Attacks/Breaches
2/5/2013
05:17 PM
50%
50%

Anonymous Claims Wall Street Data Dump

Hacktivist group publishes 4,000 passwords as part of Operation Last Resort campaign seeking revenge for the treatment of Internet activist Aaron Swartz.

Who Is Hacking U.S. Banks? 8 Facts
Who Is Hacking U.S. Banks? 8 Facts
(click image for larger view and for slideshow)
The hacktivist collective Anonymous said that it's published a document dump that targets executives at financial services firms.

"Now we have your attention America: Anonymous's Superbowl Commercial 4k banker d0x via the FED," said a Sunday tweet from Operation Last Resort. A followup tweet from the same Twitter channel said, "Yes we posted over 4000 U.S. bank executive credentials."

Operation Last Resort is the name for an Anonymous campaign that seeks "reform of computer crime laws, and the overzealous prosecutors," and which was launched after Internet activist Aaron Swartz committed suicide. Although Swartz had long battled depression, numerous people have come forward to criticize the Department of Justice's handling of his case, including prosecutors' apparent strong-arm tactics.

[ For more on Anonymous's recent exploits, see Anonymous DDoS Attackers In Britain Sentenced. ]

The Sunday dox – a.k.a. data dump -- appears to contain about 4,600 records, including people's names, email addresses, institutions, IP addresses and login IDs, as well as their salted and hashed password, including the salt that was used. The records stretch to nearly 700 pages, and per the Anonymous tweet, appear to have been obtained from the Federal Reserve System.

The "bankd0x" -- as Anonymous has dubbed it -- initially was published on Pastebin, as well as to the Alabama Criminal Justice Information Center website in an HTML file titled "oops-we-did-it-again.html." After the Alabama state government removed the page, Anonymous reposted it on what appeared to be a Chinese government website.

Is the data legitimate? A small, random sample of the published information revealed names and email addresses that do appear to be real. Other people who investigated the data also suggested that it was legitimate. "OK, I called a few of them," said one Reddit user. "What must be so problematic for the Federal Reserve is not the information so much as this file was stolen from their computers at all. The ramifications of that kind of loss of control is severe."

The timing of the financial data dump appears to have been designed to call attention to a Jan. 28 letter sent to Attorney General Eric Holder by two key members of the House Oversight and Government Reform Committee. Signed by committee chairman Darrell Issa (R-Calif.) and ranking member Elijah Cummings (D-Md.), the letter demands answers to seven questions related to the Swartz case, as well as prosecutors' use in general of the Computer Fraud and Abuse Act (CFAA), and their practice of issuing superseding indictments. The legislators gave Holder a deadline of Monday to schedule a related briefing with them.

The bankd0x isn't the first attack launched by Anonymous as part of Operation Last Resort. Last week, the group hacked the website of the U.S. Sentencing Commission, which establishes sentencing policies and practices for the federal courts, to add a hidden Asteroids game. The group also distributed an encrypted file "warhead," for which it promised to later distribute the decryption keys, unless its CFAA reform demands were met.

At press time, the U.S. Sentencing Commission's website resolved to a single page that said the website "is currently under construction," and that listed a handful of links and contact phone numbers.

Also last month, Anonymous defaced a Massachusetts Institute of Technology website, denouncing the charges that had been filed against Swartz, demanding that the CFAA be reformed, and calling for more open access to information.

Offensive cybersecurity is a tempting prospect. It's also way too early to go there. Here's what to do instead. Also in the new, all-digital Nuclear Option issue of InformationWeek: Military agencies worldwide are figuring out the tactics and capabilities that will be critical in any future cyber war. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
kbuchs559
50%
50%
kbuchs559,
User Rank: Apprentice
2/6/2013 | 8:51:58 PM
re: Anonymous Claims Wall Street Data Dump
Why equate the Federal Reserve with "Wall Street" as the headline says? This data must be access info for the Federal Reserve systems.
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.