Vmyths.com


Hoaxes, myths,
urban legends

Columnists

Newsletter
signup

Addictive
Update
Model

False
Authority
Syndrome

About us

Computer
security
humor

Truth about computer security hysteria
Truth About Computer Security Hysteria

Islamic cyber-terror attack (''electronic jihad'') predicted (August 2004)

CATEGORY: Media flops, media fiascoes

CATEGORY: Media flops, media fiascoes

On 24 August 2004, Russian news site MosNews reported "terrorists will paralyze the Internet on August 26.". The story cited virus experts Alexander Gostev and Eugene Kaspersky, both who work for Kaspersky Labs, a large Russian antivirus firm. MosNews ran the story under the headline "Russian Computer Expert Predicts Internet Terrorist Attack." The web page address includes the phrase "internetend" — a reference to the end of the Internet as we know it.

Vmyths dis­missed this "Inter­net Ter­rorist Attack" story as base­less hys­teria.
Vmyths dismissed this "Internet Terrorist Attack" story as baseless hysteria, for numerous reasons explained below.

It appeared MosNews derived their story from a newswire published by Lenta.ru, which may have derived their own story from a Novosti newswire. In other words, it was "hand-me-down" news, and this is a systemic problem in computer security. Reporters will often quote each others' stories as their main sources of information.

Worse, these stories originated in Russia, where many news agencies dissolved into sensationalist tabloids after the breakup of the Soviet Union.

The Novosti newswire described the cyber-terrorists as "Islamic" fundamentalists who declared August 26 a day of "electronic jihad." Gostev supposedly claimed "the United States and Western Europe will suffer from the attack," while Kaspersky supposedly "reminded that similar attacks had earlier paralyzed [the] Internet in South Korea. He added that it would be 'impossible' to stop terrorist organizations if they 'get down to business.'"

Gostev and Kaspersky supposedly learned of the cyber-terror attack from data "published on specialized sites," yet Gostev admitted "it is difficult to say how true this information is." Statements like this raise a red flag at Vmyths. We believe the men studied messages left by narcissistic braggarts, not Islamic cyber-warriors. Vmyths had seen no objective evidence to suggest an Internet jihad would take place anytime in the near future.

Narcissistic hackers have a notorious habit of declaring an attack date and then failing to show up for duty at the appointed time. Some of the most hilarious examples of these non-events took place in 1997 and 2001 and 2003.

According to a Novosti newswire, Kaspersky concluded by saying "it is ghastly enough that these people have mentioned 'electronic jihad' for the first time." Kaspersky would be clearly mistaken if the newswire quoted him in context. Hackers and the media have used the term "electronic jihad" for years; a Google search returns 500+ matches. Israel's Jerusalem Post newspaper used a similar term, "virtual jihad," in 2000. mi2g (a well-documented fearmonger) issued predictions over the years for electronic jihads which have never come to pass.

Kas­per­sky Labs' state­ment to Vmyths (see below) leads us to be­lieve (1) two em­ployees were quoted out of con­text and (2) errors crept into the En­glish trans­la­tion of their comments.
MosNews quoted Lenta.ru, which quoted another virus expert, who insisted "Kaspersky Labs has been foretelling the doomsday for a long time." Vmyths agrees they do occasionally sensationalize threats — but a global cyber-terror prediction seems highly out of character for them. Add to this the fact Kaspersky Labs' website offered no special news/advice for their clients. The Novosti newswire oddly claimed Kaspersky Labs "will be switched over to the 'yellow' danger level" on 26 August, but this, too, seems highly out of character for the antivirus firm.

For all of these reasons, Vmyths dismissed this "Internet Terrorist Attack" story as baseless hysteria. We assumed Gostev & Kaspersky were quoted out of context to some extent, and Kaspersky's statement to Vmyths (see below) reinforced our belief. This media event looks like a "worst-case scenario briefing" gone awry.

On 25 August, Vmyths spoke by phone with Sophos senior technology consultant Graham Cluley about a routine "summer slump" [our phrase] for computer security news. "August is the silly season for the tabloid journalists," Cluley explained. "It's a quiet month as many people are on holiday, and they're scrabbling around for stories. This story shows all the signs of being hyped by the tabloids to make an easy headline." The translation of quotes from Russian to English would only amplify the problem, Cluley added.

The global media has displayed a serious fetish over the years for "end of the Internet" stories. Some news organizations around the world fell for the "Internet Terrorist Attack" story — but many other reporters displayed a healthy dose of skepticism this time around.

The SANS "Internet Storm Center" reported a "green" status for the Internet on 26 August. SANS "predicts that the Internet will not vaporize into a cloud of nothingness this Thursday, but if it does, it's been our pleasure to help stave off its inevitable annihilation this long." Vmyths applauds SANS for its sense of humor.

The global media has a serious fetish for "end of the Inter­net" stories.
Some computer security websites went so far as to ridicule the notion of a looming cyber-terror attack. These sites used a coordinated "self-defacement campaign" as a humorous way to get their point across. The list of self-defaced websites included Attrition.org, InfoWarrior, Reznor.com, and Treachery Unlimited. Vmyths applauds these sites for their sense of humor. We archived a copy of the self-defacements for posterity.

25 Aug 04: Kaspersky Labs responds to Vmyths inquiry

Eugene Kaspersky (Kaspersky Labs) quickly responded to our inquiry. See below for a verbatim email he sent to many of his colleagues. (English is not Kaspersky's native language.)
Hello all,

Yesterday at press conference in Moscow we (Alex Gostev and me) mentioned "the electronic jihad" which was announced by arabic terrorists to be planned on August 26. Unfortunately we didn't have enough time at press conference to speak about more details. Here they are:

According to some Arabic web sites Arab hackers announced the 26 August as the day of 'electronic jihad ' against Israel. This time (in contrast to the creation of anti-Israeli web-sites) - their action will be more aggressive and it will be focused on breaking the Israeli web resources. Arab hackers also issued a call to the hackers of all countries to be combined with them during this day.

We are waiting for nothing bad on that day - we are sure nothing really serious will happen. The VERY BAD trend we see that they started to use the "electronic jihad" term, and they are thinking about AGGRESSIVE attack (not passive way - like anti-Israel Web sites). The Pandora Box is open. We will see results sooner or later.

Few history.

Spring 2002. We started to speak to press (first time - in UK) about "possible danger in the INet" and "possible lethal scenario to the Inet because of fast spreading worm" - we spoke in VERY low voice and without ANY details.

Autumn 2002. I don't remember who - they released detailed explanation of "flash worm" which will spread with very fast speed. Autumn 2002. First global DoS attack on the Inet backbone servers.

- we started to speak about "lethal scenario" with HIGH vioce. In January 2003 I explained "flash worm" and possible network collapse to Russian press (we had a press conference in Moscow). ..... Exactly in 1 week - the Slammer epidemic (I think you remember all details)

Autumn 2003 - presentation about possible criminalization in the Inet and e-mafia.... Later that year and winter 2004 - first raket cases in UK (Russian hackers were arrested because of that a month ago).

Spring 2004 - with VERY LOW voice we started to speak about possible e-terrorism... Now we speak about that with HIGH voice.

I'm sorry :-( I don't want to be e-Cassandra but...

Vmyths strongly disagrees with Kaspersky Labs on "e-terrorism," aka cyber-terrorism. Legitimate terror groups crave one thing above all else: fear. Hackers & virus writers have never demonstrated the fear they crave. "Freedom fighters" in East Timor learned this lesson the hard way in 1999. No legitimate terror group will bother to organize an "electronic jihad" until it can exploit real fear.

29 Aug 04: did Vmyths' own predictions come true?

Vmyths made three initial predictions on 25 August 2004:
(1) On Wednesday, news outlets around the world will run the Novosti newswire (and stories derived from it) without question. A sensationalist reporter might even link cyber-terrorism to the breaking news of two Russian jetliners that just crashed. "Did Islamic hackers take over the cockpits?" (2) On Thursday, a few news outlets will acknowledge the prediction flopped. (3) On Friday, reporters will dump the story as a non-event.
Predictions #2 and #3 came true. Prediction #1 proved correct, although not in the magnitude we implied. Reuters, the Associated Press, Bloomberg, and other major western newswires displayed a healthy dose of journalistic common sense. To our credit, though, computer security vendor F-Secure claimed on 26 August "we actually got two queries asking if we saw any connection with the two plane crashes in Russia and with these rumoured E-Jihad attacks. No, we did not see any connection."

Vmyths has forged relationships with computer security reporters over the years and we feel our "Hysteria Alert" newsletter helped to destroy the sensationalism of the "Internet Terrorist Attack" story. But we cannot objectively demonstrate the value of our "Hysteria Alerts." As such, Vmyths must acknowledge prediction #1 did not come true in the magnitude we implied.

''Osama bin Virus!'' comedy album

Last updated: 2004/8/29