Attacks/Breaches
3/1/2013
01:32 PM
Connect Directly
RSS
E-Mail
50%
50%

Anonymous Launches Operation Wall Street, Targets CEOs

Hacktivist collective cites mortgage crisis, Aaron Swartz and bank spying in call to arms to dox "any and all personal information" on financial services firm executives.

Anonymous: 10 Things We Have Learned In 2013
Anonymous: 10 Things We Have Learned In 2013
(click image for larger view and for slideshow)
Anonymous has a new mission: Operation Wall Street.

The loosely organized hacktivist collective Thursday declared war -- or at least inconvenience -- on financial services businesses in a call to arms against "the crimes of Goldman Sachs and other firms" for their role in contributing to the mortgage crisis, amongst other alleged misdeeds.

"It should be the duty of any Anonymous, any hacker, in solidarity with Occupy, to release the Dox on the CEOs & any and all Executives of Goldman Sachs, AIG, Wells Fargo, Chase, Meryl Lynch, and any other guilty party," it wrote, referring to releasing (doxing) stolen data. "Their dox, any and all possible personal information on these people, must be released and made public and spread across the internet as much as possible. The people who have lost their homes and had their lives destroyed deserve to know who it was that did it."

The new statement from Anonymous struck a populist note, referencing widespread bankruptcies triggered by the mortgage crisis, bank employees' bonuses and the poor treatment of Internet activist Aaron Swartz. But it was also personal, calling out Bank of America for its "pathetic assault on Anonymous' methods," referring to what it first alleged Monday was a campaign funded by Bank of America to spy on Anonymous and Occupy members.

The so-called Anonymous Intelligence Agency Par:AnoIA bolstered those claims Wednesday by publishing what it described as "a total of 14GB data, code and software that is related to Bank of America, Bloomberg, Thomson Reuters, TEKSystems and ClearForest."

"Looking at the data it becomes clear that Bank of America, TEKSystems and others ... gathered information on Anonymous and other activists' movement on various social media platforms and public Internet Relay Chat (IRC) channels," according to a statement posted on the Par:AnoIA site. It said the data dump included "a full version of ClearForest's text analyzing software OneCalais," emails between Bank of America and a subcontractor it hired to monitor Anonymous, as well as source code for what appeared to be Bank of America software.

[ Want to learn more about recent Anonymous protests? See Anonymous Plays Games With U.S. Sites. ]

The dumped data and files were reportedly retrieved from an unsecured server located in Tel Aviv, Israel, which also included a full version of OneCalais. "The source of this release has confirmed that the data was not acquired by a hack but because it was stored on a misconfigured server and basically open for grabs," according to Par:AnoIA.

In its statement, Par:AnoIA also noted that 4.8 GB of that data included "detailed career and salary information of hundred of thousands of executives and employees from various corporations all around the world." It said the file was tagged with "reuterscompanycontent" -- which seems to indicate that it came from Thomson Reuters -- although stored in a file named "Bloomberg." "What it was doing on the Israeli server is up to anyone's guess," said Par:AnoIA.

After the 14 GB of data was released, word quickly spread via Twitter that the published software included code designed to infect targeted PCs. "WARNING: The #Anonymous #BOA files include #TROJAN scripts and programs that 'call home' to #ClearForest and #OneCalais," according to a tweet from the OneCalais Twitter account, which broadcast its first tweet on Wednesday.

Bank of America confirmed that data from the bank -- including emails -- had been released by Anonymous, but blamed the underlying data breach on its contractor. "In this instance, a third-party company was compromised," according to a statement issued Wednesday by the bank. "This company was working on a pilot program for monitoring publicly available information to identify information security threats."

Interestingly, a subsequent Twitter post from Anonymous said, "The employees of the 'other company' (@TEKsystems) Bank of America is blaming were all using http://bankofamerica.com e-mail addresses."

Elements of Anonymous had previously targeted Wall Street, calling in 2011 for example for distributed denial-of-service attacks to be launched against the New York Stock Exchange (NYSE) in support of Occupy Wall Street protestors.

But news that Bank of America was spying on members of Anonymous and Occupy seemed to trigger widespread hacktivist outrage. "Hi we were wondering if you'd advise on how to hire incompetent ex-military spook goons to spy on private citizens. Expensive?" read a tweet to the Bank of America's customer support account on Twitter, sent by the Anonymous Operation Last Resort Twitter account.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
dbtinc
50%
50%
dbtinc,
User Rank: Apprentice
3/2/2013 | 2:19:21 PM
re: Anonymous Launches Operation Wall Street, Targets CEOs
Go for it! Our government can't but you guys can!
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3345
Published: 2014-08-28
The web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway Installation Software) 4.0 does not properly check authorization for administrative web pages, which allows remote attackers to modify the product via a crafted URL, aka Bug ID CSCuq31503.

CVE-2014-3347
Published: 2014-08-28
Cisco IOS 15.1(4)M2 on Cisco 1800 ISR devices, when the ISDN Basic Rate Interface is enabled, allows remote attackers to cause a denial of service (device hang) by leveraging knowledge of the ISDN phone number to trigger an interrupt timer collision during entropy collection, leading to an invalid s...

CVE-2014-4199
Published: 2014-08-28
vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, allows local users to write to arbitrary files via a symlink attack on a file in /tmp.

CVE-2014-4200
Published: 2014-08-28
vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, uses 0644 permissions for the vm-support archive, which allows local users to obtain sensitive information by extracting files from this archive.

CVE-2014-0761
Published: 2014-08-27
The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows remote attackers to cause a denial of service (infinite loop or process crash) via a crafted TCP packet.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
This episode of Dark Reading Radio looks at infosec security from the big enterprise POV with interviews featuring Ron Plesco, Cyber Investigations, Intelligence & Analytics at KPMG; and Chris Inglis & Chris Bell of Securonix.