Security Research
Showing results for 
Search instead for 
Do you mean 

What to Expect from #OpPetrol

SR-FI_Team ‎05-18-2013 08:53 AM - edited ‎05-22-2013 06:45 AM

Given that the #OpPetrol has made the news, we felt that we should provide our view of the operation.



#OpPetrol is a new hacktivist campaign targeting several countries (the US, Canada, England, Israel, Saudi Arabia, China, Italy, France, Germany, Kuwait and Qatar) and the Petroleum industry.


#OpPetrol was announced on May 10, 2013 via this pastebin -


It was restated on May 11, 2013 via this pastebin -


According to the announcement, the operation will “engage” on June 20, 2013. As we know from past events, actors may be compromising sites now only to release the results as part of the operation. Potential targets may have already seen activity that could later be associated with this announcement.


We have seen support for this operation from the following notable actors:


        Anon Ghost

The list of actors is fluid and will most likely change throughout the event.


As you can see below, social activity spiked the day of the announcement and sharply declined afterward:  




What to Expect?

Given the trends so far, we anticipate that this operation will mirror #OpUSA. We do not anticipate #OpPetrol to be a large success. However, targets should still prepare for the worst as these campaigns could be used as cover for serious threats. Our recommendations from OpUSA Lessons Learned are applicable to this event:


Mitigation guidance provided by the government:

  1. Compromised hosts should be wiped and restored to a known good image. Users and administrators should be vigilant about applying the latest patches and anti-virus updates. An infected host endangers the availability, confidentiality,and integrity of data on networks. 
  2. DEP – Data Execution Prevention (DEP) should be enabled where ever possible (to help prevent buffer overflow exploits).
  3. Defend against compromised CA and web site certificates. 
  4. Have layers of defense to mitigate phishing and drive-by downloads.
  5. Make sure strong authentication has been enforced wherever possible and limit remote access.
  6. Harden your infrastructure. For instance: remove unused network interfaces, keep gear patched, ensure strong authentication, limit management access to internal devices, etc.
  7. Be prepared to minimize the effect of SQLi and XSS attacks.
  8. Verify that firewall rules are tuned and that unused rules are removed for both IPv6 and v4 networks.


In addition to the federal recommendations, we recommend the following (high level summary):

  1. Make sure to use a CDN for external web presence. CDN's help mitigate  DDoS threats substantially.
  2. Be prepared ahead of time. Work with your up-stream Internet provider to ensure they can redirect and scrub DDoS related traffic or be prepared to redirect traffic to a company such as Prolexic.
  3. Ensure that all DDoS features are tuned and enabled across all security and infrastructure devices. Firewalls, routers, IPS, gateways, etc.  Each of these has a part in defending against the attack and each have specific strengths.
  4. Be prepared to identify and block zero day threats.
  5. Using your visibility solutions, vigilantly monitor for exfiltration and anomalous behavior. Expect that someone will penetrate your perimeter.


0 Kudos
About the Author


27 Feb - 2 March 2017
Barcelona | Fira Gran Via
Mobile World Congress 2017
Hewlett Packard Enterprise at Mobile World Congress 2017, Barcelona | Fira Gran Via Location: Hall 3, Booth 3E11
Read more
Each Month in 2017
Software Expert Days - 2017
Join us online to talk directly with our Software experts during online Expert Days. Find information here about past, current, and upcoming Expert Da...
Read more
View all