Security experts say that OperationUSA, a coordinated online attack against banking and government websites slated for May 7, is a serious threat. As a result, organizations should be upping their distributed-denial-of-service attack mitigation strategies to guard against the attacks, which are being coordinated by the hacktivist group Anonymous.
Experts advise that call-center staff should be educated about DDoS attacks, in case customers call in about online outages or experience difficulty accessing accounts. And network and security teams should actively monitor Internet traffic on May 7 and take steps to block specific IP addresses.
Anonymous has said the attacks are being waged because of perceived social and political injustices. In an April 21 Pastebin post, it states: "Anonymous will make sure that this May 7th will be a day to remember. On that day Anonymous will start phase one of operation USA. America, you have committed multiple war crimes in Iraq, Afghanistan, Pakistan, and recently you have committed war crimes in your own country."
The group goes on to say U.S. financial institutions will be targeted for attack. "Do not take this as a warning," the post states. "You cannot stop the Internet hate machine from doxes, DNS attacks, defaces, redirects, DDoS attacks, database leaks and admin takeovers."
The White House website and eight other federal government sites, plus those of 133 U.S. banking institutions, are listed as targets in an April 24 Anonymous Pastebin post.
Anonymous says it simply plans to take these sites offline: "We will now wipe you off the cyber map."
Experts say the threat is serious and few of the targeted organizations, other than the top 50 U.S. banking institutions, have made significant investments to withstand the attacks.
OpIsrael vs. OpUSA
And while coordinated DDoS attacks waged by Anonymous last month against organizations in Israel had little impact, experts say similar attacks could be devastating in the United States. That's because the U.S. Internet infrastructure is much more dynamic. In Israel, the Internet pipeline is much easier to close off and contain, making it easier to block bad traffic, says Marc Gaffan, co-founder of online security provider Incapsula.
During OperationIsrael, the attackers failed to take over enough servers within that nation to effectively launch the attacks, he adds. But the attackers have learned from their mistakes and have likely taken over more U.S.-based web servers and improved the coordination of their attack, says Ronen Kenig, an Israel-based researcher for DDoS-mitigation provider Radware.
"What we know from some of the information that has been shared in forums and other communication channels is that this is going to be very similar to what we saw in OperationIsrael," he says. "The same groups are involved."
OperationUSA aims to get widespread attention for Anonymous by accomplishing online destruction and disruption, Kenig says - the same goal OpIsrael set out to accomplish.
OpIsrael's failure should not lead U.S. organizations to take OpUSA lightly, stresses fraud expert Avivah Litan, an analyst for consultancy Gartner. "This should all be taken very seriously," she says. "The main message is that they [hacktivists' attacks] just aren't going away, and, instead, are getting more organized and more unsettling."
Leading U.S. banking institutions, which have been battling targeted DDoS strikes since mid-September, are best equipped to withstand the online traffic surge OpUSA could dole out, Kenig says.
"The smaller banks are not prepared, and the government side is not very well prepared, either," Kenig says. "If a massive attack will come, I'm sure we will see many of the government websites going down."
Will Izz ad-Din al-Qassam Join?
Security experts are speculating about whether Izz ad-Din al-Qassam Cyber Fighters, the hacktivist group that's taken credit for the series of DDoS attacks against U.S. banks during the past eight months, will join the OpUSA movement. In some ways, Anonymous and Izz ad-Din al-Qassam share similar goals - to humiliate and annoy the U.S., says Rodney Joffe, senior technologist for online security provider Neustar Inc.
While Izz ad-Din al-Qassam Cyber Fighters has been reluctant to push its DDoS force to full capacity, the attackers behind OpUSA aren't likely to practice the same discretion, Joffe says.
"I would be surprised if al-Qassam got behind this effort," Joffe says. "They've been very careful not to provoke a response from the U.S. government. They've done just enough to be a nuisance. Those behind OpUSA don't have the same motivations, and they don't appear to be as sophisticated."
Dan Holden of DDoS-mitigation provider Arbor Networks says associating itself with Anonymous does not really help Izz ad-Din al-Qassam Cyber Fighters. "However, the one thing that does lead me to think it's possible would be the much larger impact the attack would have with their involvement," he adds.
"I would say that if they do become involved, that the likelihood of the attacks being successful goes way up," Holden adds. "OpIsrael didn't seem to have a ton of impact, but the defensive capability outside of the banks is likely to be less, and therefore this could be used as an excuse by QCF [Izz ad-Din al-Qassam Cyber Fighters] to expand their efforts and realize a win, so to speak, given the dwindling effect many of their attacks have had lately."
Without the participation of Izz ad-Din al-Qassam, OpUSA will be less effective, Kenig acknowledges. "This is a serious threat," Kenig says. "But if the attackers are going to be successful, they will definitely need more botnets. If the Cyber Fighters join the attack and bring their botnet on, the attacks will be significant."