Attacks/Breaches
3/1/2013
01:32 PM
Connect Directly
RSS
E-Mail
50%
50%

Anonymous Launches Operation Wall Street, Targets CEOs

Hacktivist collective cites mortgage crisis, Aaron Swartz and bank spying in call to arms to dox "any and all personal information" on financial services firm executives.

Anonymous: 10 Things We Have Learned In 2013
Anonymous: 10 Things We Have Learned In 2013
(click image for larger view and for slideshow)
Anonymous has a new mission: Operation Wall Street.

The loosely organized hacktivist collective Thursday declared war -- or at least inconvenience -- on financial services businesses in a call to arms against "the crimes of Goldman Sachs and other firms" for their role in contributing to the mortgage crisis, amongst other alleged misdeeds.

"It should be the duty of any Anonymous, any hacker, in solidarity with Occupy, to release the Dox on the CEOs & any and all Executives of Goldman Sachs, AIG, Wells Fargo, Chase, Meryl Lynch, and any other guilty party," it wrote, referring to releasing (doxing) stolen data. "Their dox, any and all possible personal information on these people, must be released and made public and spread across the internet as much as possible. The people who have lost their homes and had their lives destroyed deserve to know who it was that did it."

The new statement from Anonymous struck a populist note, referencing widespread bankruptcies triggered by the mortgage crisis, bank employees' bonuses and the poor treatment of Internet activist Aaron Swartz. But it was also personal, calling out Bank of America for its "pathetic assault on Anonymous' methods," referring to what it first alleged Monday was a campaign funded by Bank of America to spy on Anonymous and Occupy members.

The so-called Anonymous Intelligence Agency Par:AnoIA bolstered those claims Wednesday by publishing what it described as "a total of 14GB data, code and software that is related to Bank of America, Bloomberg, Thomson Reuters, TEKSystems and ClearForest."

"Looking at the data it becomes clear that Bank of America, TEKSystems and others ... gathered information on Anonymous and other activists' movement on various social media platforms and public Internet Relay Chat (IRC) channels," according to a statement posted on the Par:AnoIA site. It said the data dump included "a full version of ClearForest's text analyzing software OneCalais," emails between Bank of America and a subcontractor it hired to monitor Anonymous, as well as source code for what appeared to be Bank of America software.

[ Want to learn more about recent Anonymous protests? See Anonymous Plays Games With U.S. Sites. ]

The dumped data and files were reportedly retrieved from an unsecured server located in Tel Aviv, Israel, which also included a full version of OneCalais. "The source of this release has confirmed that the data was not acquired by a hack but because it was stored on a misconfigured server and basically open for grabs," according to Par:AnoIA.

In its statement, Par:AnoIA also noted that 4.8 GB of that data included "detailed career and salary information of hundred of thousands of executives and employees from various corporations all around the world." It said the file was tagged with "reuterscompanycontent" -- which seems to indicate that it came from Thomson Reuters -- although stored in a file named "Bloomberg." "What it was doing on the Israeli server is up to anyone's guess," said Par:AnoIA.

After the 14 GB of data was released, word quickly spread via Twitter that the published software included code designed to infect targeted PCs. "WARNING: The #Anonymous #BOA files include #TROJAN scripts and programs that 'call home' to #ClearForest and #OneCalais," according to a tweet from the OneCalais Twitter account, which broadcast its first tweet on Wednesday.

Bank of America confirmed that data from the bank -- including emails -- had been released by Anonymous, but blamed the underlying data breach on its contractor. "In this instance, a third-party company was compromised," according to a statement issued Wednesday by the bank. "This company was working on a pilot program for monitoring publicly available information to identify information security threats."

Interestingly, a subsequent Twitter post from Anonymous said, "The employees of the 'other company' (@TEKsystems) Bank of America is blaming were all using http://bankofamerica.com e-mail addresses."

Elements of Anonymous had previously targeted Wall Street, calling in 2011 for example for distributed denial-of-service attacks to be launched against the New York Stock Exchange (NYSE) in support of Occupy Wall Street protestors.

But news that Bank of America was spying on members of Anonymous and Occupy seemed to trigger widespread hacktivist outrage. "Hi we were wondering if you'd advise on how to hire incompetent ex-military spook goons to spy on private citizens. Expensive?" read a tweet to the Bank of America's customer support account on Twitter, sent by the Anonymous Operation Last Resort Twitter account.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
dbtinc
50%
50%
dbtinc,
User Rank: Apprentice
3/2/2013 | 2:19:21 PM
re: Anonymous Launches Operation Wall Street, Targets CEOs
Go for it! Our government can't but you guys can!
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-1503
Published: 2014-08-29
Cross-site scripting (XSS) vulnerability in Six Apart (formerly Six Apart KK) Movable Type (MT) Pro 5.13 allows remote attackers to inject arbitrary web script or HTML via the comment section.

CVE-2013-5467
Published: 2014-08-29
Monitoring Agent for UNIX Logs 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, and 6.2.3 through FP04 and Monitoring Server (ms) and Shared Libraries (ax) 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP08, 6.2.3 through FP01, and 6.3.0 through FP01 in IBM Tivoli Monitoring (ITM)...

CVE-2014-0600
Published: 2014-08-29
FileUploadServlet in the Administration service in Novell GroupWise 2014 before SP1 allows remote attackers to read or write to arbitrary files via the poLibMaintenanceFileSave parameter, aka ZDI-CAN-2287.

CVE-2014-0888
Published: 2014-08-29
IBM Worklight Foundation 5.x and 6.x before 6.2.0.0, as used in Worklight and Mobile Foundation, allows remote authenticated users to bypass the application-authenticity feature via unspecified vectors.

CVE-2014-0897
Published: 2014-08-29
The Configuration Patterns component in IBM Flex System Manager (FSM) 1.2.0.x, 1.2.1.x, 1.3.0.x, and 1.3.1.x uses a weak algorithm in an encryption step during Chassis Management Module (CMM) account creation, which makes it easier for remote authenticated users to defeat cryptographic protection me...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
This episode of Dark Reading Radio looks at infosec security from the big enterprise POV with interviews featuring Ron Plesco, Cyber Investigations, Intelligence & Analytics at KPMG; and Chris Inglis & Chris Bell of Securonix.