Attacks/Breaches
2/5/2013
05:17 PM
50%
50%

Anonymous Claims Wall Street Data Dump

Hacktivist group publishes 4,000 passwords as part of Operation Last Resort campaign seeking revenge for the treatment of Internet activist Aaron Swartz.

Who Is Hacking U.S. Banks? 8 Facts
Who Is Hacking U.S. Banks? 8 Facts
(click image for larger view and for slideshow)
The hacktivist collective Anonymous said that it's published a document dump that targets executives at financial services firms.

"Now we have your attention America: Anonymous's Superbowl Commercial 4k banker d0x via the FED," said a Sunday tweet from Operation Last Resort. A followup tweet from the same Twitter channel said, "Yes we posted over 4000 U.S. bank executive credentials."

Operation Last Resort is the name for an Anonymous campaign that seeks "reform of computer crime laws, and the overzealous prosecutors," and which was launched after Internet activist Aaron Swartz committed suicide. Although Swartz had long battled depression, numerous people have come forward to criticize the Department of Justice's handling of his case, including prosecutors' apparent strong-arm tactics.

[ For more on Anonymous's recent exploits, see Anonymous DDoS Attackers In Britain Sentenced. ]

The Sunday dox – a.k.a. data dump -- appears to contain about 4,600 records, including people's names, email addresses, institutions, IP addresses and login IDs, as well as their salted and hashed password, including the salt that was used. The records stretch to nearly 700 pages, and per the Anonymous tweet, appear to have been obtained from the Federal Reserve System.

The "bankd0x" -- as Anonymous has dubbed it -- initially was published on Pastebin, as well as to the Alabama Criminal Justice Information Center website in an HTML file titled "oops-we-did-it-again.html." After the Alabama state government removed the page, Anonymous reposted it on what appeared to be a Chinese government website.

Is the data legitimate? A small, random sample of the published information revealed names and email addresses that do appear to be real. Other people who investigated the data also suggested that it was legitimate. "OK, I called a few of them," said one Reddit user. "What must be so problematic for the Federal Reserve is not the information so much as this file was stolen from their computers at all. The ramifications of that kind of loss of control is severe."

The timing of the financial data dump appears to have been designed to call attention to a Jan. 28 letter sent to Attorney General Eric Holder by two key members of the House Oversight and Government Reform Committee. Signed by committee chairman Darrell Issa (R-Calif.) and ranking member Elijah Cummings (D-Md.), the letter demands answers to seven questions related to the Swartz case, as well as prosecutors' use in general of the Computer Fraud and Abuse Act (CFAA), and their practice of issuing superseding indictments. The legislators gave Holder a deadline of Monday to schedule a related briefing with them.

The bankd0x isn't the first attack launched by Anonymous as part of Operation Last Resort. Last week, the group hacked the website of the U.S. Sentencing Commission, which establishes sentencing policies and practices for the federal courts, to add a hidden Asteroids game. The group also distributed an encrypted file "warhead," for which it promised to later distribute the decryption keys, unless its CFAA reform demands were met.

At press time, the U.S. Sentencing Commission's website resolved to a single page that said the website "is currently under construction," and that listed a handful of links and contact phone numbers.

Also last month, Anonymous defaced a Massachusetts Institute of Technology website, denouncing the charges that had been filed against Swartz, demanding that the CFAA be reformed, and calling for more open access to information.

Offensive cybersecurity is a tempting prospect. It's also way too early to go there. Here's what to do instead. Also in the new, all-digital Nuclear Option issue of InformationWeek: Military agencies worldwide are figuring out the tactics and capabilities that will be critical in any future cyber war. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
kbuchs559
50%
50%
kbuchs559,
User Rank: Apprentice
2/6/2013 | 8:51:58 PM
re: Anonymous Claims Wall Street Data Dump
Why equate the Federal Reserve with "Wall Street" as the headline says? This data must be access info for the Federal Reserve systems.
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-4692
Published: 2015-07-27
The kvm_apic_has_events function in arch/x86/kvm/lapic.h in the Linux kernel through 4.1.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging /dev/kvm access for an ioctl call.

CVE-2015-1840
Published: 2015-07-26
jquery_ujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server, via a leading space cha...

CVE-2015-1872
Published: 2015-07-26
The ff_mjpeg_decode_sof function in libavcodec/mjpegdec.c in FFmpeg before 2.5.4 does not validate the number of components in a JPEG-LS Start Of Frame segment, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via craft...

CVE-2015-2847
Published: 2015-07-26
Honeywell Tuxedo Touch before 5.2.19.0_VA relies on client-side authentication involving JavaScript, which allows remote attackers to bypass intended access restrictions by removing USERACCT requests from the client-server data stream.

CVE-2015-2848
Published: 2015-07-26
Cross-site request forgery (CSRF) vulnerability in Honeywell Tuxedo Touch before 5.2.19.0_VA allows remote attackers to hijack the authentication of arbitrary users for requests associated with home-automation commands, as demonstrated by a door-unlock command.

Dark Reading Radio
Archived Dark Reading Radio
What’s the future of the venerable firewall? We’ve invited two security industry leaders to make their case: Join us and bring your questions and opinions!