Hackers based in the Middle East and North Africa are preparing cyberattacks this week against the websites of high-profile U.S. government agencies, banks and other companies, according to the Department of Homeland Security.
The attacks, dubbed #OpUSA, for Operation USA, will begin Tuesday, the department said in a warning bulletin circulated to the private sector last week. The bulletin was first obtained and posted online by blogger and cybercrime specialist Brian Krebs.
The attacks are called for in the name of Anonymous, the leaderless coalition of hackers whose trademark Guy Fawkes mask has become a global symbol for their anarchist spirit.
“OpUSA poses a limited threat of temporarily disrupting U.S. websites,” the Homeland Security bulletin states, saying the attackers will likely use commercial hacking tools in a variety of “nuisance-level” strikes, defacing websites or temporarily knocking them offline.
“Some of the participants possess only rudimentary hacking skills,” the authors add.
More worrying though, the attacks seems to presage a developing alliance between criminal hackers and violent Islamic extremists.
The bulletin notes that the attacks are being promoted by the moderators of websites and discussion forums that host al Qaeda and other Islamist material, in addition to calls through more conventional hacker channels like the bulletin board Pastebin.
This collaboration may “signal an emerging trend of Middle East- and North Africa-based criminally motivated hackers collaborating with others regardless of their motivation,” like Islamic extremists, states the bulletin.
“Middle East- and North-Africa-based criminal hackers will continue issuing public statements to announce cyber attack plans against high-profile targets,” the bulletin predicts.
Homeland Security will monitor these statements for signs of an emerging alliance between Anonymous and jihadists, the bulletin goes on. Future public statements “may provide insight into whether these [hacker] groups are radicalizing toward violence and whether they would potentially partner with or conduct attacks on behalf of violent extremists.”
If #OpUSA generates media coverage, its planners might attract other, more skilled hackers, to their ranks, making future attacks more dangerous.
“Perceived success might lead other individuals — including those with advanced technical skills — to undertake similar efforts and attempt more threatening cyber attacks targeting U.S. government and commercial websites,” it warns.
Since September 2012, U.S. banks have faced a wave of coordinated cyberattacks from Islamic hacktivist groups believed by many observers to be linked to the Iranian regime. To date, 46 U.S. financial institutions have been targeted in more than 200 separate attacks, according to an FBI bulletin last month.