Operation Icarus

Update: @Op_Icarus is back. Says he was ill…

Yesterday, the New York Stock exchange system status history page mentioned that the technical issues have been resolved. On Twitter, Hacktivist @S1ege_  tweeted “New York Stock exchange has now been down for 4 hours”.  The profile description of S1ege is: “So above, so below. Official Twitter of s1ege Admin of former member of – This Twitter Hijack Count Attempts currently at #34“.

I’ve been researching an interesting phenomenon in the media and banking world, named Operation Icarus, Shut Down the Banks and/or Ghost Squat Hackers. It consists of a set of hacks to world banks across the globe, and it’s happening in the thirty days following May the 3rd. That includes today. What makes this thing so interesting, is that it’s extremely hard to find any information on it, or trying to study its extent. Let me show you some of my interesting findings:

Anonymous have announced the start of Operation Icarus several times, including in this video , published on May 8th. The announcement of the attack on the central banks of the world included a statement that Anonymous would “throw a wrench in their machine”.  In the meanwhile, different media (including S1ege- linked twitter accounts) reported on broken bank websites in (more or less in order of appearance) Greece, Cyprus, the Dominican Republic, Guernsey, Panama, Bosnia, Kenya, Montenegro, New Zealand, the Cayman Islands, Jordan, South Korea, the British Virgin Islands, Vietnam,  France, the Phillipines, Chile, Kenya, Myanmar, the bank of America and some US states including Dallas, Cleveland and recently the New York Stock Exchange. I have checked a few websites, and some were down for a while indeed. In Kenya, the ATM didn’t work for about half a day on May 14th.  That incapacitated the entire nation of buying anything… Around the same time, Twitter account @Op_Icarus disappeared, along with all its tweets about the banks they attacked.

On May 13th, SWIFT, published a security notice on their website, stating that there had been breaches in their system earlier this year. It was done by a group of very advanced hackers, who managed to impersonate bank employees and steal millions of dollars, about eighty. Twice, it seems. They say it “was not a single occurrence, but part of a wider and highly adaptive campaign targeting banks”. According to the site, the core system of SWIFT is untouched. Remember how every single bank account in the world has a SWIFT number? Yes. That’s the SWIFT we’re talking about.

I could find no clear indication that Operation Icarus and the SWIFT attacks were linked until now. @S1iege_ , whom you cannot find if you just search for him on twitter, has retweeted this exclusive interview with… himself, in which, indeed, he claims the two SWIFT attacks, even framing the one in Vietnam, that other media called unsuccessful, as succesful. In the interview, he propagates a conspiracy theory which is quite interesting to look at, and frames it as Anonymous’ main motivation for their actions.

Of course, it could also be that the twitter accounts and information sources I found are making most of this up. That only a few of these cases are true (including SWIFT and Kenya,), and that some weirdos that call themselves Anonymous are simply following the global news very thoroughly to tweet about it and make YouTube videos (Note that one both of the actual SWIFT attacks stem from before the 3rd). It could be that Anonymous is not a group, but a number of individuals who want to seem interesting. That they simply take down the websites of the banks, nothing more. But the coincidence is too big to me. It seems that more is going on. Especially now: how silly would you be as a mediocre hacker group, to claim some of the most severe hacks in the history of banking, if you cannot thoroughly defend yourself against the CIA and so on?

But do we hear of it in the news? Barely. All of the above are described as isolated incidents. What’s more, there seems to be censorship going on. I’ve seen that happen to @Op_Icarus. But then again, that could also be a decoy: the hacktivists could have removed that themselves, to make me believe they’re legit. They could be riding the wave of the SWIFT attacks for a campaign of their own.

But if all of it is true, and I’m starting to believe it, if there is a link between the downs on the banks sites,the SWIFT heists and the Kenya bank failure, then there is something very big going on. If it’s true, then these guys know what they’re doing, and will use their global reach for something more intense. That’s what S1ege says in the interview. Sure, they’ve been saying it for years without doing much, but what if they’re ready now?

We’re halfway since the thirty days started. For the second half, I’ll be scrutinizing the web.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s