Tuesday, June 18, 2013

Warning of Pending Cyber-Terrorism Attack -

Sent: Tuesday, June 18, 2013 12:30 PM
To: XXXX

SENTINEL INTELLIGENCE SERVICES, LLC
FLASH TRAFFIC - - FLASH TRAFFIC - -
Tuesday –
June the 18th, 2013
1150Hrs; M.S.T. (Arizona)                                                                                                                                            Lyle@Sentinelintelligenceservices.com
_________________________                                                                                                                                       _________________________
Email Briefing Bulletin:                                                                                                                                               NOT RESTRICTED – INTELLIGENCE COMMUNICATION:


BRIEFING CLASSIFICATION:       NOT RESTRICTED – AVAILABLE FOR PUBLIC DISTRIBUTION

SUBJECT OF BRIEFING:                Multi-dimensional cyber-attacks against the petroleum industry for 19 June 2013

FOR YOUR ANALYSIS AND CONSIDERATION:
Please regard the following intelligence analysis with High Priority and Warning.  Confirmation has been received that a “time clock” began with the hours, minutes, seconds count-down for the launch of this cyber-terrorism attack.  Depending on the degree of success, it is possible petroleum prices will rise seriously.  Plan accordingly. 

       Lyle –
______________________
LYLE J. RAPACKI, Ph.D.
Protective Intelligence and Assessment Specialist
Consultant at Behavioral Analysis and Threat Assessment
Private-Sector Intelligence Analyst



Last month, the hacker collective Anonymous announced their intention to launch cyber attacks against the petroleum industry (under the code name #OpPetrol). Their claimed reason for this attack is primarily due to petroleum being sold with the US dollar instead of currency of the country where petroleum originates. However, some chatter indicates there was a desire to launch new attacks due to both #OpIsrael and #OpUSA being regarded as ineffective.
Users should note that June 19 is only the day that most attacks are expected to occur and/or be made public. Similar to last month’s #OpUSA, they have begun mobilizing prior that date. Since the announcement of this operation, targets have been hit, credentials have been stolen, and the list of targets is already growing.
It is also not uncommon for these activities to be used as a distraction to mask other attacks. Based on the collateral damage recorded from previous operations and data leaks outside publicized attack dates, their targeting and timing aren’t always precise either.
An announced operation like this is a good opportunity for all current existing and potential targets to exercise the necessary steps to protect themselves. Everyone is a target eventually; there will always be vulnerabilities to be exploited for cause or profit.
If your organization or country you defend is a potential target in this operation, you should consider doing the following steps (see below) and possibly more. If you’re in anyway connected to the targeted industries or located in one of the potential target countries, we advise that you consider going through these steps anyway. However, if you are not affected or linked to the expected targets, you may use these steps as proactive measures against attacks like #OpPetrol.
Before June 19, 2013:
  • Ensure all IT systems (OSs, applications, websites, etc.) are updated.
  • Ensure IT security systems are current, have as wide a view as they can, and can inspect deeply. Can they detect and prevent phases of attack plan and can they be integrated into part of a kill-chain? Can they observe indicators over the network, on disk, and in memory?
  • Ensure relevant third party vendors are aware and accessible.
  • Probe any anomalous network and system behavior and examine it. Reconnaissance phases of the attack are already in play. Opportunities for exploit are being logged and credentials are already being stolen. Solutions such as Trend Micro Deep Discovery can help you examine dubious network activities.
  • Remind your users to be particularly careful and watch out for phishing and spear-phishing emails.
  • Plan or review your incident response procedures with all necessary parties (not only IT groups). Explore how the planned response differs among DDoS, defacement, and disclosure.
  • Have IT Security, Attorneys, and External Communications departments prepare or review public statements in the event your organization is affected. Ask the question of “how your statements and response might differ if it wasn’t a hacktivist group, but a criminal, nation state, insider, or terrorist?”
  • Monitor the many Anonymous sources for any changes in targeting, tools, or motives, lists of accomplishments, or data dumps.
On June 20:
  • Note that attackers may attack across different time zones, so it can last longer than the 24 hours in your time zone.
  • Continue to monitor the Anonymous’ sources for any changes in targeting, tools, motives, lists of accomplishments, or data dumps.
  • Exercise a high level of awareness of your IT and IT Security systems and their logs; continue to apply questioning curiosity to anything interesting.
  • If you think your organization is affected, assume that you are affected by DDoS, defacement, and disclosure – and not just one of them.
After June 20:

  • Continue to monitor Anonymous’ sources for any lists of accomplishments or data dumps.
  • If you’ve made it into Anonymous’ news, you’ll be remediating and designing against future occurrence.
  • If you didn’t make it in Anonymous’ news, review for any sign of breach, compromise, or excessive probing.
  • Remain vigilant, especially if you’re in the target list. The attacks may not be over. 

1 comment:

Anonymous said...

I understand how pissed the Anon guys are because who wouldnt? These guys see and know, what/who controls this world. if I were in their shoes I wouldn't attack them indirectly which is what they are doing. There goal is much larger. John, really you think what you suggested in internet security, such as using a third party entity to monitor servers and what not really gonna stop these guys from getting their targets? I've previously seen what these guys can get. long story short these guys are better organized than what others think, also much larger than here in the usa. That said I hope they have 2 final targets. Super computer in turkey and the lil bro super computer, titan being constructed.

When these 2 Super Computers are both online and communicating with one another. Then we in this whole world will be SO F****D, ROYALLY IN THE A** and nobody will be able to stop these 2 colossal machines from controlling this earth and the people inside it. If I see that day come I'm moving to the middle of no where on a different continent, with no phone no computer. just myself my dog and a freshly built state of the art house..depending on cash situation but hey I can dream and hope right!?.. damn I better keep dreaming by the looks of it this nightmare is just beginning