Anonymous #OpPetrol Most Epic #Fail Yet - Full Analysis Of Results

Looking at the "damage" (and I use that term very loosely) done as part of OpPetrol, Anonymous support by actual hackers is fading fast.

Let's take a look at the original target list of what was supposed to be attacked.

United States, Canada, United Kingdom, Israel, Saudi Arabia (only Government), China, Italy, France, Germany, Kuwait (only government) and Qatar (only government)

Hackers News Bulletin released a live list of all the damage done as part of OpPetrol, and it's a rather short list. Let's run through the list and look to see if Anonymous actually succeeded in their operation.

Better grab some popcorn, this is going to be quite entertaining.



First (and probably most notable) on the list is a Saudi Arabia government website: http://www.allaithged.gov.sa/doc/images/announce/

This appears to be a local government website in southwest Saudi Arabia. However, the main landing page itself was not defaced, but instead a "hidden" webpage was placed, most likely days in advance.  Trend Micro has a great writeup on how these "timed attacks" really aren't timed at all.

Anonymous essentially cheated with their attack on the Saudi government.

Next on the list is multiple Indonesia government websites. However, Indonesia wasn't on the original target list. The sites were probably attacked last minute in an effort to try to declare success.



Then there are 142 random websites which most people have never heard of. These range from a hotel in United Arab Emirates (country not on target list) to several home improvement websites in Denver, Colorado. In fact, the only oil related website I see on the list is RTLubricants.com, a Pakistan (country not on target list) automotive lubricant manufacturer.


Peoplesbankruptcy.com was indicated as a "special" hack, whatever that means.




A pastebin (http://pastebin.com/L9YPvFn5) was released with a list of email addresses and names associated with Aramco Oil Company. But Google searches show most of this information is available publicly, and was most likely obtained using Maltego. Also, examining the list further, Aramco sure does have a lot of people working for them born on January 1.


A pastebin (http://pastebin.com/qP00xctu) was released with usernames and passwords of Total oil company employees. This may actually be the only legitimate attack as part of OpPetrol, but was most likely done long before June 20.
UPDATE: I have been informed by an anonymous source that this data is fake, and that only two of the people on the list actually work for Total oil company. No real passwords are on the list.


Several posts on Facebook are mentioned, but these posts no longer exist, and can not be verified in authenticity.



Random email addresses of Saudi Arabia and Germany (https://privatepaste.com/d4db09dd6e) were dumped from a database somewhere, but no password info is included, and all the email addresses are free accounts such as Yahoo, Gmail, or Hotmail.

A possible cross site scripting exploit was released against Pennzoil.com, which really seems trivial since it wasn't exploited to actually deface the site, or leak any information.



And finally, "Tunisian_Hàckers Team and XhàckerTN claimed to hack USA Citizen Full Information". This "hack" is such an fail that it deserves its own EPIC FAIL icon.
First pastebin (http://pastebin.com/Cq0S95UN) no longer exists. It might have actually contained some real personal information.

The second pastebin (http://pastebin.com/EVZjKnjB) contains a list of random IP addresses.


The third pastebin (http://pastebin.com/c75gC2ia) contains even more nonsensical data - a list of user-agents (web browser versions), more IP addresses, and the reverse DNS entries for those IP addresses.
This pastebin is extremely impressive in that Anonymous has finally figure out how to read a web server log.

In conclusion, the above incompetency shows just how few technical minded members of Anonymous remain. Most of what's left are script kiddies who don't even understand how the Internet works, and think that posting IP addresses and browser versions is equivalent to having "dox" on everyone in the USA.

#OpFail

No comments:

Post a Comment