AnonGhost – A hacking group affiliated with Anonymous announced a new cyber-attack campaign against US websites named #OPUSA, scheduled for May 7th, 2013.

The planned attack follows a similar attack campaign organized by AnonGhost that took place exactly one month earlier – on Apr 7th, 2013 and was launched against Israeli web sites (aka OPISRAEL).

Similar to OPISRAEL, several cyber hacking groups, including Anonymous, have announced their participation in the upcoming attack. One noticeable group, although not yet confirmed, is Izz ad-Din al-Qassam cyber fighters, which is considered to be responsible for the recent attacks on American banks and financial institutions.

Dozens of U.S based sites have been already defaced, mainly to validate the threats made so far. As in past campaigns, it is expected the initial attacks will involve web site defacement of poorly protected sites. Once the campaign gains publicity and enrolls additional attackers, we can expect coordinated DDoS attacks to start taking place. The various groups participating in #OPUSA have published the attack targets, tools and techniques on several sites. The following is a summary of the information gathered from these sites.

Attack Tools

Though larger lists of attack tools were published, we expect these attack tools to be the most frequently used in OPUSA:

Attack Vectors

The DDoS attack vectors most expected from the attacks tools include:

  • SYN Floods
  • Out-Of-State floods
  • Empty Connection Floods
  • UDP Floods
  • HTTP GET Floods
  • Slow POST Floods
  • Slow GET Floods
  • ICMP floods
  • DNS Query floods
  • Reflected DNS floods

Attack Targets

US government sites are the main target of the OPUSA attack:

  • www.defense.gov
  • pentagontours.osd.mil
  • www.pentagonchannel.mil
  • www.archives.gov
  • www.whs.mil
  • www.nsa.gov
  • nsa.nato.int
  • www.fbi.gov
  • www.whitehouse.gov

Secondary attack targets include a long list of US (and US located) financial web sites.