Comments on: Cyber Jihad Isn”™t Here Yet

By: 1389

1389 — Sat, 24 Nov 2007 17:42:17 +0000

You've provided a good explanation of why al Qaeda's malware jihad is a dud. I've updated this blog post to link to your article: al Qaeda Declares Internet Jihad Starting November 11, 2007

By: Matthew Wollenweber

Matthew Wollenweber — Wed, 14 Nov 2007 14:58:39 +0000

Apologies, I didn’t mean to start a fight about which programming language is better than another. In my opinion each has it’s own place. I can code in VB and I’ve used it many times.

I won’t get into a flame war with you guys. However, there’s a rational discussion in here if you want it. First, VB is a very powerful language. However, the bar to start righting graphical, internet driven programs in VB is significantly less than it is to do the same in C/C++. Simply put, someone with less experience can more quickly produce a more featureful program. Clearly, none of this is a negative.

From my personal experience, I’ve seldom seen performance oriented software written in VB. To me, performance, is key in a DoS application — you want it to dump as much data as you can. True, VB supposedly compiles down to the same binaries as MS Visual C++, but that’s fairly recent. Likewise, I’ve found the syntax difficult to scale into large projects. Finally, I’ll say that I’ve never seen many examples of writing raw packet tools in vb. I’m sure it can be done, but it’s far more common in other languages.

So again, apologies for anyone that feels I insulted VB. That wasn’t my intention. Personally, I’m fairly language agnostic. But, I do stick by my analysis of the tool. It wasn’t very sophisticated or modular. It didn’t appear that it could upgrade the feature set easily. Ultimately, no apparent attack happened. Some combination of the tool and/or planning appeared inadequate — which fits with my analysis.

By: john of sparta

john of sparta — Tue, 13 Nov 2007 23:27:21 +0000

C+ was my English grade.
VB is Virginia Beach.
what code?
those are my bonafides.
the “killer app” here is Phase One. (Kos’s opening salvo).
could it be a “shake-down cruise”? try it to see what happens and then refine. how about a diversion?
or even worse, a “plant”. eliminate the talkers.

the threat has always been there.
when would the threat become real and succeed?
stay tuned.
same Bat Time, same Bat Channel.

By: sfcmac

sfcmac — Tue, 13 Nov 2007 21:57:17 +0000

All the nitpicking over computer language and programming aside, doncha think if the ‘cyber jihadists’ were that hellbent and capable of blowing the internet to smithereens, they would have done so already?

Sheesh.

By: FreedomNeocon

FreedomNeocon — Tue, 13 Nov 2007 15:56:41 +0000

RTOFL… looks like the author hurt the feelings of some terrorist / jihadi sympathizers (aka anti-war liberals, 60s retreads desperately trying to ‘matter’)

That or the actual clowns who wrote the thing defending their buffoonish amateur work.

Seriously… the comments sound like people trying to promote some new product (it will get better, just wait and see!), rather then commenting on a malicious piece of software “supposidly” written by a bunch of thugs and murderers.

I say supposidly, because the thing honestly appears to be a middle-school “intro to programming” joke. Its THAT BAD. Might as well be “10 goto 10″

By: Smaack

Smaack — Tue, 13 Nov 2007 15:38:46 +0000

Um… why would you be showing them the shortcomings of their design? Are you gonna volunteer to re-write it for them next?

By: mcgurk

mcgurk — Tue, 13 Nov 2007 14:25:59 +0000

Wow, the commenters are a bunch of dicks, aren’t they? The review seems pretty clear cut and reasonable. A cursory investigation of the program reveals signs that its pretty amateurish, easily countered, and not that big a deal. You don’t have to be a September 10th-er to believe this is possible. While cyber-jihadism is real and ongoing (youtube is full of jihadi propaganda), this “hacker” program is largely a creation of media hype. It appears as if the program is more valuable as propaganda than as a DDOS tool. Its not surprising. The jihadis are a pretty fucking stupid bunch of twats. They can pull a trigger, press a butan and receive paradise, and film themselves while sawing off heads, but that’s about it. I mean, look, VB? Get the fuck outta here.

By: mg

mg — Tue, 13 Nov 2007 11:01:13 +0000

“… C\C++\C# would tend to be better choices for complicated and efficient programs. VB tends to be a language for quick applications or for those beginning programming.”

What a maroon. Could you be any more clueless? C# is .net managed and so is VB (version after 6). Both ‘compile’ to the same executable. You seem to be too busy getting stuck on stupid in your efforts to talk down VB.

If you had listed C/C++ and maybe added assembly, then you could have made a valid point about the sophistication of the binary

By: Kostyakostmi

Kostyakostmi — Tue, 13 Nov 2007 07:19:33 +0000

Good grief. What a load of condescension on your part. Not very security minded or forward thinking, are we?
1. “VB is not the preferred programming language of very many professionals. C\C++\C# would tend to be better choices for complicated and efficient programs.” So what? Jihadis like to hit and run. Simple, swift, and functional with as much collateral damage as possible is perfect.
2. “Terrrorists donâ€™t like to be tracked. Further, the site tracks referrals â€“ thus it would be trivial to create cliques of users, which again is something terrorists would be desperate to avoid.” True enough, however, ever hear of blind sites? how-about “freaking”, where you jump onto other peoples networks and sites and jump out again, with little thought for the other guy. Gee, that sounds Jihadish.
3. “Extremists/Islamic Jihadists tend to not speak English, remember all the stories about the few English speakers they use?” Not only is your head in the sand, but it must be up something else. Besides the obvious dolt speak, if you learn code you don’t need English, dufus. Knowledge of English did not stop 19 Islamonazi martyr boys from commandeering 4 jumbo jets and smashing them and their contents (people-real people) into things. They will learn what they need to learn to blow you and your neighbors cat into the next lifetime. Think, please.
4. “A static/real url is very amateur and easily blocked.” These guys count on spread. The more junk you throw the more potential damage. They don’t give a rat’s tail about “slick”. Only you care about that, and THAT is what they hope you are concerned with. THINK!
5. “rontpage extentions â€“ this again just seems out of place for cyber war.” Look, for brevity I’m going to skip the rest of your curlish drivel. Has the thought ever occurred to you that this might just be the opening salvo? So what if they’re amatures? So what if they’re high school AV geeks? Don’t discount them. Two kids with guns and internet Goth ramblings terrorized suburban Colorado. Another solo nutter shot-up Virginia Tech, and you still want to brush this off?
God help us all. And remind me not to call on you to save my chestnuts. WAKE -UP! Stop whacking-off on World of Warcraft, and start planning a strategy about “Whack-a-Jihadi”.

By: Beckwith

Beckwith — Mon, 12 Nov 2007 23:34:36 +0000

Just what the world needs, another propeller-head that has appointed himself critic. Remember, nobody asked him — he just volunteers his arrogant opinion — and you know what they say about opinions.

A skilled VB programmer can produce the exact same product as a skilled C++ programmer — this is petty programmer bias..

I would like to point out that it is easy to criticize any software product.

I would also loke to point out that this is undoubtedly an early version — it will get better.

This statement, “All told, the little bits of analysis make the code look to be written by high school or early college kids,’ is nothing more than bad manners.

Go back to your cubicle.