OpPetrol - It's Not About the Oil

I've posted a new Threat Watch bulletin for OpPetrol - a multi-target operation being run by Anonymous.

Updates to the bulletin can be read here.

Below is the bulletin posted in its entirety.

First Release: 19MAY2013
Updated: 19MAY2013
Subject: Anonymous "OpPetrol"

Target: United States, Canada, United Kingdom, Israel, Saudi Arabia (only Government), China, Italy, France, Germany, Kuwait (only government) and Qatar (only government)

Specific named targets:
Saudi Arabia government emails (Most likely Phishing - http://pastebin.com/0Yr6kyWA)

Additional high probability targets:

Date: June 20, 2013

Others Pending
Attack types:
Distributed Denial of Service Attacks (DDoS)
Website Defacement
Possible leak of sensitive information
Original announcement on Pastebin: http://pastebin.com/Xsewfqvr
Second announcement on Pastebin: http://pastebin.com/38kvvD1S

QuoteAs petrol is sold with the dollar currency of the U S we find this not acceptable when the oil should be sold at the country of Origin, making petrol a lot less then what you the citizens is paying for it.

Additional Analysis:
A look at the target list vs. top oil producers of the world (data from CIA World Factbook)
 Rank Target List Top Oil Producers Amount Produced (BBL/Day)
 1 No Russia 10,370,000
 2 Yes Saudi Arabia 10,000,000
 3 Yes United States 9,023,000
 4 No Iran 4,231,000
 5 Yes China 4,150,000
 6 Yes Canada 3,592,000
 7 No United Arab Emirates 3,087,000
 8 No Mexico 2,934,000
 9 No Iraq 2,900,000
 10 Yes Kuwait 2,682,000
 11 No Brazil 2,633,000
 12 No Nigeria 2,525,000
 13 No Venezuela 2,470,000
 14 No Norway 1,998,000
 15 No Algeria 1,885,000
 16 No Angolia 1,840,000
 17 No Kazakhstan 1,635,000
 18 Yes Qatar 1,631,000
 19 Yes United Kingdom 1,099,000
 ... ... ...
 43 Yes Germany 165,300
 50 Yes Italy 99,200
 60 Yes France 49,530
 101 Yes Israel 100
 102 No Jordan 20
 103 No Slovenia (Last Place) 5
Based upon the above target list, this attack has nothing to do with oil exports, especially since Israel only produces 100 BBL/Day and is third from the bottom.

Also of interesting note, the announcement speaks about Syria stealing your retirement and savings, but it was Cyprus, not Syria, that raided savings accounts when the country went bankrupt.

This operation appears to simply be an attempt at OpUSA and OpIsrael again, with a few extra countries thrown into the mix so that the operation can be declared a "success" even if only of the target countries is compromised.  This operation is simply a publicity stunt, and not by any means a meaningful attempt to change anything.

Recommendations: Standard recommendations apply
Note: Based upon the past failures of OpIsrael and OpUSA, do not expect a large turnout for this operation either.

Prior to June 20 - In order for multiple sites to be defaced at the same time, malware infection or compromise of credentials must occur ahead of time.  Change passwords, and perform full antivirus scans of systems.  Monitor firewall logs for suspicious activity involving external IP addresses.  Be vigilant, and warn employees of highly targeted phishing attacks.
On June 20 - Monitor network traffic, and coordinate with ISP should any signs of DDoS be seen.
After June 20 - Look for signs of compromise after DDoS attack.  A common technique now being employed by multiple organizations is to mask hacking attacks with DDoS attacks.

No comments:

Post a Comment