[Hi folks, can you all please ignore Phil Graham's last message to the list;it was sent in error. I will delete it from the archives -- if I can figure
out which buttons to press ... John.]

Location: http://news.zdnet.co.uk/story/0,,t269-s2095443,00.html

Hackers strike at Islamic Web sites

Matt Loney

Hackers have begun attacking Web sites connected to Afghanistan's Taliban
rulers and to other Islamic nations including Iran, prompting the FBI to
issue warnings to system administrators everywhere to tighten up their
security.

On Monday, hackers outraged at the terrorist attack on the World Trade
Center defaced the Web site belonging to the Iranian government's
ministry of the interior. The site, at www.moi.gov.ir, now carries the
message "Owned ! Ya biatch !" and several graphics, one of which includes
a picture of the Saudi Arabian dissident named last week by the US
government as their prime suspect, Osama bin Laden, with two guns to his
head and the caption "Osama die".

Below the image, the hackers -- who have adopted the name The Dispatchers
-- describe themselves as a group of computer security enthusiasts "who
are outraged at the acts of terrorism and such which are taking place in
this day in age. It is our cause to fight back in everyway which we can."

The group says it is a composed of people of "all races and of many
countries, not just Americans," and is targetting "every place that poses
a possible threat to or safety and the safety of our friends and family
all over the world." The individual who defaced the Iranian Website,
RaFa, is a former member of World Of Hell, an exclusive hacking group
known for their ability to own top level domains.

Current targets of The Dispatchers are those nations who, it says,
support terrorism and "groups of terrorism including but not limited to
Israel, Palistine, Afgahnistan etc" (sic).

This latest defacement follows a string of recent attacks by the same
group. At least one other group has also been active, and an anonymous
virus pretending to offer new information on the mayhem may be infecting
computers.

According to computer experts, the official Web site of the Presidential
Palace of Afghanistan (www.afghangovernment.org) was taken offline after
computer attackers sent so many requests for information that the site
became inaccessible to traffic, in what is called a denial of service
(DoS) attack.

The FBI's National Infrastructure Protection Center (NIPC) warned there
could be opportunity for significant collateral damage to any computer
network and telecommunications infrastructure that does not have current
countermeasures in place. "The Dispatchers claim to have over 1,000
machines under their control for the attacks," said the NIPC in a
statement. "It is likely that the attackers will mask their operations by
using the IP addresses and pirated systems of uninvolved third parties."

System administrators should check their systems for zombie agent
software, said the NIPC. Zombie agent software is software that is
installed onto servers without the system administrators' knowledge, and
then used to attack specific target servers. System administrators can
download the "Find DDoS", which can detect whether a computer has been
infected by the most common distributed denial of service (DDoS) agents,
from the NPIC Web site here.

Some Taliban-related sites have been defaced to include mock "Wanted"
posters of Saudi exile Osama bin Laden, who the US government says is the
chief suspect in last week's attacks that left thousands of people dead,
according to the Information Security newsletter, which tracks Internet
security threats.

Also last week, the NIPC warned that in addition to politically motivated
hacking, documents are being circulated that pretend to contain
information on the attacks but which are actually viruses. The one such
virus so far identified is a renamed version of the life_stages.txt.shs.
The NIPC said it was renamed wtc.txt.vbs so that it would appear to be
related to the World Trade Center. If opened, this virus, which arrives
via an email attachment in Microsoft Outlook, leaves behind documents and
sends itself to others listed in the recipient's address book.

Reuters contributed to this report

************************************************************************************
Distributed through Cyber-Society-Live [CSL]: CSL is a moderated discussion
list made up of people who are interested in the interdisciplinary academic
study of Cyber Society in all its manifestations.To join the list please visit:
http://www.jiscmail.ac.uk/lists/cyber-society-live.html
*************************************************************************************