14 DAY TRIAL // OpUSA seems to have come to an end and it appears the US Department of Homeland Security (DHS) was right to say that the campaign would mostly consist of nuisance-level attacks.
So let’s take a look at what the hacktivist groups have claimed to have done.
Hackers News Bulletin has compiled a list of all the alleged hacks. Over 2,000 websites have been defaced, and the details of thousands of credit cards have been leaked.
The details of email accounts and other personal information has also been leaked.
One group, the Afghan Cyber Army, has even claimed to have leaked the details of 1.1 million Facebook accounts belonging to US citizens.
“Afghan Cyber Army is going to be an alarm clock to the United States Government. Please, citizens of the United States of America, do not push snooze anymore. It's time to wake up....wake up....wake up,” the hackers wrote next to the leaked data.
X-Blackerz Inc has taken credit for leaking information from the Honolulu Police Department. The HPD has confirmed that its "alerts" database has been breached.
Despite the fact that Izz ad-Din al-Qassam Cyber Fighters backed down from OpUSA, distributed denial-of-service (DDOS) attacks have still been launched by other participant collectives.
Hilf-ol-Fozoul lists over 140 websites belonging to US government organizations and financial institutions that have allegedly been attacked.
So what’s the actual extent of the damage caused by OpUSA?
First of all, many of the data leaks we’ve analyzed are old dumps that have been republished. In many cases, the data published for OpUSA could be found in posts dating as far back as 2011.
The data leak’s format was precisely the same, so it’s unlikely that the same websites have been hacked once again.
The 1.1 million Facebook credentials – which were likely obtained as a result of a phishing attack – appears to be legitimate. However, the information doesn’t seem to belong to US citizens as the hackers claim.
Judging by the data, the accounts belong to Spanish-speaking users.
Thousands of websites have been defaced, but only few of them belong to US organizations. Most of them are commercial sites from Argentina, China, Brazil, Russia, Spain, Colombia and other countries.
OpUSA has been closely monitored by some security firms as well.
Radware's Emergency Response Team has published a special page for OpUSA.
“Well into the attack, no major site disruptions have been reported yet,” reads the report published after the campaign had officially started.
Carl Herbinger, vice president of security solutions for Radware, has told Dark Reading that the level of DDOS attack activity dropped after the Cyber Fighters backed down.
“There were some [OpUSA] attacks, and they were pedestrian in nature relative to what we've become used to and humbled with operations by [the Cyber Fighters],” Herbinger said.
Sorin Mustaca of Avira has also been monitoring the attacks.
“To create such a disruption the attackers would need heavy botnet backing to wage the massive DDoS attacks they had promised. You would have to have a very serious botnet at your disposal, which is not that complicated these days,” Mustaca told Softpedia via email.
“If you don't own the botnet, you have to pay for it. And from where should they get the money to pay? My guess is that they are trying to create the market for hacking so they could get paid and this was their attempt to demonstrate their capabilities,” he added.
The expert believes that the OpUSA groups are not organized or skilled to create a heavy impact and make a name for themselves on the hacking scene.
“They did test some of the tools they mentioned on Pastebin (http://pastebin.com/TyvAK20F) because we have seen some insignificant pages defaced and accounts leaked. But, nothing even remotely close to the massive damage that they predicted,” Mustaca noted.
“Another view on this is that some of the organizations that were initially supposed to get involved in the operation gave up. Probably they got scared by the seriousness with which the media took the press release,” he said.
“One thing is when you DDOS and deface some banks, another thing is when you threaten FBI, NSA, DOD, The Pentagon and the Whitehouse. I think that they got more attention than they were expecting and thought that things went too far. So, the effects we've seen are probably the work of only few teams that still participated in the operation.”
It's also worth noting that the hacktivist groups behind OpUSA don't see eye to eye with the entire Anonymous community. Some Anonymous hackers said they were
against the campaign.
According to IllSecure, some of the Muslim hackers even doxed one member of Anonymous.
Moreover, an Israeli hacker group called out to US and Israel supporters to team up against the OpUSA collectives.