Al-Jazeera computer network harbours Denial-of-Service
London, UK - 18 January 2005, 9:00 GMT - Al-Jazeera, the at times
controversial Arab news satellite channel, has had its computer network compromised
by Trojans with built-in mail relay engines since the Arab weekend began on
Friday 14th January. The mi2g Intelligence Unit has since then received
reports and evidence from reliable sources that 100s of identical emails every
hour have been sent from specific Al-Jazeera email accounts that have brought
down normal business services at targeted internet accounts in the West as
they have been overwhelmed by the Denial of Service (DoS) attacks.
Despite making contact with the individual email accounts at Al-Jazeera that
appear to have been unknowingly originating the DoS attacks, no official response
has been received to date. The problem has persisted on Saturday and Sunday
but seemed to alleviate on Monday morning as email blocks were set-up downstream.
The mi2g Intelligence Unit originally discovered the problem when one
of its specific emails was not delivered to its regular business contacts
on Friday morning because the corporate mail box in question was suspiciously
designated "full". That source explained on the phone that they
were under a DoS attack from Al-Jazeera's computers. Since then select sources
have confirmed the problem in the US, UK and Australia through emails, internet-relay-chat
and private bulletin boards. The governments of all three countries support
the war on terrorism and the war in Iraq through a joint coalition.
The nearly 72 hours window during which the Denial of Service has been active
is particularly worrisome because most corporations update their anti-virus
tool kits every 24 hours at least and run scans. The more vigilant ones run
the updates and scan regimes every six hours. Furthermore, corporate networks
have extra layers of relay filtering and traffic monitoring which especially
look out for repeat sends of identical messages and are programmed to stop
such anomalous patterns from being executed. In the case of Al-Jazeera none
of these preventative measures seem to be in place.
The events of the last three days are demonstrating that Al-Jazeera is running
its computer network like a "match-box" organisation in comparison
to its Western peer group. What has happened to certain Western businesses
as a result of Al-Jazeera's denial of service attack is completely unthinkable
in the context of reputable Western media organisations doing the same in
2005 such as Reuters, Bloomberg, Financial Times, CNN, News International
etc. The mi2g Intelligence Unit has case history of similar recklessness
and social irresponsibility originating from Western news agencies between
1997 and 1999, especially during the NATO-Serbia war and its cyber fallout.
However, Western news agencies learnt very fast when they came under pressure
from their customers and interlocutors in terms of law suit threats.
Given that Al-Jazeera is running corporate security policies for its network
which are lagging behind the West by between six to eight years, it appears
relatively easy to bring down their computer network at present or overwhelm
their computing facilities. If certain political powers find Al-Jazeera to
be a pain in their backside, and there are some who have gone on record to
say that they do, there are clear ways as a result of observing the recent
DoS attacks that can be utilised to quieten them easily and anonymously. If
those ways have not been used to date and are now being tried and tested out,
is this because Al-Jazeera is being targeted to serve a particular purpose,
where its satellite network or website www.aljazeera.net
may be commandeered in the near future to push out very specific messages
with an agenda different from the journalists and editors who work at that
"A news agency's computer network is its printing press,"
said DK Matai, Executive Chairman,
mi2g. "It would be unthinkable to
have confidence in a news agency whose printing press or TV broadcasting service
could be compromised because then one just would not know whether the news
story one was reading or listening to was true or injected by a malicious
During late March 2003, when Al-Jazeera had broadcast images of American soldiers
captured by Iraqi forces during the early phase of the war, its website was
brought down by a Distributed Denial of Service (DDoS) attack.
mi2g is at the leading edge of building secure on-line banking, broking
and trading architectures. The principal applications of our technology are:
2. Digital Risk Management; and
3. Bespoke Security Architecture.
mi2g pioneers enterprise-wide security practices and technology to
save time and cut cost. We enhance comparative advantage within financial
services and government agencies. Our real time intelligence is deployed worldwide
for contingency capability, executive decision making and strategic threat
mi2g Research Methodology: The Frequently Asked Questions (FAQ) List
is available from here in pdf. Please
note terms and conditions of use listed on
Full details of the December 2004 report are available as of 1st January
2005 and can be ordered from here.
(To view contents sample please click here).