DHS: OpUSA to Cause Limited Disruptions

Homeland Security Describes Possible DDoS Attacks as Nuisance

By , May 6, 2013.
DHS: OpUSA to Cause Limited Disruptions

The Department of Homeland Security characterizes as a nuisance the threatened May 7 Operation USA attack against U.S. federal government and banking websites, contending some of the participants possess only rudimentary hacking skills.

See Also: The Evolution of Advanced Malware

Still, if the attack is perceived as a success in the hacking community, more nefarious actors could try more vicious disruptions against U.S. sites, DHS says in an alert.

The hacktivist group Anonymous, in a posting on the website Pastebin, says OpUSA will target nine U.S. federal government websites, including the White House and Defense Department, as well as 133 financial institutions on May 7 [see OpUSA Threatens Banks, Government].

A government official says DHS is fully aware of this threat and is working with federal and private-sector partners to put in place mitigation strategies. Homeland Security, in the alert, says it expects the hacktivists to attempt distributed-denial-of-service attacks that could temporarily halt or slow down website traffic. The alert also notes the hacktivists could attempt homepage defacement and data leaks.

According to the DHS alert, first reported by IT security blogger Brian Krebs and confirmed by a DHS official, the attacks likely would result in limited disruptions and mostly consist of nuisance-level attacks against public accessible webpages and possibly data exploitation.

A Nuisance with a Caveat

Former CIA Chief Information Security Officer Robert Bigman says that DDoS attacks are largely a nuisance, but adds a caveat: "If the DDoS attacks continue and veterans can't file claims and travelers can't get passports, then the public will motivate Congress to address the problem. Short of that, things will not change."

Another IT security expert, though, contends attacks such as those threatened by Anonymous could prove more damaging. "Some DDoS attacks are only a nuisance, but, as we've seen in the DDoS attacks on banks, these kinds of attacks are often just a smokescreen to distract from real damage elsewhere," says Dwayne Melancon, chief technology officer at IT security provider Tripwire. "Writing off DDoS attacks as merely a nuisance is irresponsible, without data to substantiate that disposition."

DDoS attacks, indeed, have taken a toll on American banks. Since last September, the FBI counts more than 200 separate DDoS attacks on at least 46 financial institutions [see FBI: DDoS Botnet Has Been Modified].

Bigman, who retired last year from the CIA after 30 years, says federal agencies that deem their public-facing websites as mission-critical should be better prepared to defend their sites against the attacks. "The ones who use the website largely as an information serving platform - most of the intelligence community - are, ironically, less well protected," he says.

Assessing Hackers' Skills

The alert, prepared by Cyber Intelligence Analysis Division within DHS's Office of Intelligence and Analysis, says the actors behind OpUSA most likely will rely on commercial tools to exploit known vulnerabilities rather than develop their own tools and exploits.

"This suggests some of the participants possess only rudimentary hacking skills capable of causing only temporary disruptions of targeted websites," the alert says. "Nevertheless, OpUSA participants likely will exaggerate the scope and impact of their attacks as a way to attract attention and draw more capable criminal hackers to future hacking efforts."

Tripwire's Melancon cautions against underestimating the sophistication of the expected May 7 attack, saying that attitude is risky. "It is better to prepare for a strong attack than to be caught flat-footed because you expected an amateurish attack, but ended up being confronted by a competent attacker," he says.

Lessons to Be Learned

Even if the attacks are somewhat successful, they could help website operators defend against future attacks. "OpUSA, if launched, will actually expose vulnerabilities and help to reduce the number of targets that are susceptible to easy exploitation by more targeted adversaries," says Richard Stiennon, an IT security analyst and author of the book "Surviving Cyberwar."

The DHS alert says promoters of OpUSA, though not necessarily its instigators, include individuals linked to websites that host violent extremist content, including a member of a web forum that hosts al-Qaida-inspired content.

Follow Eric Chabrow on Twitter: @GovInfoSecurity

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Fed's Payments Overhaul on Fast Track

The Federal Reserve, which just two weeks ago announced a plan for faster and more secure payments,...

Latest Tweets and Mentions

ARTICLE Fed's Payments Overhaul on Fast Track

The Federal Reserve, which just two weeks ago announced a plan for faster and more secure payments,...

The ISMG Network