I've posted a new Threat Watch bulletin for OpPetrol - a multi-target operation being run by Anonymous.
Updates to the bulletin can be read
here.
Below is the bulletin posted in its entirety.
INTEL BRIEF
First Release: 19MAY2013
Updated: 19MAY2013
Subject: Anonymous "OpPetrol"
Target: United States, Canada, United Kingdom, Israel, Saudi Arabia (only Government), China, Italy, France, Germany, Kuwait (only government) and Qatar (only government)
Specific named targets:
Additional high probability targets:
Pending
Date: June 20, 2013
Attackers:
AnonGhost
Others Pending
Attack types:
Distributed Denial of Service Attacks (DDoS)
Website Defacement
Possible leak of sensitive information
Details:
Quote: “As petrol is sold with the dollar currency of the U S we find this not acceptable when the oil should be sold at the country of Origin, making petrol a lot less then what you the citizens is paying for it.”
Additional Analysis:
A look at the target list vs. top oil producers of the world (data from CIA World Factbook)
Rank | Target List | Top Oil Producers | Amount Produced (BBL/Day) |
1 | No | Russia | 10,370,000 |
2 | Yes | Saudi Arabia | 10,000,000 |
3 | Yes | United States | 9,023,000 |
4 | No | Iran | 4,231,000 |
5 | Yes | China | 4,150,000 |
6 | Yes | Canada | 3,592,000 |
7 | No | United Arab Emirates | 3,087,000 |
8 | No | Mexico | 2,934,000 |
9 | No | Iraq | 2,900,000 |
10 | Yes | Kuwait | 2,682,000 |
11 | No | Brazil | 2,633,000 |
12 | No | Nigeria | 2,525,000 |
13 | No | Venezuela | 2,470,000 |
14 | No | Norway | 1,998,000 |
15 | No | Algeria | 1,885,000 |
16 | No | Angolia | 1,840,000 |
17 | No | Kazakhstan | 1,635,000 |
18 | Yes | Qatar | 1,631,000 |
19 | Yes | United Kingdom | 1,099,000 |
| ... | ... | ... |
43 | Yes | Germany | 165,300 |
50 | Yes | Italy | 99,200 |
60 | Yes | France | 49,530 |
101 | Yes | Israel | 100 |
102 | No | Jordan | 20 |
103 | No | Slovenia (Last Place) | 5 |
Based upon the above target list, this attack has nothing to do with oil exports, especially since Israel only produces 100 BBL/Day and is third from the bottom.
Also of interesting note, the announcement speaks about Syria stealing your retirement and savings, but it was Cyprus, not Syria, that raided savings accounts when the country went bankrupt.
This operation appears to simply be an attempt at OpUSA and OpIsrael again, with a few extra countries thrown into the mix so that the operation can be declared a "success" even if only of the target countries is compromised. This operation is simply a publicity stunt, and not by any means a meaningful attempt to change anything.
Recommendations: Standard recommendations apply
Note: Based upon the past failures of OpIsrael and OpUSA, do not expect a large turnout for this operation either.
Prior to June 20 - In order for multiple sites to be defaced at the same time, malware infection or compromise of credentials must occur ahead of time. Change passwords, and perform full antivirus scans of systems. Monitor firewall logs for suspicious activity involving external IP addresses. Be vigilant, and warn employees of highly targeted phishing attacks.
On June 20 - Monitor network traffic, and coordinate with ISP should any signs of DDoS be seen.
After June 20 - Look for signs of compromise after DDoS attack. A common technique now being employed by multiple organizations is to mask hacking attacks with DDoS attacks.