A one-day hacktivist campaign targeting U.S. government agency and banking websites has come to a close – and the operation lacked the punch initially threatened by its orchestrators.
OpUSA, as it was called, was launched Tuesday by Anonymous to protest American “war crimes” against countries in the Middle East, according to a message the group posted to Pastebin in April. The operation consisted of distributed denial-of-service (DDoS) attacks, database leaks, administrator account takeovers, site redirects, defacements and domain name system (DNS) attacks.
Among the list of high-profile targets were websites for the Department of Defense, the Pentagon, White House and the Federal Bureau of Investigation. Major banks named as targets included Bank of America, JPMorgan Chase, Wells Fargo, PNC, BB&T Corp. and SunTrust Banks and Regions Financial Corp. Anonymous posted the list of target organizations in another April message on Pastebin.
“America you have committed multiple war crimes in Iraq, Afghanistan, Pakistan, and recently you have committed war crimes in your own country,” the message said. “You have killed hundreds of innocent children and families with drones, guns, and now bombs. America you have hit thousands of people where it hurts them, now it is our time for our lulz. For this you shall pay.”
But the harsh words amounted to more bark than bite, and even some members of Anonymous chose to distance themselves from the campaign, arguing that it was being conducted by the "script kiddie" portion of the online collective.
Numerous factions within Anonymous claimed they defaced and hacked thousands of websites. The total list of victims actually was around 2,000, according to the Hackers News Bulletin, which kept a running list of OpUSA exploits that occurred throughout Tuesday. Many of the compromised sites were little known, non-government sites.
One of the more high-profile targets that was the Honolulu Police Department (HPD) in Hawaii. The incident occurred Monday and “X-Blackerz Inc.,” an Anonymous-affiliated group, claimed responsibility for the attack, which resulted in a HPD database being compromised, impacting more than 3,500 people.
In a statement, HPD told the Hackers News Bulletin that subscribers to its “HPD Alerts” database, who received breaking news from the Police Department, had their names, phone numbers and email addresses accessed.
Last Wednesday, the U.S. Department of Homeland Security said in alert that OpUSA attacks would likely result in “limited disruptions” and mostly “nuisance-level attacks against publicly accessible web pages and possible data exploitation.”
Brian Krebs, a security blogger, obtained the confidential alert and posted it on his site last Thursday.
“OpUSA poses a limited threat of temporarily disrupting U.S. websites,” the alert said. "It may, however, signal an emerging trend of Middle East and North Africa-based criminally motivated hackers collaborating with others regardless of their motivation."