Tag Archives: latest

May 7 2013 – OpUSA hacking spree kicks off early

Islamist element in attacks. A pro-Islamic, anti-American hacking campaign appears to have jumped the gun and started early with hundreds of sites being compromised today. Set to take place on May 7 this month – thought to be US time – and targeting government sites in the US, Israel and India, the campaign is called #OpUSA. It is coordinated mainly through Twitter and postings on sites like Pastebin, with an unknown amount of participants. However, lists of compromised sites are already apppearing, with a group called “X-Blackerz Inc” claiming to have hacked “100 US websites”, posting anti-American messages. iTnews loaded some of the sites listed which have India-related domain names, and found them defaced. Elswhere, a group calling itself Charaf Anons posted a list of 73 defaced sites on Pastebin. The website of the Honolulu, Hawaii Police Department was also claimed to be hacked, but as of writing, it is not defaced and operates normally. However, the hackers say they have captured databases that include the Honolulu Police Department staff logins and passwords. Another one was also posted with names and phone numbers that iTnews was able to verify as belonging to police officers in Honolulu. There is more to come: on May 7, the hackers are threatening to release a trove of “all governments emails of USA” [sic] captured by them. From the Anonghost Twitter account Security researcher Analysis Intelligence believes OpUSA features “self-proclaimed online freedom fighters” such as the Pakistani ZCompany Hacking Crew and Palestinians Izz ad-Din al-Qassam Cyber Fighters. These and other groups have hacked thousands of websites in the past, leaked credit card information for American and Israeli individuals and launched denial of service attacks against US banks, according to Analysis Intelligence. The motive for the OpUSA attacks are political, seeking revenge against drone attacks and military action in Iraq, Afghanistan, Gaza and Pakistan, the analysts believe. For DDoS protection click here . Source: http://www.itnews.com.au/News/342192,opusa-hacking-spree-kicks-off-early.aspx

See more here:
May 7 2013 – OpUSA hacking spree kicks off early

Government Takes Precautions Over Expected ‘OpUSA’ Cyber Attack

RHONDA SCHWARTZ, PIERRE THOMAS and LEE FERRAN report: The Department of Homeland Security and the FBI are cautioning American government and financial institutions that they could be targets of a wave of cyber attacks Tuesday from Anonymous-linked hacktivists in the Middle East and North Africa. “The attacks will likely result in limited disruptions and mostly consistent of nuisance-level attacks against publicly accessible web pages and possibly data exploitation,” says an unclassified memo from the Department of Homeland Security, first obtained by the cyber security blog KrebsOnSecurity.com. In another memo, this one from the FBI’s Cyber Division and obtained by ABC News, 140 banks are listed as potential targets for the potential cyber attack campaign known as “OpUSA.” Threats against the targets were originally made weeks ago and posted publicly online in a rambling missive that also denounced American “war crimes” in Iraq, Afghanistan and Pakistan. Both U.S. government and industry analyses of the OpUSA threats have connected them to OpIsrael, a widespread but reportedly largely ineffective cyber attack targeting Israeli government and private websites last November. As in that attack, OpUSA hackers are expected to use distributed denial of service (DDoS) attacks to flood target websites with illegitimate traffic, potentially knocking them offline, a Department of Homeland Security official said. One industry analysis says that due to the “hive mindset” of groups like Anonymous, the attack’s effectiveness could be contingent on its popularity and perceived success. “Similarly, if the central actors appear to be largely failing in their efforts, other Anonymous actors may decide not to join in this operation,” the analysis says. Cyber security expert Mikko Hypponen of F-Secure told ABC News he expects that “something’s going to happen,” but likely not more than some websites being defaced or briefly knocked offline by the DDoS attacks. If it proves correct, Hypponen’s prediction would be a far cry from OpUSA’s original promise to wipe the U.S. “off the cyber map.” For protection against your eCommerce site click here . Source: http://abcnews.go.com/blogs/headlines/2013/05/government-takes-precautions-over-expected-opusa-cyber-attack/

Continued here:
Government Takes Precautions Over Expected ‘OpUSA’ Cyber Attack

May 7th 2013 OpUSA: A Promise of Cyber Events to Come?

What will actually happen in (or to) cyberspace on May 7, 2013? That is the question that many are asking as they prepare for a promised attack from the hacktivist groups this coming week. According to an announcement in an April 24 Pastebin threat to US and Israeli Governments, “We gonna launch a big attack against The USA Network and we gonna make some Damages.” Some sources say that this is a serious threat, and government and banking enterprises need to be prepared. Govinfosecurity.com reported: “Security experts say that OperationUSA, a coordinated online attack against banking and government websites slated for May 7, is a serious threat. As a result, organizations should be upping their  distributed-denial-of-service attack  mitigation strategies to guard against the attacks, which are being coordinated by the hacktivist group Anonymous. Experts advise that call-center staff should be educated about DDoS attacks, in case customers call in about online outages or experience difficulty accessing accounts. And network and security teams should actively monitor Internet traffic on May 7 and take steps to block specific IP addresses.” A look at the Twitter-feed or OpUSA yields some interesting tweets, links to anti-USA videos and more.  Here is one of those tweets from Cisco Security ?@CiscoSecurity:  “Stay informed about the planned # OpUSA cyberattacks against government and banking infrastructure http://cs.co/9001Xc4N #security”   Is the OpUSA Threat Overblown? And yet, Krebs on Security reported that the threat may be “more bark than bite.” Brian Krebs writes: “A confidential alert, produced by DHS on May 1 and obtained by KrebsOnSecurity, predicts that the attacks ‘likely will result in limited disruptions and mostly consist of nuisance-level attacks against publicly accessible webpages and possibly data exploitation. Independent of the success of the attacks, the criminal hackers likely will leverage press coverage and social media to propagate an anti-US message….’ In an interview with Softpedia, representatives of Izz ad-Din al-Qassam said they do indeed plan to lend their firepower to the OpUSA attack campaign.” My Reaction So what is Michigan government doing? While I won’t list every step taken here, I can say that we are hoping for the best, while preparing for potential issues to occur. There are a variety of scenarios, but I believe that governments need to be prepared for Distributed Denial of Service (DDoS) attacks and possibly worse. In my opinion, this is now the new normal in cyber threats, and enterprises must be prepared. I tend to also agree with DHS and Krebs that this may not be as big an issue on Tuesday as some predict. Nevertheless, we must treat this in the way that police regularly investigate other types of serious security threats. Another observation is that this may become the “new normal” regarding cyber threats. Government enterprises need to have procedures in place to react to these cyber threats and potential attacks. There are services that can be purchased from your ISP to address DDoS, and there are also other security steps that enterprises can take regarding people, process and technology improvements. Michigan has experienced a DDoS attack before, and we will likely see similar cyber attacks again. One final thought. The bad guys use these type of announcements to test our cyber defenses. They see what we do to mitigate risks or raise the alert levels on Tuesday. This information could be used in the future for unannounced online attacks. For that reason, I suggest that cyber teams deploy only the defense tool needed, when they are needed. We need to have adaptive cyber defenses that are appropriate for the specific attack situation. Or more simply, don’t openly “show your hand” to the adversary. What are you doing to prepare for Tuesday? Do you think these cyber threat announcements are becoming the new normal around the world? For protection against your eCommerce site click here . Source: http://www.govtech.com/blogs/lohrmann-on-cybersecurity/OpUSA-A-Promise-of-050413.html

Read the original post:
May 7th 2013 OpUSA: A Promise of Cyber Events to Come?

May 7: Mark Your Calendar (or Not) for Credit Union DDoS Attacks

CUNA made headlines with its warning about a planned May 7th DDoS – Distributed Denial of Service – attack that, said the trade group, was sufficiently worrisome that credit unions had to take steps to be ready. CUNA attributed the source of word of the threat to “chatter” that has been detec What chatter? That turns out to be comments not from the al Qassam Cyber Fighters – the group that has claimed the prior DDoS attacks that have knocked big U.S. banks and several credit unions offline in the past year. Sources pointed instead to OpUSA, a shadowy hacktivist group that is affiliated with Anonymous. OpUSA has claimed al-Qassam will be involved in the May 7 attacks, but al Qassam – a group often said to be allied with the Iranian government – has been less committal in its remarks. As for what OpUSA has planned for May 7, the group has offered its commentary on Pastebin, the website of choice for DDoS-related announcements. (Warning: there is substantial off color language here,) Aside from anti-Israel and anti-Obama  commentary, there are no real details of what is planned for May 7. Anonymous, the supposed manpower behind OpUSA, is a group that has had successful takedowns of public websites – recently the Spanish parliament’s website became a victim.  It has documented computer skills at very high levels.  But the exact relationship between OpUSA and Anonymous is not presently known. So, what should a credit union do in the run up to May 7?  Experts consulted by Credit Union Times indicated that at this late date, not much could in fact be done to ward off an unknown attacker unleashing an unknown attack vector in a little over a week. Were budgets unlimited, much could be done, said the experts, but with a typical credit union’s constrained IT budget, many will decide their best course of action is to wait this one out and see exactly what damage transpires on May 7. In the vast majority of cases, DDoS also has not been associated with data breaches. It has been an outage, plain and simple, noted one expert who indicated it was not that different from going down in an electrical storm. “Many – most – will decide to take this route,” he said. For protection against your eCommerce site c lick here . Source: http://www.cutimes.com/2013/04/29/may-7-mark-your-calendar-or-not-for-credit-union-d?ref=hp

Link:
May 7: Mark Your Calendar (or Not) for Credit Union DDoS Attacks

May 7th 2013: Mark Your Calendar (or Not) for OpUSA DDoS Attacks

CUNA made headlines with its warning about a planned May 7th DDoS – Distributed Denial of Service – attack that, said the trade group, was sufficiently worrisome that credit unions had to take steps to be ready. CUNA attributed the source of word of the threat to “chatter” that has been detec What chatter? That turns out to be comments not from the al Qassam Cyber Fighters – the group that has claimed the prior DDoS attacks that have knocked big U.S. banks and several credit unions offline in the past year. Sources pointed instead to OpUSA, a shadowy hacktivist group that is affiliated with Anonymous. OpUSA has claimed al-Qassam will be involved in the May 7 attacks, but al Qassam – a group often said to be allied with the Iranian government – has been less committal in its remarks. As for what OpUSA has planned for May 7, the group has offered its commentary on Pastebin, the website of choice for DDoS-related announcements. (Warning: there is substantial off color language here,) Aside from anti-Israel and anti-Obama  commentary, there are no real details of what is planned for May 7. Anonymous, the supposed manpower behind OpUSA, is a group that has had successful takedowns of public websites – recently the Spanish parliament’s website became a victim.  It has documented computer skills at very high levels.  But the exact relationship between OpUSA and Anonymous is not presently known. So, what should a credit union do in the run up to May 7?  Experts consulted by Credit Union Times indicated that at this late date, not much could in fact be done to ward off an unknown attacker unleashing an unknown attack vector in a little over a week. Were budgets unlimited, much could be done, said the experts, but with a typical credit union’s constrained IT budget, many will decide their best course of action is to wait this one out and see exactly what damage transpires on May 7. In the vast majority of cases, DDoS also has not been associated with data breaches. It has been an outage, plain and simple, noted one expert who indicated it was not that different from going down in an electrical storm. “Many – most – will decide to take this route,” he said. For protection against your eCommerce site c lick here . Source: http://www.cutimes.com/2013/04/29/may-7-mark-your-calendar-or-not-for-credit-union-d?ref=hp

Continue Reading:
May 7th 2013: Mark Your Calendar (or Not) for OpUSA DDoS Attacks

Deconstructing hacktivist operations and tools

Imperva released its September Hacker Intelligence report, which details the latest methods deployed by hackers to execute DDoS attacks by analyzing the technical tools and trends employed during mult…

Read more here:
Deconstructing hacktivist operations and tools