US government sites brace for 'nuisance-level' OpUSA hacking spree
Though it remains to be seen to what degree the
Anonymous-affiliated “N4m3le55 cr3w“ group will be able to mount a
widespread threat to American websites, a DHS alert obtained by
prominent online security reporter Brian Krebs suggests that the
government is taking the threat seriously.
Already the #OpUSA campaign seems to have caused some activity on Monday, though the main event is scheduled for Tuesday May 7. Claims by a group calling itself “X-Blackerz Inc” claimed to have penetrated “100 US websites” while an anonymous user via Pastebin appeared to have posted a database of logins and passwords belonging to the Honolulu Police Department.
According to Analysis Intelligence, #OpUSA is comprised of “self-proclaimed online freedom fighters” such as a collective calling itself the “ZCompany Hacking Crew.” In his own analysis, Krebs, the tech security reporter, posited that, should the May 7 action include the participation of Hamas' Izz ad-Din al-Qassam Cyber Fighters (which claims ties with Palestinian political party Hamas) then the disruption could be far more serious.
Rodney Joffe, a senior vice president with the US security and intelligence firm Neustar believes that “all bets are off” if the Qassam Cyber Fighters join the fray, Krebs reported. The group has been held responsible for a series of high-profile breaches of US financial institutions in response to the notorious Innocence of Muslims film promoted by Koran-burning American pastor Terry Jones.
Though there is widespread speculation as to the exact origins
of the Qassam Cyber Fighters, since December of 2012 the group has
successfully disrupted the websites of JP Morgan Chase, Wells
Fargo, Bank of America and the New York Stock Exchange.
“I think we learned our lesson
with the al-Qassam Cyber Fighters,” Joffe told Krebs via his
news blog, KrebsOnSecurity. “The
damage they’re capable of doing may be out of proportion with their
skills, but that’s been going on for seven months and it’s been
brutally damaging,” he added.
An expansive declaration posted by the N4m3le55 cr3w threatens
US websites with denial-of-service attacks, as well as defacement
in retaliation to its military operations abroad.
“On that day anonymous will
start phase one of operation USA. America you have committed
multiple war crimes in Iraq, Afghanistan, Pakistan, and recently
you have committed war crimes in your own country. We will now wipe
you off the cyber map. Do not take this as a warning. You can not
stop the internet hate machine from doxes, DNS attacks, defaces,
redirects, ddos attacks, database leaks, and admin take
A range of links appended to the #OpUSA notice send Internet users out to online tools that participants can use to try and overwhelm websites with web traffic, though analysts generally agree that only the use of a large “botnet” - or rather, an involuntary network of “zombie” computers - and other tools in use by groups such as the Qassam could present a real threat.
In its notice, the DHS acknowledges the May 7 campaign but
downplays the danger as largely a publicity stunt, noting that the
attacks “likely will result in
limited disruptions and mostly consist of nuisance-level attacks
against publicly accessible webpages and possibly data
exploitation. Independent of the success of the attacks, the
criminal hackers likely will leverage press coverage and social
media to propagate an anti-US message.”
The choice of the May 7 date seems to be deliberate, as it will be one month to the day since another large hacktivist operation known as #OpIsrael. That campaign involved hacktivist groups such as AnonGhost Team and TheHackersArmy, and targeted the Israeli online government domain.
The director of a Tel-Aviv-based network security firm, Ronen Kening, told KrebsOnSecurity that the #OpIsrael campaign, which resulted in several database breaches, failed due to the campaign’s inability to recruit and deploy more powerful disruption tools.
“There were some Web site defacements, but OpIsrael was not
successful from the attackers' point-of-view,” said Kenig.
“The main reason was the fact
that the groups that initiated the attack were not able to recruit
a massive botnet. Lacking that, they depended on human supporters,
and those attacks from individuals were not very