By Shaun Waterman, UPI Homeland and National Security Editor
Feb. 22, 2006
Muslim hackers angered by the publication of cartoons of the Prophet Mohammed have defaced nearly 3,000 Danish Web sites over the past month in the biggest politically motivated cyber attack long-time observers have ever seen.
Experts say that the world-wide protests over a Danish newspaper’s decision to publish the caricatures, an act offensive to Muslims who regard any depiction of the Prophet Mohammed as blasphemous, may prove to be something of a coming-of-age moment for the emerging movement of Internet mujahideen — Islamic extremists committed to waging a cyber Jihad on the Web.
"They see this as a huge opportunity," Stephen Ulph told United Press International.
Ulph, a terrorism analyst with the Jamestown Foundation who monitors web forums and chat rooms used by Islamic hackers, said, "You can feel the excitement (among their users)… There’s a sense that they can make a real difference (on this issue)."
Roberto Preatoni, founder and administrator of Zone-H.org, which tracks Web graffiti artists, says his site has monitored 2,817 defacements of sites in the .dk domain since Jan. 21, when the cartoon controversy first boiled over into world-wide street demonstrations and riots.
"That is at least 10 times, maybe more like 20 times, the number of attacks (in that domain) we would expect in such a time frame," he told UPI, adding that thousands of other Web sites in Europe and Israel had also been defaced.
Several technology journals reported that the target sites were mostly owned by small organizations without advanced security.
"This is the biggest, most intense assault" he had ever seen, Preatoni said, eclipsing the hacker attacks that accompanied the row over a U.S. spy plane forced down in China in 2001 and the invasion of Iraq in 2003.
He said the phenomenon represented "the emergence of the digital Ummah," — the Islamic theological term for the worldwide community of Muslim believers.
Preatoni said the graffiti messages varied, but their political character was obvious from their wording.
Some of the defacements supported peaceful protests like the global boycott of Danish goods called by Muslim leaders following the decision of the government there to support the publication of the caricatures.
Others, like one by a group calling itself the Internet Islamic Brigades, included pictures of the July 2005 suicide bombings in London, and the threat "I will bomb myself in Denmark very soon, as my brothers in Islam did in U.K (the United Kingdom)."
The tactics of the cyber jihadists are as various as their messages, Ulph said, citing efforts he had seen to influence the outcome of an online poll by a German news site; a coordinated 24 hour long attack on the Jyllands-Posten and other Danish sites; and a failed call for an "international day of embassy burning" on Feb. 13.
"This is the new front line," of the global jihad movement, he said.
Ulph said one of the striking features of the Danish assault was how well-organized it was. He called it the "most recent demonstration of the efficiency, coordination and ingenuity of the Internet mujahideen."
He said the cartoon issue was "a perfect focus" for jihadists, because it had motivated the Islamic masses, and given the extremists a popular cause to "use … as a recruiting tool."
The recruitment question highlights the gap between committed extremists for whom the Web is simply another front on which jihad must be waged, and the broader community of Muslims active online.
Preatoni said that the large majority of those doing the defacements — he estimated as many as 90 percent — were existing hackers and Web graffiti artists, who would have been defacing other Web sites anyway.
"They are using this issue to give sense to what would otherwise be a senseless activity," he said.
He said Muslims represented an increasing proportion of hackers, crackers and other Web vandals, as the availability of the Internet spread in the Islamic world.
The number of hackers and defacers active in Turkey, for example, "has just exploded over the past year," he said, adding that one of the most prolific defacers in the world last year was a 45-year-old Turkish man using the name Iskorpitx.
Iskorpitx defaced nearly 50,000 sites in the past 18 months, he said.
But the other 10 percent involved in the Danish attacks were either retired or reformed Web vandals who had returned to the fray to join the cartoon protests; or else completely unknown newcomers.
"I’ve seen a lot of completely new names," in the past month, he said.
Preatoni said that some of the newcomers were "people who clearly had the technical capabilities all along" but had not previously been motivated. Ulph pointed out that extremist chat rooms and bulletin boards often had entire libraries of software and training materials for novice hackers.
The Danish cartoon issue, he said, offered the cyber jihadists the opportunity to reach out to those sympathizers who had not previously been actively involved — the so-called armchair mujahideen. "Everyone can get involved," he said, and the chat rooms offered advice on how to remain anonymous online and hide the origins of cyber attacks.
Preatoni warned that, though defacement was relatively easy and simple to fix, "defacing takes absolutely the same skills as hacking," and that "most of the time (Web vandals) have access to the servers," meaning that they could do much more significant damage if they chose.
It is just a matter of time," he said.