Anonymous OpNSA Campaign – OSINT to predict DDoS attacks on Nov 5th

 

OpNSA analyzed with OSINT techniques based on the correlation of media activities and physical protests. The analysts provided a forecast on next attacks.

Web Intelligence analysis alerts on early signs of an Anonymous cyber campaign dubbed OpNSA that as usual will address with DDoS attack principal US Government websites. Security experts don’t exclude the possibility that the group will also target subcontractors to gather information for successive attacks within OpNSA campaign.

Last September members of Anonymous hacktivist group collective, known as Anons, targeted US lawmakers who have financial collusion to intelligence contractors in their latest campaign. Different from any other Anonymous operations, OpNSA does not involve hacking, instead the operation aims to bring attention on collusion between US senators and private contractors, whom Anons allege enabled privacy violations as part of National Security Agency surveillance program.

The names of contractors include Booz Allen Hamilton, Northrop Grumman, Raytheon, Lockheed Martin, General Dynamics and many others.

Anonymous promoted the physical participation to the manifestations organized in the streets:

“Under the cover of darkness, you are invisible. Take to the streets in the dead of night and erect over 9,000 posters, banners, flags, anything to show your support for Anonymous, OpNSA, Wikileaks, Edward Snowden, Bradley Manning, or any related campaigns. Also show your contempt for the PRISM program, the FBI and any other high profile opponents of the idea represented by Anonymous. The goal is public awareness! Post as many flyers from the sources listed as you wish. **REMEMBER** Use paste instead of tape. Use the cover of darkness. Be SAFE. Have some fun.”

“We encourage the production of videos and the taking of pictures (not to be taken on smart phones, preferably, due to their traceability) showing participation in this operation. **Keep your faces covered** Remember, this is a peaceful protest. Obey all laws, do not destroy any property, and do not do anything that could give law enforcement a reason to arrest you. Comply with their demands and be sure to give citizens a positive image of anonymous. If possible, answer people’s questions in a polite fashion. Distribute propaganda whenever possible. Public awareness of the NSA’s domestic spy programs begins with YOU. The right of free citizens to maintain their privacy is INVIOLABLE. PRISM companies, defense contractors, and federal agencies have gone out of their way to invade that privacy, and Anonymous is not pleased.”

The NSA’s website was down for 11 hours on Friday October 22th , officially for problem occurred during a routine website update but not everybody believes in this motivation hyphotizing a cyber attack of hacktivists that protested against NSA surveillance activities.

I’ve found an interesting post on the use of Web Intelligence to detect early signs of OpNSA cyber campaign that allows the researchers to predict the evolution of the operation. The analysts using the web intelligence platform Recorded Future demonstrates that members of Anonymous were promoting the physical protests prior to Saturday 26th, this allowed them to raise an alert on October 11th. Previous researches have put in close relationship the public protests with an escalation of events in the cyberspace.

The dates of October 26 and November 5 have been visible in the following graph and you have to consider that the demonstration that saw the participation in thousands protest in DC on October 26th was known for weeks in advance.

 

The above timeline shows the increase of media activities (e.g. Tweets forewarning protests) before the cyber attacks against the NSA occurred  in this past weekend. In the graph is evident another peak planned for November 5th that could be considered as a possiblen date for the next attack of Anonymous.

The OSINT analysis made possible to discover a growing number of tweets from over the weekend using the hashtags #OpNSA and #OpPRISM, a social media campaign to recruit volunteers in DDoS attacks against the agency on November 5th.

“Whether Friday’s incident was truly an internal error or actually a successful hack, more disruption is on the way.”

Let me also conclude with a reflection … State-sponsored hackers use the same techniques to analyze the targets and to discover the profitable moment to conduct an attack being anonymous. A rise of hacktivist campaigns is a privileged moment to conduct covert cyber operations for both sabotage and cyber espionage.

Pierluigi Paganini

(Security Affairs – Anonymous, OpNSA)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…

3 hours ago

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

9 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

21 hours ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

1 day ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

1 day ago

The DDR Advantage: Real-Time Data Defense

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…

1 day ago

This website uses cookies.