Not using Twitter or Facebook is, in these times, akin to not owning or using a mobile ‘phone. Last night’s events – the reported death of Osama Bin Laden – proved that we are well and truly in the Twitter era (Twitter reported that over 4000 tweets per second were made immediately preceding the President’s speech). However, a related danger lurks for users of social media sites, and is increasingly rearing its ugly head. Rapidly following on the heels of any major event will be a slew of malware-related tricks and scams. Royal weddings, elections, reality TV wins and losses, even presidential birth certificates are now ‘global’ news if they start trending on Twitter – and in the wake of the trend (and sometimes, ahead of it) come the cyberthieves sending out links to malicious websites.

Macabre though it is, ‘celebrity’ deaths (whether of the famous or infamous) and meltdowns (Charlie Sheen anyone?) provoke curiosity and the scammers can, and do, take advantage of this fact. So we saw, with the announcement by the President of the United States of Osama Bin Laden’s death, a rapid onset of links to videos and images purporting to be of the raid and death of OBL, but actually containing malicious content that will infect systems. People searching for stories are particularly vulnerable, as the attackers use Search Engine Optimisation (SEO) techniques to ensure that their sites get to the top of searches.

An example of the sort of scam is given in the video here:

 

Some people, although clearly not historians, have been putting around stories that Osama and Hitler died on the same day – this is incorrect – Hitler committed suicide on the 30th April, 1945 - but the announcement of his death was made on the 1st of May that year. Historical inaccuracies aside, it’s not only numerologists and pattern seekers (of the non-AV persuasion) who will take advantage of this coincidental congruence. You can be sure that searches for information about Hitler are already being poisoned in preparation for the cyberthieves taking control of yet more unsuspecting victims. It’s also unfortunate that such random things are being reported as ‘interesting facts’. A dead dictator and a dead mass murderer may have some things in common, but so do many other things (and I doubt any astrologers wrote “you will be shot by Navy SEALs” for Pisces yesterday – Bin Laden was born on 10th March) – it’s uncertain what actual ‘news’ this constitutes, but what it does do is increase the curiosity factor. Attempts to establish tenuous links establish the likelihood that the resulting myths, conspiracies and scams will draw people’s attention.

As one of my colleagues remarked:  

“Old and old-style hoaxes have taken on a new lease of life on Facebook, so some form of related chain letter is quite possible. We might even see more of those annoying "avoid New York on May 15th" hoaxes.

While it would clearly be good terrorist ‘PR’ to demonstrate any ability they have to disrupt infrastructure using cyber-attacks, outside of the ‘cyber-attack realm’ it seems inevitable that security services will step into high gear in anticipation of retaliatory action and terrorist demonstrations that the fight continues. Sadly, such action is likely to take the form of physical attacks and raised levels of security (not to mention security theatre) are likely to be disruptive in themselves. Certainly no-one should assume that they can start to breathe easier.

John Brennan, deputy national security adviser and chief counterterrorism coordinator for President Obama has apparently said that he now considers al-Qaeda 'old news', however, in my opinion, it's likely to become something of a 'figurehead' label for a group or groups of would be terrorists.

I see two likely scenarios, neither of them too comfortable:

  1. a long and drawn out infight between various factions with their own leader trying for supreme command of al-Qaeda - leading to vicious attacks to prove their individual strength
  2. a unification of the remaining leaders behind a single cause - leading to vicious attack to prove their united strength

I’ve put together some links here, as other colleagues and friends have posted useful information and advice on this topic:

http://www.scmagazineus.com/in-the-midst-of-bin-laden-death-there-is-malware/article/201949/
https://www.welivesecurity.com/2011/05/02/osama-bin-laden-video-malware
https://www.welivesecurity.com/2011/05/02/osama-bin-laden-dead-malware-is-alive

Our advice is, as always “Stop, Think, Connect” and be vigilant, online and offline.

This is not the end of the story, a story that has its roots well before the fateful day in September 2001 that brought Osama Bin Laden to the attention of the world. Although his death is clearly a major psychological victory in the war against terror, there will be more attempts at attack, and the more vigilant we can be, both online and in our daily lives, the less likely the attackers will succeed.