The hacker group Anonymous, which has promised to launchdistributed denial of service attacks against government andfinancial institution websites Tuesday, released of list of targeted institutions thatincludes 12 credit unions.

The $16 billion Pentagon FCU of Alexandria, Va. tops the list.About 130 banks, credit unions and other financial institutionscomprise the list of claimed DDoS targets in what the group iscalling OpUSA.

Other credit union sites listed on the OpUSA post on Pastebin includethe $54 billion Navy FCU of Vienna, Va., the $27 billion StateEmployees' Credit Union of Raleigh, N.C., the $12 billion BoeingEmployees Credit Union of Tukwila, Wash., the $9.8 billionSchoolsFirst FCU of Santa Ana, Calif., the $8.2 billion The Golden1 Credit Union of Sacramento, Calif., the $5.4 billion SuncoastSchools FCU of Tampa, Fla., the $5.6 billion American Airlines FCUof Fort Worth, Texas, the $8.3 billion Alliant Credit Union ofChicago, the $7.2 billion Security Service FCU of San Antonio,Texas, the $6.2 billion San Diego County Credit Union of San Diegoand the $5.8 billion America First FCU of Riverdale, Utah.

Also Read:

• Was May 7 Only a Test?
• May 8: Attacks But No Time to Let GuardDown
• Mixed Views in LinkedIn Poll on May 7Warning
• No Takedowns Reported Tuesday
• Krebs: DHS Memo Says 'More Bark ThanBite'
• Threat of the Week: May 7, Ready orNot
• CO-OP Issues DDoS White Paper
• CUNA Explains Thinking BehindWarning
• Reactions Vary to May 7 Warning
• DDoS Attacks Often Fraud Diversions
• Mark Your Calendar (or Not) for May 7Attacks
• CUNA Issues May 7 DDoS Warning

John Magill, CUNA executive vice president of governmentalaffairs, said during a Monday morning press call he has spoken toNCUA staff members about the attack, and they said the regulator isaware of the target list and has contacted the 12 credit unions.The NCUA and credit unions listed did not respond to requests forcomment, except for the nation's second-largest credit union.

“We regret that such attacks may inconvenience our members,”said SECU President/CEO Jim Blaine. “We are certain that enhancingthe reliability of our systems is a perpetual obligation andopportunity for our credit union. System integrity is not a one dayevent nor a one day concern for SECU. It's an everyday issue andcommitment.”

Kevin Prince, chief technology officer at the Santa Ana,Calif.-based technology management firm Compushare, said the attackcould be impactful, but added nobody knows how it could playout.

Compushare has worked on an FBI task force for a long timecombating Anonymous cyberattacks, and Prince said the bureau “ishaving a hard time doing anything about it.” He described lawenforcement attemtps to fight the loose collective of so-calledhacktivists like chopping off one head, only to find two more havegrown back in its place. Anonymous has called for other hacktivistgroups to join them in planned cyberattacks, including the May 7DDoS attack, he said.

Prince, who was a guest on CUNA's call, recently released awhite paper that reassures small financial institutions they're notlikely targets, but nonetheless provides ways to prepare in case they are, or simply worry they maybe.

In reality, he said, there's very little a small credit unioncan do to stop a DDoS attack.

“You can't just tweak the firewall. It simply doesn't work thatway,” he said.

Instead, Prince advised, credit unions should work with theirinternet service provider to stop the attack “upstream” before itgets to the credit union's website or online banking service.

Because most credit unions don't host their own online bankingsite, working instead with a third party provider or coreprocessor, their prep time would be better spent reviewing thirdparty due diligence than attempting to shore up their ownconnections, he said.

The white paper, titled “DDoS Attacks: How Real Are the Risksfor Community Financial Institutions”, is available to be downloaded on Compushare's website.