Initial Disclosure Date: Jul 27, 2012

Anonymous is now preparing for cyber-attacks again after July 20th. Although their #OpJapan has been inactive since the beginning of July, their online chat implies that one of their next targets is the Japanese Society for Rights of Authors, Composers and Publishers (JASRAC) again as of July 27th. The JASRAC website was target last month as well and faced access difficulties on June 27 to 28 and June 30.

At 12:30:42 on July 20, OpJapan Official tweeted, “from web. We plan on setting up a Denial of Service attack on multiple websites. The date of this event is yet to come. #opJapan.” Before that, at 12:24:30, the actor posted a Twitter message to make an excuse about the recent silence. “[F]rom web. I’ve been busy with real life, sorry for the in-activity. Keep up the good work! #CleanupJapan #Anonymous #opJapan #opJapan-jp.” On July 21, the person tweeted, “We will be announcing the date of the denial of service attack on 3 specific websites soon. #opJapan #Cleanup.”

In June, the hacktivist group used High Orbit Ion Canon (HOIC) for their DDoS attacks. Anonymous applied neither new nor noteworthy technique under #OpJapan.

HOIC is an Windows executable file. The combination of HOIC and Booster Scripts allows each user to send a large amount of HTTP-GET Requests automatically to a target designated by the Booster Scripts. Thus, users do not need to set up the target. This attack consumes resources of the targeted server and disrupts the operation. HOIC is originally designated to measure traffic overload to a website, but hactivists exploit HOIC to send a large amount of packets.

It is difficult to distinguish between legitimate access and HTTP-GET flood attacks, because such packets are sent based on a legitimate HTTP protocol. Yet, hacktivists cannot forge their IP addresses because the TCP connection is already established. Accordingly, victims can identify the host by its IP address. If victims receive HTTP-GET Requests beyond a certain threshold from a host, they can determine that it is the source and they can cut off packets.

Sources:
The National Police Agency/Technical Countermeasures Division/Cyberterrorism Technical Countermeasures Office, “Protection against DDoS attacks,” June 3, 2003,
http://www.npa.go.jp/cyberpolice/server/virus/pdf/Strategies_to_Protect_Against_DDoS_Attacks.pdf
Toshitsugu Nagao, Hiroaki Toyama, and Masaki Tomizawa, “FIT2009 (Dai 8 kai joho kagaku gijutsu foramu): paketto firutaringu kino wo tosai shita NIC niyoru DoS kogeki taisaku [FIT2009 (the 8th information science and technology forum): NIC’s countermeasures against DoS attacks, using a packet filtering function],”
http://www.sofken.com/FIT2009/pdf/L/L_003.pdf
Trustwave SpiderLabs, “HOIC DDoS Analysis and Detection,” January 27, 2012,
http://blog.spiderlabs.com/2012/01/hoic-ddos-analysis-and-detection.html/
McAfee Blog “OpJapan kara manabu saiba kogeki heno sonae [Countermeasures against cyber-attacks --- lessons learned from OpJapan],” July 3, 2012,
http://ascii.jp/elem/000/000/706/706973/

• * Each company name, an organization name, and a brand name are a trade name of each company and each organization, or a registered trademark.