OpUSA, Anonymous against US Banking and government offices

By Pierluigi Paganini, Editor-in-Chief, CDM

May 09, 2013, 11:30 am EST

OpUSA campaing is officially started, the day has come, May 7 as announced by Anonymous, a coordinated online attack will hit Banking and government websites.

The announcement made by popular group of hacktivists is creating great concerns between US security experts in charge of defense the potential targets.

The message passed sent by Anonymous to US authorities is eloquent

“We Will Wipe You Off the Cyber Map”

a new wave of attacks, presumably distributed-denial-of-service attack, is expected to hit principal US financial institutions exactly as already happened in the last months.

The hacktivists participating to OpUSA campaign protest against the policy of the US Government blamed to have committed war crimes in foreign states and in its countries.

Anonmys Tweet

“Anonymous will make sure that this May 7 will be a day to remember. On that day anonymous will start phase one of operation USA. America you have committed multiple war crimes in Iraq, Afghanistan, Pakistan, and recently you have committed war crimes in your own country,”

Its second time that collective menace the central government of a “Big” state, in the last months was touched to Israel during #OpIsrael campaign.

Early May the DHS has issued an alert on the attacks announce OpUSA that will target US government and financial institutions, following the key findings of the warning:

“On 7 May 2013, a group of mostly Middle East- and North Africa-based criminal hackers are preparing to launch a cyber attack campaign known as “OpUSA” against websites of high-profile US Government agencies, financial institutions, and commercial entities. The attacks likely will result in limited disruptions and mostly consist of nuisance-level attacks against publicly accessible webpages and possibly data exploitation. Independent of the success of the attacks, the criminal hackers likely will leverage press coverage and social media to propagate an anti-US message.”

According security experts the ongoing coordinated DDoS attacks against US organizations could have a greater impact respect the ones of the #OpIsrael campaign because the U.S. Internet infrastructure is much more dynamic, the Israeli Internet pipeline is much easier to control and close according Marc Gaffan, co-founder of online security provider Incapsula.

Ronen Kenig, researcher at security firm Radware announced that from online forum monitoring emerged that the groups involved in the attacks will be same that participated to #OpIsrael campaign.

”What we know from some of the information that has been shared in forums and other communication channels is that this is going to be very similar to what we saw in OperationIsrael,” ”The same groups are involved.”

The announcement of similar attacks gives to the security experts the opportunity to arrange a mitigation strategy to preserve the targets from the offensive, security teams are monitoring Internet traffic trying to identify anomalous traffic.

On April 24th Anonymous published a Pastebin post listing the possible targets of the #OpUSA campaign, including The White House website, at least 8 federal government websites and hundreds of U.S. Banking institutions.

Security experts are not underestimating #OpUSA to avoid committing errors; the targeted organizations represent the financial backbone of the USA and have made meaningful investments in security to be prepared for the attacks.

Anonymous collective declared:

“You cannot stop the Internet hate machine from doxes, DNS attacks, defaces, redirects, DDoS attacks, database leaks and admin takeovers.”

The real problem is my opinion is that hacktivism is a phenomenon not negligible; the various collectives are improving the capability to coordinate their operations on global scale getting more organized and more unsettling

The principal problems related to #OpUSA are related to minor financial institutions that could be not  prepared for the cyber attacks, and according many security experts also government offices could suffer similar offensives.

Within principal concerns of security expert it is the participation to the #OpUSA of the group of hackers dubbed Izz ad-Din al-Qassam Cyber Fighters that’s taken credit for the series of DDoS attacks against U.S. Banks in the past eight.

The hacktivists share the same ideology of Anonymous collective and the same anger smolder against the American policy.

Dan Holden, expert at DDoS-mitigation provider Arbor Networks, commented the possible involvement of Izz ad-Din al-Qassam Cyber Fighters with the following words:

”However, the one thing that does lead me to think it’s possible would be the much larger impact the attack would have with their involvement,”

”I would say that if they do become involved, that the likelihood of the attacks being successful goes way up,” Holden adds. ”OpIsrael didn’t seem to have a ton of impact, but the defensive capability outside of the banks is likely to be less, and therefore this could be used as an excuse by QCF [Izz ad-Din al-Qassam Cyber Fighters] to expand their efforts and realize a win, so to speak, given the dwindling effect many of their attacks have had lately.”
Fortunately for the targets according to a statement published a few hours ago  the hackers say they’re pausing Operation Ababil and will not take part to #OpUSA this week.

“As was specified in the previous statements, al-Qassam Cyber Fighters’s purpose of DDoS attacks to American banks is to convey the voice of objection of Muslims towards religious and Islamic sacrilege, to the politicians, statesmen and people of America and the world,”
“Our will is to remove the links which entails illegitimate attributions to prophet of Islam (pbuh) from the Internet. Whilst respecting nations, we ask all to preserve the limits of religious sanctities and divine religions,” they added.
“Due to the simultaneity of OpUSA with Operation Ababil, and to abstain from ambiguity in the intentions of our operation, this week we will not run any attack and so Operation Ababil will be paused during May 7-9th.”

What to expect from the operation OpUSA?

According a post published by Radware in April the principal methods of attacks will include

  • Using common vulnerabilities to perform web site defacement and private information leakage from backend data sources.
  • Bandwidth saturation attacks using common Distributed Denial-Of-Service attack tools such asMobile LOIC, LOIC and HOIC.
  • Consumption of web server resources using “Low and Slow” attack tools such as Slowloris,Pyloris, R.U.D.Y – note that these attacks were shown to be using HTTPS as well as HTTP protocols.
  • If groups similar to Izz ad-Din al-Qassam cyber fighters join the attack campaign, we may also expect distributed attacks originating from dedicated attacking servers. These attacks could cause huge traffic peaks and will be harvesting the power of server based botnets such as Brobot (aka Itsoknoproblembro).

The attacks related to OpUSA are ongoing while I’m writing, various the sites that updated the list of targets successfully hit, Hacker News Bulletin is one of them and is already reporting a huge quantity of sites compromised, another interestind source to consult is the Radware’s Emergency Response Team (ERT) page on OpUSA

Following the first results:

60 American Websites Hacked By AnonGhost:  http://pastebin.com/yb10T2q2

American Agent from the United States House of Representatives Hacked by Mauritania Attacker: http://pastie.org/7812604

Honolulu Police Department Hacked by X-Blackerz: http://pastebin.com/QFjuEbNR

American WebMail Server Hacked – 800 Emails Leaked by Mauritania Attacker:

5000 Facebook Accounts Hacked By Mauritania Attacker: http://pastebin.com/NRvmnYFe

5 American Websites Hacked By X-Blackerz: http://pastie.org/7812607

We just have to wait for the storm to pass to analyze the offensive capability of Anonymous and the opposite response of the affected institutions … of certain events such as these have a financial impact far from negligible regardless of the results of the attacks.

(Source: CDM & Security Affairs – Hacktivism)

May 9, 2013

cyber defense awardsWe are in our 11th year, and Global InfoSec Awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.
Cyber Defense Awards

12th Anniversary Top InfoSec Innovator & Black Unicorn Awards for 2024 are now Open! Finalists Notified Before BlackHat USA 2024...