Anonymous OpUSA Hackathon: Mostly Bluster

DHS predicts Tuesday's hackathon will involve little more than nuisance exploits. Meanwhile, Syrian Electronic Army hacks Twitter feeds of satire site <i>The Onion</i>.

Mathew J. Schwartz, Contributor

May 7, 2013

5 Min Read

Anonymous: 10 Things We Have Learned In 2013

Anonymous: 10 Things We Have Learned In 2013

Anonymous: 10 Things We Have Learned In 2013 (click image for larger view and for slideshow)

Will the Anonymous-lead Operation USA (#OpUSA) scheduled for Tuesday disrupt leading U.S. government and banking websites?

An "#OpUSA target list" posted to Pastebin two weeks ago named nine government websites -- the White House and Department of Defense's public-facing websites among them -- and 133 banks and credit unions as primary targets. "We will now wipe you off the cyber map," read the Pastebin post, signed by N4M3LE55 CR3W. "Do not take this as a warning. You can not stop the internet hate machine from doxes, DNS attacks, defaces, redirects, ddos attacks, database leaks, and admin take overs."

In a show of solidarity, the distributed-denial-of-service bank-attack outfit known as al-Qassam Cyber Fighters, which as part of Operation Ababil has been successfully disrupting financial websites for months, Monday promised to take the week off. "Due to the simultaneity of OpUSA with Operation Ababil, and to abstain from ambiguity in the intentions of our operation, this week we will not run any attack," read a statement posted to the group's Pastebin.

By Tuesday afternoon, however, despite a plethora of hacked-site reports, the OpUSA attacks appeared to be targeting low-level -- and possibly random -- sites in the United States and abroad, arguably causing little damage.

[ Could fake passwords help keep your database secure? Read Sweet Password Security Strategy: Honeywords. ]

The Tunisian Hackers Team, for example, claimed to have dumped a SQL database for the Blood Bank of America that appeared to contain about 3,000 usernames and hashed passwords. Among other attacks, AnonGhost members BilalSbXtra & Dr.SaMiM_008 posted what they said were 10,000 credit card numbers, including expiration dates and security codes, as well as account holders' names and addresses -- that were apparently stolen from an online store. Some of the published information also included social security numbers, bank account routing numbers and answers to secret questions. The group also claimed to have hacked 29 Israeli websites.

Meanwhile, Mauritania Attacker Tuesday claimed to be preparing to release "all governments emails of USA." It published a teaser showing some doxed addresses -- which included both and addresses, as well as numerous accounts with service providers -- but with obscured passwords.

Hacking groups or collectives claiming to participate in OpUSA include Anonymous and affiliates AntiSec and LulzSec Reborn. Other groups that have pledged their assistance include Ajax Team, Mauritania Attacker, Muslim Liberation Army, Redhat, Team Poison Reborn and ZHC.

Not all OpUSA-related attacks began Tuesday. Hacking group X-Blackerz Inc claimed Monday to have released 23 emails and passwords for Honolulu Police Department staff. Meanwhile, AnonGhost Team got an early start Saturday, claiming via Pastebin that it had defaced about 900 pages, which included multiple Web pages in the domain of Hack-DB, which tracks hacktivism and cybercrime. A message posted to defaced sites read "we are everywhere" and left a scrolling list of the group's official members.

Many of the groups that pledged to take part in the one-day hackathon had previously joined forces for the ongoing Operation Israel (#OpIsrael) campaign, which last month promised to "erase" Israel from the Internet. "We promised to take Israel off the cyber map. We succeeded," read a recent OpUSA target list post. OpIsrael attackers last month claimed to have disrupted 100,000 Israeli websites and caused $3 billion in damage. But Israeli officials disputed hacktivists' claims, saying while there had been a lot of bluster there was little "real damage," and that the country's critical infrastructure remained unaffected.

Likewise, in the lead-up to OpUSA, the U.S. Department of Homeland Security appeared to expect similar low-level attacks aimed to publicize attackers' anti-U.S. grievances but that would cause little lasting damage. In a confidential DHS memo issued last week and obtained by security reporter Brian Krebs, DHS said the attacks "likely will result in limited disruptions and mostly consist of nuisance-level attacks against publicly accessible webpages and possibly data exploitation."

Not all hacktivist activity this week has been conducted under the OpUSA banner. The Syrian Electronic Army resurfaced Monday when it seized control of the Twitter feed for the satirical news outlet The Onion. The group posted fake news headlines relating to Israel's recent missile strikes against military targets in Syria. Another tweet suggested that the Israeli government was allied with Al Qaeda.

In the wake of the Twitter account takeover, The Onion responded in typical fashion: "Following today's incident in which the Syrian Electronic Army hacked into The Onion's Twitter account, sources ... confirmed that its Twitter password has been changed to OnionMan77 in order to prevent any future cyber-attacks." The story quoted "Onion IT specialist Nick Abersold" as saying that the new password would be "virtually impenetrable."

Satire aside, in the wake of the numerous news organizations' Twitter account takeovers by the Syrian Electronic Army, Twitter last week issued a memo last week warning media outlets to take appropriate security precautions, as it expected the account takeovers to continue.

Antivirus systems alone can't fight a growing category of malware whose strength lies in the fact that we have never seen it before. The How To Detect Zero-Day Malware And Limit Its Impact report examines the ways in which zero-day malware is being developed and spread, and the strategies and products enterprises can leverage to battle it. (Free registration required.)

About the Author(s)

Mathew J. Schwartz


Mathew Schwartz served as the InformationWeek information security reporter from 2010 until mid-2014.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights