OpUSA Threatens Banks, Government

Anonymous: 'We Will Wipe You Off the Cyber Map'

By , May 2, 2013.
OpUSA Threatens Banks, Government

Security experts say that OperationUSA, a coordinated online attack against banking and government websites slated for May 7, is a serious threat. As a result, organizations should be upping their distributed-denial-of-service attack mitigation strategies to guard against the attacks, which are being coordinated by the hacktivist group Anonymous.

See Also: Understanding the Opportunities and Threats in Mobile Banking

Experts advise that call-center staff should be educated about DDoS attacks, in case customers call in about online outages or experience difficulty accessing accounts. And network and security teams should actively monitor Internet traffic on May 7 and take steps to block specific IP addresses.

Anonymous has said the attacks are being waged because of perceived social and political injustices. In an April 21 Pastebin post, it states: "Anonymous will make sure that this May 7th will be a day to remember. On that day Anonymous will start phase one of operation USA. America, you have committed multiple war crimes in Iraq, Afghanistan, Pakistan, and recently you have committed war crimes in your own country."

The group goes on to say U.S. financial institutions will be targeted for attack. "Do not take this as a warning," the post states. "You cannot stop the Internet hate machine from doxes, DNS attacks, defaces, redirects, DDoS attacks, database leaks and admin takeovers."

The White House website and eight other federal government sites, plus those of 133 U.S. banking institutions, are listed as targets in an April 24 Anonymous Pastebin post.

Anonymous says it simply plans to take these sites offline: "We will now wipe you off the cyber map."

Experts say the threat is serious and few of the targeted organizations, other than the top 50 U.S. banking institutions, have made significant investments to withstand the attacks.

OpIsrael vs. OpUSA

And while coordinated DDoS attacks waged by Anonymous last month against organizations in Israel had little impact, experts say similar attacks could be devastating in the United States. That's because the U.S. Internet infrastructure is much more dynamic. In Israel, the Internet pipeline is much easier to close off and contain, making it easier to block bad traffic, says Marc Gaffan, co-founder of online security provider Incapsula.

During OperationIsrael, the attackers failed to take over enough servers within that nation to effectively launch the attacks, he adds. But the attackers have learned from their mistakes and have likely taken over more U.S.-based web servers and improved the coordination of their attack, says Ronen Kenig, an Israel-based researcher for DDoS-mitigation provider Radware.

"What we know from some of the information that has been shared in forums and other communication channels is that this is going to be very similar to what we saw in OperationIsrael," he says. "The same groups are involved."

OperationUSA aims to get widespread attention for Anonymous by accomplishing online destruction and disruption, Kenig says - the same goal OpIsrael set out to accomplish.

OpIsrael's failure should not lead U.S. organizations to take OpUSA lightly, stresses fraud expert Avivah Litan, an analyst for consultancy Gartner. "This should all be taken very seriously," she says. "The main message is that they [hacktivists' attacks] just aren't going away, and, instead, are getting more organized and more unsettling."

Leading U.S. banking institutions, which have been battling targeted DDoS strikes since mid-September, are best equipped to withstand the online traffic surge OpUSA could dole out, Kenig says.

"The smaller banks are not prepared, and the government side is not very well prepared, either," Kenig says. "If a massive attack will come, I'm sure we will see many of the government websites going down."

Will Izz ad-Din al-Qassam Join?

Security experts are speculating about whether Izz ad-Din al-Qassam Cyber Fighters, the hacktivist group that's taken credit for the series of DDoS attacks against U.S. banks during the past eight months, will join the OpUSA movement. In some ways, Anonymous and Izz ad-Din al-Qassam share similar goals - to humiliate and annoy the U.S., says Rodney Joffe, senior technologist for online security provider Neustar Inc.

Follow Tracy Kitten on Twitter: @FraudBlogger

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Fraudsters Drain Starbucks Accounts

Fraudsters have been hacking into and draining Starbucks accounts, customers report. Security...

Latest Tweets and Mentions

ARTICLE Fraudsters Drain Starbucks Accounts

Fraudsters have been hacking into and draining Starbucks accounts, customers report. Security...

The ISMG Network