Attacks/Breaches
7/19/2012
10:57 AM
Connect Directly
RSS
E-Mail
50%
50%

Hackers Claim Wall Street Resume Leak

Team GhostShell members said they've leaked usernames, passwords, and resumes from jobs board ITWallStreet.com.

2012 Salary Survey: 12 Career Insights
2012 Salary Survey: 12 Career Insights
(click image for larger view and for slideshow)
Many Wall Street workers and would-be employees got an unwelcome surprise Wednesday after a hacking group known as Team GhostShell leaked what it said was 50,000 user accounts for an online jobs board that focuses on Wall Street. The site, ITWallStreet.com, allows users to upload their resumes for searching by recruiters.

"IT Wall Street owned. Around 50.000 accounts compromised. The list contains both current, past, and rejected IT personal from Wall Street. The information is as detailed as ever with many other surprises in it. Please, enjoy," read a post to privatepaste.com signed by "Masakaki," who said he's "part of the Far-Eastern Financial District of #TeamGhostShell." The exploit was also announced by Team GhostShell on Twitter.

Reached by phone, a representative for Andiamo Partners, which runs the ITWallStreet.com website, said there was no one available to discuss the alleged leak, or whether it's investigating, and terminated the call. An email sent to an address listed on the company's website as a sales contact also bounced.

The post from Masakaki contained links to 12 posts made to both PasteSite.com and privatepaste.com. (A notice on the latter website, however, warns that "Due to continous [sic] abuse, privatepaste.com will be shutting down August 1st, 2012.") All 12 posts appear to have been deleted from both sites by site administrators.

But, according to news reports, the released data did appear to contain user credentials, including hashed passwords--some of which had been decoded into plaintext--for ITWallStreet.com users, as well as salary expectations, which ranged from $40,000 to $400,000. Other published information appeared to include emails between account managers and headhunters discussing clients' suitability for various roles. A published client list, meanwhile, included numerous Wall Street firms, such as Dow Jones, Morgan Stanley, and Wachovia Bank.

[ Learn One Secret That Stops Hackers: Girlfriends. ]

Despite the claim of having leaked about 50,000 user accounts, Masakaki noted that he'd held back 3,000 resumes from the data leak, "to trade them on the black market."

Why target Wall Street? In the post, Masakaki announced his support for the Occupy Wall Street movement, and appeared to promise further such disclosures. "GhostShell has been leaking left and right all kinds of targets, well we're here to bring some sort of order to it, which is why this district will function solely to provide leaks from an economical point of view, institutional and educational, but primary, it will focus on the financial aspect of things," according to his post. "With that being said, what better target to pick as a first release, than the place that puts all markets to shame in the world. Wall Street."

Previous Team GhostShell leaks have largely focused on Chinese websites as part of its "ProjectDragonFly," which the group describes as a "protest for freedom of speech in China." For example, Team GhostShell leader "deadmellox" claimed to have hacked 38 sites and released details on 200,000 accounts--including usernames and passwords--associated with numerous companies, including China Rencai, Mello Biotech, Yabao Hi-Tech Enterprises, as well as the Chinese branch of Fitch Ratings. Deadmellox also claimed to have exploited cross-site scripting vulnerabilities on numerous websites, including AOL, CNN, Puma, and Peugeot.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Medicalquack
50%
50%
Medicalquack,
User Rank: Apprentice
7/25/2012 | 6:01:31 PM
re: Hackers Claim Wall Street Resume Leak
This goes back to what I said when the Occupy movement started and was chapter one in my 35 part series on the Attack of the Killer Algorithms as being the root behind the entire movement and that's what made it hard for folks to identify their purpose and granted many of the Occupy folks themselves didn't understand what is at the root of all of this but all know something is not right when being denied jobs, healthcare, you name it as we have algorithms running on servers 24/7 making life impacting decisions about all of us and some of that stuff is getting pretty flawed out there with algos for profit. Heck I even had a couple of the demonstrators email and ask me to explain it along with a couple editors from a couple major news sites as they didn't get it either, but that's what it is.

You have total frustration when a machine makes a decision and you can't even find a human to fix it when there are errors. People don't get jobs due to flawed data to where errors are made and on top of that the credit folks don't pay the states timely for their data mining bots and it may be 6 months or longer before the whole daily chain is fixed. In the mean, no help for the consumer even after they have chased all the data for errors and had it fixed, they still have to wait...so this is the root of the cause and I wrote another post called "Algo Duping" society and consumers with spun data so it's all out there. Here's the links to the 35 chapters and I have portion of my site that has a couple excellent videos that help explain this too if you scroll down. I'm all about educating the consumer and explaining how this stuff happens and to stop all the flawed data out there being spun and then accepted as gospel.

http://ducknetweb.blogspot.com...
PJS880
50%
50%
PJS880,
User Rank: Ninja
7/19/2012 | 6:18:15 PM
re: Hackers Claim Wall Street Resume Leak
I would have to say that they targeted the wrong individuals. Masakaki is attacking job seekers, just because they are applying for a position on Wall StGǪCGmon really. These are individuals who most likely are already unemployed and in debt hence posting resumes on a Wall St. job board looking for a better job! I am not one to pick and choose who is bad and who is good, I just call them like I see them and this stinks! I am definitely not the one to determine what is right and wrong either just expressing how I feel!

Masakaki has gotten it wrong, you want to hurt Wall St, donGt go after their potential hires who have no influence regarding Wall St., go after someone who has authority and by you exploiting them hopefully change will occur. I do not see a point in targeting potential employees. Trade resumes on the Black market? Is the job market that bad where I have to buy a bootleg resume from the black market? I ask this what well did this act do for their cause and where the results what they expected?

Paul Sprague
InformationWeek Contributor
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6117
Published: 2014-07-11
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.

CVE-2014-0174
Published: 2014-07-11
Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

CVE-2014-3485
Published: 2014-07-11
The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue.

CVE-2014-3499
Published: 2014-07-11
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.

CVE-2014-3503
Published: 2014-07-11
Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.