Al Qaeda Cyber Attacks against Databases and Servers

From: Acunetix Ltd
Published: Tue Dec 05 2006

The US Computer Emergency Readiness Team (US-CERT) issued a warning of possible cyber attacks by Islamic militant groups associated with the Al Qaeda network. Aimed at penetrating websites, disrupting online service and destroying data, these attacks will probably target US online stock trading and banking websites.

According to MEMRI (Middle East Media Research Institute), Islamic websites have increased their focus on IT security related issues and one of the latest spates is the Technical Mujihad, an online magazine published by al-Fajr Information Center. The 64-page edition magazine was electronically distributed to password-protected Jihadist forums (according to on the 28th November and computer and contained Internet security related articles. reports such articles as “The Technique of Concealing Files from View” and “How to Protect Your Files, Even if Your Device was Penetrated,” were written for the intermediate to advanced user, and describe a variety of methods and software that provide security: “the editorial…emphasizes the great purpose of jihad in the information sector.”

The situational awareness alert was issued by US-CERT, part of the Department of Homeland Security (DHS), on Thursday 30th December, stating that financial institutions could be targeted in denial-of-service and database attacks as soon as Friday. Online trading and banking websites are urged to take the necessary precautions against the infiltration and destruction of their website.

Assessing the security of a website

According to the Privacy Clearing House over 97 million personal records were stolen through hack and related attacks over an 18 month period spanning February 2005 through late November 2006. Although terrorist attacks go beyond the profit intentions of hackers, organizations are now at great risk.

If the servers and/or web applications are compromised, any militant group could gain complete access to backend data.
Web applications are designed to allow website visitors to retrieve and submit dynamic content (with varying levels of personal and sensitive data) through any web browser. Therefore web applications require direct and open access to backend databases to function properly. Hackers may easily gain access to sensitive data through several types of vulnerabilities including SQL Injection and cross-site scripting. It is fundamental for any institution with an online presence to regularly audit the security of its web assets, answering fundamental questions - “Which elements of our network infrastructure we thought are secure, are open to hack attacks?” and “What code can be thrown at web applications to cause them to misbehave?”

Acunetix provides on-demand site audit to help companies determine the security of their websites
Acunetix SiteAudit is a new on-demand web security audit service that provides an immediate and comprehensive security audit of all off-the-shelf and bespoke web applications at an introductory price of only $395. In addition to performing a thorough web application scan, Acunetix is also offering a complimentary audit of a company's web and database servers to ensure that web security is completely up to scratch.

Acunetix SiteAudit:

* Provides an immediate and comprehensive website security audit
* Ensures website is secure against web attacks
* Checks for SQL injection, Cross site scripting and other vulnerabilities
* Audits shopping carts, forms, and dynamic content
* Scans entire website and web applications including Javascript / AJAX applications for security vulnerabilities.

About Acunetix

Acunetix was founded to combat the alarming rise in web attacks. Its flagship product, Acunetix Web Vulnerability Scanner, is the result of several years of development by a team of highly experienced security developers. Acunetix is a privately held company with headquarters based in Europe (Malta), a US office in Seattle, Washington and an office in London, UK. For more information about Acunetix, visit:;

All product and company names herein may be trademarks of their respective owners.

For more information:
Please email Tamara Borg:
Acunetix Ltd: Tel: 888-231-6801, Fax: (+1) 425-650-6873
Company: Acunetix Ltd
Contact Name: Tamara Borg
Contact Email:

Visit website »