Updates to the bulletin can be read here.
Below is the bulletin posted in its entirety.
First Release: 19MAY2013
Subject: Anonymous "OpPetrol"
Target: United States, Canada, United Kingdom, Israel, Saudi Arabia (only Government), China, Italy, France, Germany, Kuwait (only government) and Qatar (only government)
Specific named targets:
Saudi Arabia government emails (Most likely Phishing - http://pastebin.com/0Yr6kyWA)
Additional high probability targets:
Date: June 20, 2013
Distributed Denial of Service Attacks (DDoS)
Possible leak of sensitive information
Original announcement on Pastebin: http://pastebin.com/Xsewfqvr
Second announcement on Pastebin: http://pastebin.com/38kvvD1S
Quote: “As petrol is sold with the dollar currency of the U S we find this not acceptable when the oil should be sold at the country of Origin, making petrol a lot less then what you the citizens is paying for it.”
A look at the target list vs. top oil producers of the world (data from CIA World Factbook)
|Rank||Target List||Top Oil Producers||Amount Produced (BBL/Day)|
|7||No||United Arab Emirates||3,087,000|
|103||No||Slovenia (Last Place)||5|
Based upon the above target list, this attack has nothing to do with oil exports, especially since Israel only produces 100 BBL/Day and is third from the bottom.
Also of interesting note, the announcement speaks about Syria stealing your retirement and savings, but it was Cyprus, not Syria, that raided savings accounts when the country went bankrupt.
This operation appears to simply be an attempt at OpUSA and OpIsrael again, with a few extra countries thrown into the mix so that the operation can be declared a "success" even if only of the target countries is compromised. This operation is simply a publicity stunt, and not by any means a meaningful attempt to change anything.
Recommendations: Standard recommendations apply
Note: Based upon the past failures of OpIsrael and OpUSA, do not expect a large turnout for this operation either.
Prior to June 20 - In order for multiple sites to be defaced at the same time, malware infection or compromise of credentials must occur ahead of time. Change passwords, and perform full antivirus scans of systems. Monitor firewall logs for suspicious activity involving external IP addresses. Be vigilant, and warn employees of highly targeted phishing attacks.
On June 20 - Monitor network traffic, and coordinate with ISP should any signs of DDoS be seen.
After June 20 - Look for signs of compromise after DDoS attack. A common technique now being employed by multiple organizations is to mask hacking attacks with DDoS attacks.
Recorded Future Analysis: https://www.recordedfuture.com/live/sc/1L4n2d6OXDi8