targetting "every place that poses a possible threat to or safety and the safety of our friends and family all over the world." The individual who defaced the Iranian Website, RaFa, is a former member of World Of Hell, an exclusive hacking group known for their ability to own top level domains.

Current targets of The Dispatchers are those nations who, it says, support terrorism and "groups of terrorism including but not limited to Israel, Palistine, Afgahnistan etc" (sic).

This latest defacement follows a string of recent attacks by the same group. At least one other group has also been active, and an anonymous virus pretending to offer new information on the mayhem may be infecting computers.

According to computer experts, the official Web site of the Presidential Palace of Afghanistan (www.afghangovernment.org) was taken offline after computer attackers sent so many requests for information that the site became inaccessible to traffic, in what is called a denial of service (DoS) attack.

The FBI's National Infrastructure Protection Center (NIPC) warned there could be opportunity for significant collateral damage to any computer network and telecommunications infrastructure that does not have current countermeasures in place. "The Dispatchers claim to have over 1,000 machines under their control for the attacks," said the NIPC in a statement. "It is likely that the attackers will mask their operations by using the IP addresses and pirated systems of uninvolved third parties."

System administrators should check their systems for zombie agent software, said the NIPC. Zombie agent software is software that is installed onto servers without the system administrators' knowledge, and then used to attack specific target servers. System administrators can download the "Find DDoS", which can detect whether a computer has been infected by the most common distributed denial of service (DDoS) agents, from the NPIC Web site here.

Some Taliban-related sites have been defaced to include mock "Wanted" posters of Saudi exile Osama bin Laden, who the US government says is the chief suspect in last week's attacks that left thousands of people dead, according to the Information Security newsletter, which tracks Internet security threats.

Also last week, the NIPC warned that in addition to politically motivated hacking, documents are being circulated that pretend to contain information on the attacks but which are actually viruses. The one such virus so far identified is a renamed version of the life_stages.txt.shs. The NIPC said it was renamed wtc.txt.vbs so that it would appear to be related to the World Trade Center. If opened, this virus, which arrives via an email attachment in Microsoft Outlook, leaves behind documents and sends itself to others listed in the recipient's address book.

Reuters contributed to this report

See the Viruses and Hacking News Section for the latest headlines.

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Security forum.

Let the editors know what you think in the Mailroom. And read other letters.

Editorial standards