OpSacred 2017: Financial Institutions to Face Anonymous-Driven DDoS Attacks

Anonymous ddos attacks - OpSacred

Anonymous, a notorious international network of hacktivists, launched OpSacred on June 11, 2017. OpSacred is an organized DDoS attack effort on financial institutions around the world. Anonymous is known for its DDoS attacks on government and corporate websites, and they are self-described as having “a decentralized command structure that operates on ideas rather than directives.” OpSacred is the continuation of a larger operation called OpIcarus (Operation Icarus), and OpSacred is expected to continue until June 21.

About OpSacred

OpSacred is phase 5 of OpIcarus, a multiphase Anonymous-driven hacktivist effort to shut down financial institutions using DDoS attacks. Despite their “decentralized command structure,” this operation is highly organized, and hacktivists use scripted tools, VPNs and Tor to conduct the attacks. In order to facilitate these attacks and make it easy for others to join the operation, the organization has consolidated all attack tool information on an easily accessible GitHub page. Anonymous has named some larger targets in their campaign, and these include the IMF, Federal Reserve, World Bank and a variety of central and national banks. See the complete list here.

Although the list mainly includes larger financial institutions, these are by far not the only target. They are merely Anonymous’ main goals for the operation. Based on their manifesto, it appears that any lending institution is fair game. Anonymous encourages all hackers to participate, and smaller institutions may be considered easier targets for lesser-known hackers looking to gain international recognition by participating in the operation.

Why Is Anonymous Launching OpSacred?

In their manifesto and in YouTube videos, Anonymous says they are launching the attacks to promote the following ideals:

  • Governments need to cease and desist all wars.
  • Governments need to return governance of the masses to the masses.
  • Debt wage slavery is evil.
  • Greed and materialism is evil.
  • That when a government no longer serves the needs of it’s people that it is the duty of its citizens to resist this tyranny.
  • That pollution of our planet for the purposes of greed and resource extraction must stop. We only have one planet and it is sacred.
  • That capitalist lobbying of government is corruption.
  • That all humanity should enjoy equality.
  • That borders and nations are a man-made construct and are disingenuous as we are one.
  • That all decisions should be made based on an unconditional love for humanity.

Tools & Attack Vectors

Radware reports that cyberattack tools to be used in this operation are more advanced compared to tools used in previous OpIcarus campaigns. They report use of the following:

  • Nmap – a security scanner designed for network discovery and security auditing
  • Zed Attack Proxy – OWASP Zed Attack Proxy, ZAP, a popular and open source security tool that helps users automatically scan and find security vulnerabilities in web applications
  • Malrego – an open source intelligence and forensic tool allowing users to discover data from open sources and visualize the data in graphs and detailed reports for data mining and link analysis
  • Other vectors we have described in our blog post, 5 Types of DDoS Attacks & How to Mitigate Them.

Security Recommendations

We recommend hybrid DDoS protection (on-premises + cloud) and web application security tools to all our customers that provide online services. Hybrid protection provides low-latency onsite scrubbing with the capability to send traffic to the cloud for scrubbing in the event of larger attacks. DDoS mitigation is a growing necessity for companies of all sizes, as DDoS attacks have been commoditized and can be bought online for just a few dollars. Learn more about our security services, or contact us for more information.