FYI: Anonymous Planning "OpUSA" Attacks on Banks and US Gov't on May 7th. More Info as Relevant to Come.

Published: 2013-05-02. Last Updated: 2013-05-02 19:47:10 UTC
by John Bambenek (Version: 1)
11 comment(s)

--

John Bambenek

bambenek \at\ gmail /dot/ com

Bambenek Consulting

Keywords:
11 comment(s)

Comments

Good article from Cisco about it: http://blogs.cisco.com/security/coordinated-attacks-against-the-u-s-government-and-banking-infrastructure/

and Radware: http://blog.radware.com/security/2013/04/cyber-attack-against-u-s-based-websites-on-may-7th/
Knowing this, what would you do (outside of your normal security maintenance process/routines) to prepare for "OpUSA"?

A good security maintenance process should already have these items covered:

1. Daily firewall log reviews.
2. Weekly (min.) updates to IPS/IDS signatures/filters.
3. Weekly (min.) updates to AV signatures.
4. Weekly (min.) implementation of critical security patches.
5. Monthly (min.) cycles of your patch management process.

So in addition to the "normal" security process, what can you really do to prepare?
OpUSA Target List. http://pastebin.com/LXHKjsfg
Thanks for the link to the target list. We have to keep in mind that this could be a fake list (published by Anonymous) to divert attention from their real intended targets.

You would think that if Anonymous really wanted to "hit them where it hurts" as they stated, they would also target the telecommunications and energy sectors - which I would argue are just as essential as banking. Take out telecommunications and energy and banking is crippled by default.
Sorry...but Anonymous is nothing but hype these days. They failed to take down Facebook, they failed to stop the streaming of the last State of the Union, #OPIsrael was a giant flop, failed to knock the NYSE off the Internet, failed to hack the Vatican...and the list goes on and on.

So...I personally have zero faith in Anonymous anymore.
Well, what else would you expect from a bunch of script kiddies? Everyone who was smart enough to find the "Next" button on the LOIC installer is nowadays calling himself Anonymous and blathering about OpWhatevers. They are sheep to a few smart and angry controllers, no hackers.
I agree that Anonymous isn't as effective as it used to be a few years ago. A few of it's leaders have been identified/prosecuted recently and overall the group seems disorganized and without leadership. It's a sinking ship without a compass and without a captain.

However, let's say it was APT1 or any other, more effective hacking group instead of Anonymous. What would you do to prepare for a cyber attack if your organization was on the target list and you also knew the timeline for the attack?
I guess everyone better schedule their Pentagon tours now... can't imagine thats one of the highest profile sites.
I suspect that there will be more arrests of some people behind Anonymous. And I agree with the other comment that they are nothing but hype. Though if they were to successfully attack vital infrastructure that would get a major response from from many governments.

Given that we made their target list for the first time, I hope the prevailing thought that they are hype is true but evidence suggests otherwise. The large number of WordPress hacks recently could be their new firepower in DNS reflection attack. The timing of those hacks is a little too close for me. It's rather interesting to see how the ISPs and DDoS mitigation providers have prices their products. You'd almost think they have a vested interest in seeing them succeed.

Even the OpIsrael, which was proclaimed a failure by the media, hacked several thousand sites. If you're one of those several thousand, it won't seem like hype.

They may not have enough capacity to take down all of those sites, but I'm betting if they focus on the bottom 50% or even the bottom 80%, they are going to see a lot of successes.

Diary Archives