Attacks/Breaches
3/1/2013
01:32 PM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Anonymous Launches Operation Wall Street, Targets CEOs

Hacktivist collective cites mortgage crisis, Aaron Swartz and bank spying in call to arms to dox "any and all personal information" on financial services firm executives.

Anonymous: 10 Things We Have Learned In 2013
Anonymous: 10 Things We Have Learned In 2013
(click image for larger view and for slideshow)
Anonymous has a new mission: Operation Wall Street.

The loosely organized hacktivist collective Thursday declared war -- or at least inconvenience -- on financial services businesses in a call to arms against "the crimes of Goldman Sachs and other firms" for their role in contributing to the mortgage crisis, amongst other alleged misdeeds.

"It should be the duty of any Anonymous, any hacker, in solidarity with Occupy, to release the Dox on the CEOs & any and all Executives of Goldman Sachs, AIG, Wells Fargo, Chase, Meryl Lynch, and any other guilty party," it wrote, referring to releasing (doxing) stolen data. "Their dox, any and all possible personal information on these people, must be released and made public and spread across the internet as much as possible. The people who have lost their homes and had their lives destroyed deserve to know who it was that did it."

The new statement from Anonymous struck a populist note, referencing widespread bankruptcies triggered by the mortgage crisis, bank employees' bonuses and the poor treatment of Internet activist Aaron Swartz. But it was also personal, calling out Bank of America for its "pathetic assault on Anonymous' methods," referring to what it first alleged Monday was a campaign funded by Bank of America to spy on Anonymous and Occupy members.

The so-called Anonymous Intelligence Agency Par:AnoIA bolstered those claims Wednesday by publishing what it described as "a total of 14GB data, code and software that is related to Bank of America, Bloomberg, Thomson Reuters, TEKSystems and ClearForest."

"Looking at the data it becomes clear that Bank of America, TEKSystems and others ... gathered information on Anonymous and other activists' movement on various social media platforms and public Internet Relay Chat (IRC) channels," according to a statement posted on the Par:AnoIA site. It said the data dump included "a full version of ClearForest's text analyzing software OneCalais," emails between Bank of America and a subcontractor it hired to monitor Anonymous, as well as source code for what appeared to be Bank of America software.

[ Want to learn more about recent Anonymous protests? See Anonymous Plays Games With U.S. Sites. ]

The dumped data and files were reportedly retrieved from an unsecured server located in Tel Aviv, Israel, which also included a full version of OneCalais. "The source of this release has confirmed that the data was not acquired by a hack but because it was stored on a misconfigured server and basically open for grabs," according to Par:AnoIA.

In its statement, Par:AnoIA also noted that 4.8 GB of that data included "detailed career and salary information of hundred of thousands of executives and employees from various corporations all around the world." It said the file was tagged with "reuterscompanycontent" -- which seems to indicate that it came from Thomson Reuters -- although stored in a file named "Bloomberg." "What it was doing on the Israeli server is up to anyone's guess," said Par:AnoIA.

After the 14 GB of data was released, word quickly spread via Twitter that the published software included code designed to infect targeted PCs. "WARNING: The #Anonymous #BOA files include #TROJAN scripts and programs that 'call home' to #ClearForest and #OneCalais," according to a tweet from the OneCalais Twitter account, which broadcast its first tweet on Wednesday.

Bank of America confirmed that data from the bank -- including emails -- had been released by Anonymous, but blamed the underlying data breach on its contractor. "In this instance, a third-party company was compromised," according to a statement issued Wednesday by the bank. "This company was working on a pilot program for monitoring publicly available information to identify information security threats."

Interestingly, a subsequent Twitter post from Anonymous said, "The employees of the 'other company' (@TEKsystems) Bank of America is blaming were all using http://bankofamerica.com e-mail addresses."

Elements of Anonymous had previously targeted Wall Street, calling in 2011 for example for distributed denial-of-service attacks to be launched against the New York Stock Exchange (NYSE) in support of Occupy Wall Street protestors.

But news that Bank of America was spying on members of Anonymous and Occupy seemed to trigger widespread hacktivist outrage. "Hi we were wondering if you'd advise on how to hire incompetent ex-military spook goons to spy on private citizens. Expensive?" read a tweet to the Bank of America's customer support account on Twitter, sent by the Anonymous Operation Last Resort Twitter account.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
dbtinc
50%
50%
dbtinc,
User Rank: Apprentice
3/2/2013 | 2:19:21 PM
re: Anonymous Launches Operation Wall Street, Targets CEOs
Go for it! Our government can't but you guys can!
Register for Dark Reading Newsletters
White Papers
Cartoon
Latest Comment: LOL.
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2011-3154
Published: 2014-04-17
DistUpgrade/DistUpgradeViewKDE.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 does not properly create temporary files, which allows local users to obtain the XAUTHORITY file conte...

CVE-2013-2143
Published: 2014-04-17
The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by setting a user account to an administrator account.

CVE-2014-0036
Published: 2014-04-17
The rbovirt gem before 0.0.24 for Ruby uses the rest-client gem with SSL verification disabled, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors.

CVE-2014-0054
Published: 2014-04-17
The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External ...

CVE-2014-0071
Published: 2014-04-17
PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neutron, which allows remote attackers to bypass intended access restrictions and make unauthorized connections.

Best of the Web