Anonymous, the international collective of hackers and activists, has continued its online cyberattack on Turkey’s Internet infrastructure that began over the weekend. In response to a violent police crackdown of protesters and censoring communications, Anonymous launched #OpTurkey and have now hacked over 100 Turkish websites, including several belonging to the Turkish government.

“We will attack every Internet and communications asset of the Turkish government,” Anonymous threatened in a YouTube video posted Sunday. “You have censored social media and other communications of your people in order to suppress the knowledge of your crimes against them. Now Anonymous will shut you down, and your own people will remove you from power.”

Anonymous used distributed denial of service, or DDoS, hacks to overload servers and knock target websites offline. In addition to websites belonging to the Turkish government, political parties and police department, Anonymous hacked websites belonging to media outlets that support Prime Minister Tayyip Erdogan. One example was the private news broadcaster NTV, which was criticized for not reporting on the police brutality.


Other Turkish websites were hacked and defaced to include images supporting the protesters in Turkey. Several Tunisian hackers got involved with #OpTurkey and claim to have hacked more than 145 Turkish websites.

The Turkey protests began as a peaceful demonstration against plans to build over Gezi Park in Taksim Square. The protest changed to a call for Erdogan to resign and police responded with tear gas and pepper spray. Several international human rights groups have condemned the police action in Turkey as excessive use of force.

Turkish protesters have said that the government has shut down Internet connections and censored social media websites in an attempt to hide the police brutality. While these reports haven’t been confirmed, Erdogan has expressed distaste for social media, calling it “menace.” To combat, Anonymous has shared how to use encryption software to evade government censors and have tweeted passwords to free virtual private networks.

Earlier this year, Anonymous launched cyberattacks against North Korea and Israel and hacked several government websites. Last week, Anonymous joined a protest in solidarity with the hunger strike in Guantanamo Bay, effectively making the protest the No. 1 topic on Twitter.


The New York Times Company was a victim of online attacks earlier this week that slowed down The New York Times Web site and limited access to articles and other types of content.

According to Danielle Rhoades Ha, a company spokeswoman, the Web site became unavailable to “a small number of users” after a denial-of-service attack, a tactic used by hackers to slow or halt Web traffic by bombarding a host site with requests for information. She added that the company did not “have confirmation on who is responsible for the most recent attacks on”

The announcement follows attacks that were made on The Times’s site late last year. In January, the newspaper announced that its computer systems had been infiltrated by Chinese hackers who found passwords for reporters and other employees. The attacks took place as The Times investigated the relatives of Wen Jiabao, China’s prime minister, and how they had built up a multibillion-dollar fortune during his political tenure. David Barboza, the author of the article, won a Pulitzer Prize.

Attacks on media organizations are not unique to The Times. Shortly after the January announcement by The Times, officials at The Wall Street Journal and The Washington Post also reported that their Web sites had been attacked by Chinese hackers. On Friday, the Syrian Electronic Army said it had hacked the Web site and several Twitter accounts that belonged to The Financial Times. In the past, it has attacked other media companies, including The Associated Press and The Onion.


A former cloud-networking executive’s advice is for the telecom industry to get going with software-defined networking (SDN) and to do something bigabout distributed denial-of-service (DDoS) attacks.

They aren’t directly related issues, but they were both on the mind of Dennis Brouwer, the afternoon keynoter at POTE on Tuesday. Brouwer recently started his own consulting firm, The Brouwer Group, but he previously launched the Converged Cloud strategy at Savvis and stuck around as a senior vice president after Savvis was acquired by CenturyLink Inc.

On the subject of SDN, Brouwer is a true believer in open-source and thinks carriers will have to embrace it to make sure “that the capabilities that service providers want to fold into their infrastructures become viable.”

The OpenDaylight Foundation is making a run at that, building an open-source SDN framework. Brouwer didn’t directly refer to the number of large vendors involved in OpenDaylight, but he did note that a dynamic SDN ecosystem “can’t be just the usual big providers.”

Some carrier has to come out and champion SDN as well, in a way much bigger than what’s been done so far, he said. Someone has to take the lead by showing what’s possible. It would have to be a carrier with a wide reach, one that owns not just a network but data centers, and maybe mobile networks and some content as well.

Candidates would include the big U.S. carriers now that they’ve acquired cloud operations — Brouwer mentioned Verizon Communications Inc. with its Terramark acquisition, as well as his old CenturyLink home and AT&T Inc., which he noted has done work internally. A sleeper possibility would be Comcast Corp..

Regarding DDoS, Brouwer talked about the attacks becoming more vicious — arriving at speeds that can exceed 60Gbit/s — and harder to trace, since the attack can now come from “everywhere.” Once considered a nuisance, DDoS attacks have become serious, looming threats.

“As you talk with the companies that are being targeted by these attacks, they’re saying, to use the old Jaws analogy, ‘We’re looking for a bigger boat,'” he said.

Companies have dealt with DDoS on their own, but the potential for a national emergency means some kind of federally coordinated response is necessary, Brouwer said. He didn’t say federally mandated. His point was that the companies facing this threat — banks in particular — need to pool and organize their efforts, and find a way to join forces if necessary. Any number of government agencies would be appropriate for that job, Brouwer said.
For protection against your eCommerce site click here.


Will the Anonymous-lead Operation USA (#OpUSA) scheduled for Tuesday disrupt leading U.S. government and banking websites?

An “#OpUSA target list” posted to Pastebin two weeks ago named nine government websites — the White House and Department of Defense’s public-facing websites among them — and 133 banks and credit unions as primary targets. “We will now wipe you off the cyber map,” read the Pastebin post, signed by N4M3LE55 CR3W. “Do not take this as a warning. You can not stop the internet hate machine from doxes, DNS attacks, defaces, redirects, ddos attacks, database leaks, and admin take overs.”

In a show of solidarity, the distributed-denial-of-service bank-attack outfit known as al-Qassam Cyber Fighters, which as part of Operation Ababil has been successfully disrupting financial websites for months, Monday promised to take the week off. “Due to the simultaneity of OpUSA with Operation Ababil, and to abstain from ambiguity in the intentions of our operation, this week we will not run any attack,” read a statement posted to the group’s Pastebin.

By Tuesday afternoon, however, despite a plethora of hacked-site reports, the OpUSA attacks appeared to be targeting low-level — and possibly random — sites in the United States and abroad, arguably causing little damage.

The Tunisian Hackers Team, for example, claimed to have dumped a SQL database for the Blood Bank of America that appeared to contain about 3,000 usernames and hashed passwords. Among other attacks, AnonGhost members BilalSbXtra & Dr.SaMiM_008 posted what they said were 10,000 credit card numbers, including expiration dates and security codes, as well as account holders’ names and addresses — that were apparently stolen from an online store. Some of the published information also included social security numbers, bank account routing numbers and answers to secret questions. The group also claimed to have hacked 29 Israeli websites.

Meanwhile, Mauritania Attacker Tuesday claimed to be preparing to release “all governments emails of USA.” It published a teaser showing some doxed addresses — which included both and addresses, as well as numerous accounts with service providers — but with obscured passwords.

Hacking groups or collectives claiming to participate in OpUSA include Anonymous and affiliates AntiSec and LulzSec Reborn. Other groups that have pledged their assistance include Ajax Team, Mauritania Attacker, Muslim Liberation Army, Redhat, Team Poison Reborn and ZHC.

Not all OpUSA-related attacks began Tuesday. Hacking group X-Blackerz Inc claimed Monday to have released 23 emails and passwords for Honolulu Police Department staff. Meanwhile, AnonGhost Team got an early start Saturday, claiming via Pastebin that it had defaced about 900 pages, which included multiple Web pages in the domain of Hack-DB, which tracks hacktivism and cybercrime. A message posted to defaced sites read “we are everywhere” and left a scrolling list of the group’s official members.

Many of the groups that pledged to take part in the one-day hackathon had previously joined forces for the ongoing Operation Israel (#OpIsrael) campaign, which last month promised to “erase” Israel from the Internet. “We promised to take Israel off the cyber map. We succeeded,” read a recent OpUSA target list post. OpIsrael attackers last month claimed to have disrupted 100,000 Israeli websites and caused $3 billion in damage. But Israeli officials disputed hacktivists’ claims, saying while there had been a lot of bluster there was little “real damage,” and that the country’s critical infrastructure remained unaffected.

Likewise, in the lead-up to OpUSA, the U.S. Department of Homeland Security appeared to expect similar low-level attacks aimed to publicize attackers’ anti-U.S. grievances but that would cause little lasting damage. In a confidential DHS memo issued last week and obtained by security reporter Brian Krebs, DHS said the attacks “likely will result in limited disruptions and mostly consist of nuisance-level attacks against publicly accessible webpages and possibly data exploitation.”

Not all hacktivist activity this week has been conducted under the OpUSA banner. The Syrian Electronic Army resurfaced Monday when it seized control of the Twitter feed for the satirical news outlet The Onion. The group posted fake news headlines relating to Israel’s recent missile strikes against military targets in Syria. Another tweet suggested that the Israeli government was allied with Al Qaeda.

In the wake of the Twitter account takeover, The Onion responded in typical fashion: “Following today’s incident in which the Syrian Electronic Army hacked into The Onion’s Twitter account, sources … confirmed that its Twitter password has been changed to OnionMan77 in order to prevent any future cyber-attacks.” The story quoted “Onion IT specialist Nick Abersold” as saying that the new password would be “virtually impenetrable.”

Satire aside, in the wake of the numerous news organizations’ Twitter account takeovers by the Syrian Electronic Army, Twitter last week issued a memo last week warning media outlets to take appropriate security precautions, as it expected the account takeovers to continue.

For protection against your eCommerce site click here.


The Department of Homeland Security characterizes as a nuisance the threatened May 7 Operation USA attack against U.S. federal government and banking websites, contending some of the participants possess only rudimentary hacking skills.

Still, if the attack is perceived as a success in the hacking community, more nefarious actors could try more vicious disruptions against U.S. sites, DHS says in an alert.

The hacktivist group Anonymous, in a posting on the website Pastebin, says OpUSA will target nine U.S. federal government websites, including the White House and Defense Department, as well as 133 financial institutions on May 7

A government official says DHS is fully aware of this threat and is working with federal and private-sector partners to put in place mitigation strategies. Homeland Security, in the alert, says it expects the hacktivists to attempt distributed-denial-of-service attacks that could temporarily halt or slow down website traffic. The alert also notes the hacktivists could attempt homepage defacement and data leaks.

According to the DHS alert, first reported by IT security blogger Brian Krebs and confirmed by a DHS official, the attacks likely would result in limited disruptions and mostly consist of nuisance-level attacks against public accessible webpages and possibly data exploitation.

A Nuisance with a Caveat

Former CIA Chief Information Security Officer Robert Bigman says that DDoS attacks are largely a nuisance, but adds a caveat: “If the DDoS attacks continue and veterans can’t file claims and travelers can’t get passports, then the public will motivate Congress to address the problem. Short of that, things will not change.”

Another IT security expert, though, contends attacks such as those threatened by Anonymous could prove more damaging. “Some DDoS attacks are only a nuisance, but, as we’ve seen in the DDoS attacks on banks, these kinds of attacks are often just a smokescreen to distract from real damage elsewhere,” says Dwayne Melancon, chief technology officer at IT security provider Tripwire. “Writing off DDoS attacks as merely a nuisance is irresponsible, without data to substantiate that disposition.”

DDoS attacks, indeed, have taken a toll on American banks. Since last September, the FBI counts more than 200 separate DDoS attacks on at least 46 financial institutions [see FBI: DDoS Botnet Has Been Modified].

Bigman, who retired last year from the CIA after 30 years, says federal agencies that deem their public-facing websites as mission-critical should be better prepared to defend their sites against the attacks. “The ones who use the website largely as an information serving platform – most of the intelligence community – are, ironically, less well protected,” he says.

Assessing Hackers’ Skills

The alert, prepared by Cyber Intelligence Analysis Division within DHS’s Office of Intelligence and Analysis, says the actors behind OpUSA most likely will rely on commercial tools to exploit known vulnerabilities rather than develop their own tools and exploits.

“This suggests some of the participants possess only rudimentary hacking skills capable of causing only temporary disruptions of targeted websites,” the alert says. “Nevertheless, OpUSA participants likely will exaggerate the scope and impact of their attacks as a way to attract attention and draw more capable criminal hackers to future hacking efforts.”

Tripwire’s Melancon cautions against underestimating the sophistication of the expected May 7 attack, saying that attitude is risky. “It is better to prepare for a strong attack than to be caught flat-footed because you expected an amateurish attack, but ended up being confronted by a competent attacker,” he says.

Lessons to Be Learned

Even if the attacks are somewhat successful, they could help website operators defend against future attacks. “OpUSA, if launched, will actually expose vulnerabilities and help to reduce the number of targets that are susceptible to easy exploitation by more targeted adversaries,” says Richard Stiennon, an IT security analyst and author of the book “Surviving Cyberwar.”

The DHS alert says promoters of OpUSA, though not necessarily its instigators, include individuals linked to websites that host violent extremist content, including a member of a web forum that hosts al-Qaida-inspired content.

Anticipating the attack, the Credit Union National Association is alerting its members of the “chatter” tied to OpUSA.

“It is not possible to assess the veracity of the threat at this time, but it is important that credit unions be aware and prepared at all times,” Tom Nohelty, vice president of information technology at CUNA, says in a statement. “Some of the largest credit unions are included in a list of targets for the purported May attack so heightened awareness is warranted.”

Among the targets mentioned in the Anonymous posting are the American Airlines and Alliant credit unions.

Being on Guard

The credit union association offered this advice to defend against the potential May 7 digital assault:

  • Actively monitor in-bound Internet traffic that day. Network teams should be prepared to block traffic from specific IP addresses in an effort to maintain their website’s ability to respond to normal business requests;
  • Alert members about the OpUSA threat and ask them to execute critical online banking business on a different day or come into the credit union office; and
  • Educate call-center staff on the symptoms of a DDoS attack so they can better serve the members and notify their network teams if an attack is under way.

A DHS spokesperson says the department is sharing information with industry, state and local governments and international partners to address cyberthreats and develop effective security responses.

For protection against your eCommerce site click here.