Escalation in OpKillingBay
January 25, 2016
There has been a noticeable recent increase in activity surrounding the OpKillingBay operations – a hacktivist campaign attributed to the Anonymous collective that has been active since 2013. After a dearth of reported activity through most of 2015, three reported cases of cyber hacktivism have been claimed as part of OpKillingBay in January 2016. These include alleged distributed denial of service (DDoS) and SQL injection attacks against Japanese organizations.
So what’s changed?
OpKillingBay has largely environmental motivations, with a focus on whaling activity and the protection of sea life. Since the outset of this operation, targeting has focused on Japanese domains due to whaling practices in the country. Among the operation’s list of published objectives were the aims of degrading and embarrassing bodies allegedly affiliated with animal rights’ abuses, thereby raising media attention of these issues.
In mid-January, a tracked actor claimed to have rendered two high-profile Japanese domains offline. Although in both cases it was not confirmed if the actor was responsible, there was some corroboration with Japanese media that one of the sites experienced downtime. In the same period, the actor also claimed to have leaked data from a further Japanese company website. In this instance the actor provided some details of a database schema, although no data. The structure of the information posted, as well as the mention of SQL, suggests it as likely that the leaked data derived from an SQL injection attack. If true, the indication of data leakage as a method of attack suggests that actors have broadened their techniques.
Timeline of reported activity shows clustering of incidents around final few months of year and decrease throughout majority of 2015.
Figure 2 – OpKillingBay social media mentions (Twitter.com and Facebook.com)
The reemergence of the operation is linked to real world events. For example, the sudden decrease in 2014 coincided with the UN International Court of Justice’s decision to order an immediate cessation of Japanese whaling programs in March 2014. Similarly, the large spike in social media mentions coincides with Japan submitting a plan for a new whaling program to the International Whaling Commission (IWC) in November 2014. While reported activity as part of OpKillingBay again decreased dramatically throughout 2015, the recent rise correlates with the Japanese decision to resume whaling for “scientific purposes”, announced in November 2015. Lastly, a large number of recent social media mentions referencing OpKillingBay have aligned the operation with “Taiji” – an annual dolphin hunt held on the Japanese southeastern coast between September and March. It is highly likely that the operational activity is also linked to seasonal hunting practices in Japan.
Given the continuing pattern of activity associated with this operation as well as increased media attention, it is likely that known and new actors will target Japanese domains over the following weeks and months, using a broader set of methods than previous years.