As #OpPetrol looms, cyber-sec specialists stay calm

Campaign unlikely to extend beyond DDoS, website defacements, say experts

Tags: KuwaitQatarSaudi ArabiaTrend Micro Middle EastUnited Arab Emirateshelp AG (www.helpag.com/)
  • E-Mail
As #OpPetrol looms, cyber-sec specialists stay calm AnonGhost has pledged all-out cyber war on the global petrochemical industry.
By  Stephen McBride Published  June 18, 2014

AnonGhost, a Middle East Anonymous affiliate, has pledged all-out cyber war against the global oil and gas industry on Friday 20 June in a now-annual campaign dubbed #OpPetrol.

AnonGhost declared on Pastebin its renewed determination to hit back at the petrochemical sector for what it considers unfair use of the dollar as a trading currency.

"Why isn't petrol sold [using] the currency of the country which exports it?" the group asked in its Pastebin post.

ITP.net noted yesterday that last year's #OpPetrol did result in some downed websites, but little in the way of disrupted production from targeted organisations. Regional cyber security specialists agreed that the impact of the campaign was unlikely to spread to critical infrastructure.

"Last year a number of websites were defaced (meaning content replaced on the website) and then a whole bunch of non-government and non-oil company-based websites were targets of OpPetrol," said Ravi Patil, technical director, MMEA, Trend Micro.

"Some data was leaked to Pastebin from some of the big oil companies, but it is still difficult to see exactly how much or the quality of the data that was leaked... #OpPetrol was not that successful in achieving what they wanted - generating electronic havoc for the oil economy. They did successfully receive a lot of attention [but]... Anonymous is not necessarily scary when it comes to sophistication of attacks, but simply [because of its] sheer scale."

"OpPetrol is indeed a recurring campaign from Anonymous," said Nicolai Solling, director, Technology Services, Help AG. "Last year there was‎ a lot of focus on the same, however specifically in the UAE there was no major impact seen.

"Anonymous' mode of operation still centres around DDoS attacks, and customers need to focus on general robustness against these type of attacks. Another area that is also targeted is defacement of websites of the targeted organisations. So general vulnerabilities such as configuration of the server, patching software and assessing if the organisation has unknown vulnerabilities in its content management platforms would be wise. We also recommend looking at which information is revealed from the traffic coming from the customer's technical environment, thus avoiding revealing information on potential vulnerable software."

Continues on next page>>

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code