Experts hope for another failure in next Anonymous attack

Twist in the planned U.S. attack is to target small banks, which are unlikely to have the same level of sophistication in their defenses

By Antone Gonsalves

May 03, 2013CSO — Anonymous' failed attack against Israeli websites last month has left security experts cautiously optimistic that the hacktivist group will be unsuccessful in its plans to disrupt U.S. government and banking sites.

Anonymous plans to launch distributed denial of service (DDoS) attacks on May 7 against nine government sites and more than 130 financial institutions, ranging from the nation's largest to the community banks, according to a Pastebin post. The motive is outrage over what the group calls America's "war crimes."

"America you have committed multiple war crimes in Iraq, Afghanistan, Pakistan, and recently you have committed war crimes in your own country. ...Now it is our time for our Lulz (fun)," the group said on another Pastebin post

DDoS attacks have become a continuous occurrence for financial and government organizations. () For example, an Islamic group that calls itself the Izz ad-Din al-Qassam Cyber Fighters has launched several waves of attacks against U.S. banks starting last September. (http://www.csoonline.com/article/732341/islamic-group-expands-targets-in-bank-ddos-attacks) In the latest assault, which began Feb. 25 and is ongoing, the group targeted financial brokerages, apparently hoping they would be less prepared than the banks. U.S. government officials believe Iran is behind the attacks.

Because of al-Qassam, security experts believe the largest banks are well prepared for Anonymous, if its so-called "OpIsrael" is any indication. Where al-Qassam has used the traffic-generating muscle of a server botnet to try to overwhelm banking sites, Anonymous had no botnet in attacking Israeli sites, none of which suffered any major disruption

[Also see: The DDoS survival guide, 2013 edition]

"The objective of OpIsrael was to take the country off the Internet and there was nothing close to it," said Ronen Kenig, director of security product marketing at Radware.

While Anonymous has not described its attack methods or tools for what it calls OpUSA, Radware assumes they will be similar to ones used in OpIsrael. In that assault, Anonymous used common DDoS tools such as Mobile LOIC, LOIC and HOIC in an attempt to saturate a target's bandwidth. The attackers also tried to consume Web server resources by using tools such as Slowloris, Pyloris and R.U.D.Y. to push traffic over HTTP and HTTPS protocols.

A twist in the planned U.S. attack is to also target small banks, which are unlikely to have the same level of sophistication in their defenses as the nation's largest financial institutions. Big banks often have dedicated staff, a lot more bandwidth and the technology for DDoS detection and mitigation.

"The smaller institutions certainly have less resources at their disposal and they have had a harder time defending against these attacks," Gary Sockrider, solutions architect for Arbor Networks, said.

Whether the next Anonymous attacks are successful, DDoS attacks as a whole are becoming more worrisome, said Avivah Litan, an analyst for Gartner. That is because the attackers are gradually building larger botnets with massive firepower and developing better tools to attack the application layer of sites, which are more vulnerable and do not require a huge amount of traffic.

With each attack, groups like Anonymous also gain knowledge for how to make the next assault more effective. "The whole situation is not very comfortable because there's not a good solution," Litan said.

Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.

Our Commenting Policies