Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


06:21 PM
Connect Directly

'OpUSA' Hacktivist Attacks Fall Short

Anonymous groups wage ad-hoc defacements, data dumps from a few lesser-known sites -- not the planned attacks on major U.S. government agencies, banks

Hacktivist groups under the Anonymous umbrella had warned they would take down major U.S. government and financial websites today in what they dubbed the OpUSA hacking campaign. But in the end, it was just a few defacements of lesser-known websites and seemingly random dumps of personal information online.

As of this posting, there were no reports of any major site disruptions or distributed denial-of-service (DDoS) attacks. According to Radware's Emergency Response Team, which kept a running report on the attacks updated on its website today there were at least a handful of victims, including the website of a small community bank in Arkansas, which got defaced by the attackers, and a database dump of users of the Bloodbanker.com website. Yesterday, the Embassy of Cape Verde in the U.S. suffered a defaced website, plus a few other isolated incidents occurred today in the name of OpUSA, including a dump of 10,000 alleged stolen Visa card accounts.

[Hacktivist groups plan denial-of-service attacks on banks, government sites. See Anonymous, LulzSec, OpUSA Plan Broad Attacks On Government Agencies, Banks On Tuesday.]

The seemingly disjointed campaign was a reflection of the evolving state of hacktivism and Anonymous, which is not one group with a common agenda, security experts say -- and possibly a lack of resources to pull off the effort. What was most striking about the lack of shock and awe of today's campaign was that it actually registered less hacktivist activity than when the hacktivist group Izz ad-Din al-Qassam Cyber Fighters were actively and successfully waging DDoS attacks on major financial institutions, notes Carl Herberger, vice president of security solutions for Radware. The Izz ad-Din al-Qassam Cyber Fighters went dark for a few days in deference to OpUSA and in order to avoid any confusion about their different motivations.

"When the Izz ad-Din al-Qassam Cyber Fighters decided to take a pass this week ... the level of attack activity dropped," Herberger says. "Our devices are under less load today than when [the Cyber Fighters were in action] last week."

The Cyber Fighters have more firepower and are more organized than the groups behind OpUSA appear to have, he says.

"There were some [OpUSA] attacks, and they were pedestrian in nature relative to what we've become used to and humbled with operations by [the Cyber Fighters]," he says. "The tools and techniques here were reminiscent of attacks 18 to 24 months ago."

Anonymous, under the guise of N4m3le55 Cr3w, AnonGhost and other groups, said May 7 would represent day one of the operation, which is in apparent protest to U.S. policies on Iraq, Afghanistan, and Pakistan. "You can not stop the internet hate machine from doxes, DNS attacks, defaces, redirects, ddos attacks, database leaks, and admin take overs. Greetings to Anonghost, Mauritania hackers, Ajax team, Muslim liberation army, ZHC, antisec, lulzsec, Redhat, team poison reborn and any other hackers joining operation USA," the attackers said in a post.

Among the list of U.S. government takedown targets were the websites of the Defense Department, NSA, the FBI, and the White House. Some 130 banks and credit unions were also listed, including Bank of America, Chase, Citibank, SunTrust, Wells Fargo, and nearly all major banks. None of the targets reported a DDoS attack as of this posting.

In a new Pastebin post this afternoon, the AnonGhost team listed successful OpUSA hacks today, including more than 100,000 email accounts, 60 U.S websites, 5,000 U.S. Facebook accounts, and an "agent from the U.S. House of Representatives," but it was unclear whether these were all confirmed attacks.

So why did the OpUSA DDoS operation fizzle? Sorin Mustaca, a security expert for Avira, says the attackers would need heavy botnet backing to wage the massive DDoS attacks they had promised. "You would have to have a very serious botnet at your disposal, which is not that complicated these days. If you don't own it, you have to pay for it," he says. "Then who is going to pay for those expenses? Why I don't really think anything is going to happen [today] is I'm not aware of any major botnets being online and used remotely" for this, he says.

Mustaca says one explanation could be that the hacktivists ultimately were looking to get hired for their services. "They might create the market so they could get paid," he says. "Somebody has to pay for" the botnet and other resources, he says, so they were attempting to demonstrate their capabilities.

Radware's Herberger says it's more of an indication of how different the OpUSA hacktivists are from the Izz ad-Din al-Qassam Cyber Fighters. OpUSA was only successful thus far at defacing a few small banks, he says. "The Cyber Fighters have the attribute of offensive cyberwar," he says. "These guys here are not clearly organized or skilled and don't have the choreography."

Even so, Herberger says he knows of at least two major U.S. investment banks that had not yet been attacked that experienced attack attempts last week. "It looked like they were testing [attack] tools and techniques" on the banks, he says.

Either way, you always take any attack threats seriously, experts say. "We should take all of these things very seriously and be glad when nothing happens," Herberger says.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
10 Ways to Keep a Rogue RasPi From Wrecking Your Network
Curtis Franklin Jr., Senior Editor at Dark Reading,  7/10/2019
The Security of Cloud Applications
Hillel Solow, CTO and Co-founder, Protego,  7/11/2019
Where Businesses Waste Endpoint Security Budgets
Kelly Sheridan, Staff Editor, Dark Reading,  7/15/2019
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Jim, stop pretending you're drowning in tickets."
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-07-16
Information disclosure in PAN-OS 7.1.23 and earlier, PAN-OS 8.0.18 and earlier, PAN-OS 8.1.8-h4 and earlier, and PAN-OS 9.0.2 and earlier may allow for an authenticated user with read-only privileges to extract the API key of the device and/or the username/password from the XML API (in PAN-OS) and p...
PUBLISHED: 2019-07-16
Command injection in PAN-0S 9.0.2 and earlier may allow an authenticated attacker to gain access to a remote shell in PAN-OS, and potentially run with the escalated user?s permissions.
PUBLISHED: 2019-07-16
A Denial of Service vulnerability in the ImageNow Server service in Hyland Perceptive Content Server before 7.1.5 allows an attacker to crash the service via a TCP connection.
PUBLISHED: 2019-07-16
Quake3e < 5ed740d is affected by: Buffer Overflow. The impact is: Possible code execution and denial of service. The component is: Argument string creation.
PUBLISHED: 2019-07-16
UPX 3.95 is affected by: Integer Overflow. The impact is: attacker can cause a denial of service. The component is: src/p_lx_elf.cpp PackLinuxElf32::PackLinuxElf32help1() Line 262. The attack vector is: the victim must open a specially crafted ELF file.