Security Experts:

FBI Warns of Hacktivist DDoS Attacks in “Operation New Son”

FBI Sends Warning to InfraGard Members of Possible Memorial Day Attacks

On Thursday, the FBI issued an alert to InfraGard members, warning them about an alleged plot to launch a series of DDoS attacks against high profile corporations. The campaign, titled OpNewSon (Operation NewSon), was initially proposed in April by a group of Anonymous supporters using the name TheWikiBoat.

The FBI’s warning, which was sent from the Public/Private Alliance Unite (PPAU) appeared on Friday in a report published by ThreatPost. The PPAU is the FBI unit responsible for managing InfraGard. 

The letter lists 46 proposed targets including Apple, HP, Toyota, Wal-Mart, Wells Fargo, Bank of America, KPMG, Cargill, and IBM, just to name a few. The warning, as the letter explains, is sourced from public reports, but is relevant to the FBI’s ongoing investigations into hacktivist groups associated with Anonymous.

One of the public reports is a Pastebin post from April. In it, a group calling itself “TheWikiBoat” says that OpNewSon’s intended goals are cyber protest – such as DDoS – and the release of “precious classified data.”

“Those targets are none other then the ones who ultimately rule: the high revenue making companies of the world. While attacking the major companies of this planet may seem lulzy, we also wish that this operation make a difference. We are "sticking it to the man" so to speak. Our hopes are set out on this being a major operation because after all, we will be hitting major corporate/incorporate associations,” the notice explains.

While the list of proposed targets mentioned by the FBI consist of the usual suspects, such as banks and large corporate powers, others on the list are questionable, such as Kroger – a grocery store chain in the Midwest, McDonalds, BestBuy, and organizations in China and Japan.

While targeting technology giants, banks and related financial firms would be expected when “sticking it to the man,” it isn’t clear how a grocer, retail outlet, or fast food chain fit into the mix.

Two separate sources speaking on the condition that they remain anonymous (ironic no?) as they were not authorized to speak on record to the media, confirmed the letter as authentic. One of them, who happens to work within the IT department of an organization proposed as a target, said that the intent of the letter is clear; it’s just a basic heads up.

However, the Memorial Day holiday means that some IT departments will be running skeleton crews.

“If you’re already understaffed, holidays and summer vacations can add additional strain. The PPAU knows this, so the letter is a warning to remain vigilant and keep your eyes open,” the InfraGard member explained.

“In a situation like this, we’ll monitor the servers and tune the heads-up to look spikes in traffic that doesn’t follow the norm. Otherwise, we have to trust in our current defenses and our IR [Incident Response] plans.”

OpNewSon is slated to start later this afternoon. We’ll update this story if there is anything further to report.

Steve Ragan is a security reporter and contributor for SecurityWeek. Prior to joining the journalism world in 2005, he spent 15 years as a freelance IT contractor focused on endpoint security and security training.