Anonymous OpUSA Hackathon: Mostly Bluster

  /     /     /  
Publicated : 22/11/2024   Category : security


Anonymous OpUSA Hackathon: Mostly Bluster


DHS predicts Tuesdays hackathon will involve little more than nuisance exploits. Meanwhile, Syrian Electronic Army hacks Twitter feeds of satire site The Onion.



Anonymous: 10 Things We Have Learned In 2013 (click image for larger view and for slideshow)
Will the Anonymous-lead Operation USA (#OpUSA) scheduled for Tuesday disrupt leading U.S. government and banking websites?
An
#OpUSA target list posted to Pastebin
two weeks ago named nine government websites -- the White House and Department of Defenses public-facing websites among them -- and 133 banks and credit unions as primary targets. We will now wipe you off the cyber map, read the Pastebin post, signed by N4M3LE55 CR3W. Do not take this as a warning. You can not stop the internet hate machine from doxes, DNS attacks, defaces, redirects, ddos attacks, database leaks, and admin take overs.
In a show of solidarity, the distributed-denial-of-service bank-attack outfit known as al-Qassam Cyber Fighters, which as part of Operation Ababil has been
successfully disrupting financial websites
for months, Monday
promised to take the week off
. Due to the simultaneity of OpUSA with Operation Ababil, and to abstain from ambiguity in the intentions of our operation, this week we will not run any attack, read a statement posted to the groups Pastebin.
By Tuesday afternoon, however, despite a
plethora of hacked-site reports
, the OpUSA attacks appeared to be targeting low-level -- and possibly random -- sites in the United States and abroad, arguably causing little damage.
[ Could fake passwords help keep your database secure? Read
Sweet Password Security Strategy: Honeywords
. ]
The Tunisian Hackers Team, for example, claimed to have dumped a SQL database for the
Blood Bank of America
that appeared to contain about 3,000 usernames and hashed passwords. Among other attacks, AnonGhost members BilalSbXtra & Dr.SaMiM_008 posted what they said were 10,000 credit card numbers, including expiration dates and security codes, as well as account holders names and addresses -- that were apparently stolen from an online store. Some of the published information also included social security numbers, bank account routing numbers and answers to secret questions. The group also claimed to have hacked 29 Israeli websites.
Meanwhile, Mauritania Attacker Tuesday claimed to be preparing to release all governments emails of USA. It
published a teaser
showing some doxed addresses -- which included both microsoft.com and cia.gov addresses, as well as numerous accounts with service providers -- but with obscured passwords.
Hacking groups or collectives claiming to participate in OpUSA include Anonymous and affiliates
AntiSec
and
LulzSec Reborn
. Other groups that have pledged their assistance include Ajax Team, Mauritania Attacker, Muslim Liberation Army, Redhat, Team Poison Reborn and ZHC.
Not all OpUSA-related attacks began Tuesday. Hacking group
X-Blackerz Inc claimed
Monday to have released 23 emails and passwords for Honolulu Police Department staff. Meanwhile, AnonGhost Team got an early start Saturday,
claiming via Pastebin
that it had defaced about 900 pages, which included multiple Web pages in the domain of
Hack-DB
, which tracks hacktivism and cybercrime. A message posted to defaced sites read we are everywhere and left a scrolling list of the groups official members.
Many of the groups that pledged to take part in the one-day hackathon had previously joined forces for the ongoing
Operation Israel (#OpIsrael) campaign
, which last month promised to erase Israel from the Internet. We promised to take Israel off the cyber map. We succeeded, read a recent OpUSA target list post. OpIsrael attackers last month claimed to have disrupted 100,000 Israeli websites and caused $3 billion in damage. But
Israeli officials disputed hacktivists claims
, saying while there had been a lot of bluster there was little real damage, and that the countrys critical infrastructure remained unaffected.
Likewise, in the lead-up to OpUSA, the U.S. Department of Homeland Security appeared to expect similar low-level attacks aimed to publicize attackers anti-U.S. grievances but that would cause little lasting damage. In a confidential DHS memo issued last week and
obtained by security reporter Brian Krebs
, DHS said the attacks likely will result in limited disruptions and mostly consist of nuisance-level attacks against publicly accessible webpages and possibly data exploitation.
Not all hacktivist activity this week has been conducted under the OpUSA banner. The
Syrian Electronic Army
resurfaced Monday when it
seized control of the Twitter feed for the satirical news outlet
The Onion
. The group posted fake news headlines relating to Israels recent missile strikes against military targets in Syria. Another tweet suggested that the Israeli government was allied with Al Qaeda.
In the wake of the Twitter account takeover,
The Onion

responded in typical fashion
: Following todays incident in which the Syrian Electronic Army hacked into The Onions Twitter account, sources ... confirmed that its Twitter password has been changed to OnionMan77 in order to prevent any future cyber-attacks. The story quoted Onion IT specialist Nick Abersold as saying that the new password would be virtually impenetrable.
Satire aside, in the wake of the
numerous news organizations Twitter account takeovers
by the Syrian Electronic Army, Twitter last week issued a memo last week
warning media outlets
to take appropriate security precautions, as it expected the account takeovers to continue.
Antivirus systems alone cant fight a growing category of malware whose strength lies in the fact that we have never seen it before. The
How To Detect Zero-Day Malware And Limit Its Impact
report examines the ways in which zero-day malware is being developed and spread, and the strategies and products enterprises can leverage to battle it. (Free registration required.)

Last News

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Anonymous OpUSA Hackathon: Mostly Bluster