Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Thursday, May 02, 2013

DHS: ‘OpUSA’ May Be More Bark Than Bite

Department of Homeland Security is warning that a group of mostly Middle East- and North Africa-based criminal hackers are preparing to launch a cyber attack campaign next week known as “OpUSA” against websites of high-profile US government agencies, financial institutions, and commercial entities. A confidential alert, produced by DHS on May 1 and obtained by KrebsOnSecurity, predicts that the attacks “likely will result in limited disruptions and mostly consist of nuisance-level attacks against publicly accessible webpages and possibly data exploitation.

The DHS alert is in response to chest-thumping declarations from anonymous hackers who have promised to team up and launch a volley of online attacks against a range of U.S. targets beginning May 7.

But Rodney Joffe, senior vice president at Sterling, Va. based security and intelligence firm Neustar, said all bets are off if the campaign is joined by the likes of the Izz ad-Din al-Qassam Cyber Fighters, a hacker group that has been disrupting consumer-facing Web sites for U.S. financial institutions since last fall.  Joffe said it’s easy to dismiss a hacker manifesto full of swear words and leetspeak as the ramblings of script kiddies and impressionable, wannabe hackers who are just begging for attention.  “The damage they’re capable of doing may be out of proportion with their skills, but that’s been going on for seven months and it’s been brutally damaging.”

What’s more, the DHS warning comes just days after the FBI issued a flash alert on Brobot (PDF) warning that hackers have been modifying the attack scripts to ensure they can evade their targets’ mitigation efforts. “Because the attacks have been ongoing for seven months, the actors are changing their attack methodology to circumvent mitigation efforts of the financial institutions,” reads an FBI alert obtained by “The latest version of the ‘Brobot’ attack scripts that have been utilized to attack the login capabilities of a financial institution’s website spoofs a fraudulent access cookie, user-agent string and referrer. The FBI alert notes that the hard-coded string does not affect the new attack script, but can be used as signatures for intrusion detection and intrusion prevention devices to detect and block attacks from the Brobot botnet.


Posted on 05/02