Security experts say that OperationUSA, a coordinated online attack against banking and government websites slated for May 7, is a serious threat. As a result, organizations should be upping their distributed-denial-of-service attack mitigation strategies to guard against the attacks, which are being coordinated by the hacktivist group Anonymous.
Experts advise that call-center staff should be educated about DDoS attacks, in case customers call in about online outages or experience difficulty accessing accounts. And network and security teams should actively monitor Internet traffic on May 7 and take steps to block specific IP addresses.
Anonymous has said the attacks are being waged because of perceived social and political injustices. In an April 21 Pastebin post, it states: “Anonymous will make sure that this May 7th will be a day to remember. On that day Anonymous will start phase one of operation USA. America, you have committed multiple war crimes in Iraq, Afghanistan, Pakistan, and recently you have committed war crimes in your own country.”
The group goes on to say U.S. financial institutions will be targeted for attack. “Do not take this as a warning,” the post states. “You cannot stop the Internet hate machine from doxes, DNS attacks, defaces, redirects, DDoS attacks, database leaks and admin takeovers.”
The White House website and eight other federal government sites, plus those of 133 U.S. banking institutions, are listed as targets in an April 24 Anonymous Pastebin post.
Anonymous says it simply plans to take these sites offline: “We will now wipe you off the cyber map.”
Experts say the threat is serious and few of the targeted organizations, other than the top 50 U.S. banking institutions, have made significant investments to withstand the attacks.
And while coordinated DDoS attacks waged by Anonymous last month against organizations in Israel had little impact, experts say similar attacks could be devastating in the United States. That’s because the U.S. Internet infrastructure is much more dynamic. In Israel, the Internet pipeline is much easier to close off and contain, making it easier to block bad traffic, says Marc Gaffan, co-founder of online security provider Incapsula.
During OperationIsrael, the attackers failed to take over enough servers within that nation to effectively launch the attacks, he adds. But the attackers have learned from their mistakes and have likely taken over more U.S.-based web servers and improved the coordination of their attack, says Ronen Kenig, an Israel-based researcher for DDoS-mitigation provider Radware.
“What we know from some of the information that has been shared in forums and other communication channels is that this is going to be very similar to what we saw in OperationIsrael,” he says. “The same groups are involved.”