Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

Anonymous Launches Operation Wall Street, Targets CEOs

Hacktivist collective cites mortgage crisis, Aaron Swartz and bank spying in call to arms to dox "any and all personal information" on financial services firm executives.

Anonymous: 10 Things We Have Learned In 2013
Anonymous: 10 Things We Have Learned In 2013
(click image for larger view and for slideshow)
Anonymous has a new mission: Operation Wall Street.

The loosely organized hacktivist collective Thursday declared war -- or at least inconvenience -- on financial services businesses in a call to arms against "the crimes of Goldman Sachs and other firms" for their role in contributing to the mortgage crisis, amongst other alleged misdeeds.

"It should be the duty of any Anonymous, any hacker, in solidarity with Occupy, to release the Dox on the CEOs & any and all Executives of Goldman Sachs, AIG, Wells Fargo, Chase, Meryl Lynch, and any other guilty party," it wrote, referring to releasing (doxing) stolen data. "Their dox, any and all possible personal information on these people, must be released and made public and spread across the internet as much as possible. The people who have lost their homes and had their lives destroyed deserve to know who it was that did it."

The new statement from Anonymous struck a populist note, referencing widespread bankruptcies triggered by the mortgage crisis, bank employees' bonuses and the poor treatment of Internet activist Aaron Swartz. But it was also personal, calling out Bank of America for its "pathetic assault on Anonymous' methods," referring to what it first alleged Monday was a campaign funded by Bank of America to spy on Anonymous and Occupy members.

The so-called Anonymous Intelligence Agency Par:AnoIA bolstered those claims Wednesday by publishing what it described as "a total of 14GB data, code and software that is related to Bank of America, Bloomberg, Thomson Reuters, TEKSystems and ClearForest."

"Looking at the data it becomes clear that Bank of America, TEKSystems and others ... gathered information on Anonymous and other activists' movement on various social media platforms and public Internet Relay Chat (IRC) channels," according to a statement posted on the Par:AnoIA site. It said the data dump included "a full version of ClearForest's text analyzing software OneCalais," emails between Bank of America and a subcontractor it hired to monitor Anonymous, as well as source code for what appeared to be Bank of America software.

[ Want to learn more about recent Anonymous protests? See Anonymous Plays Games With U.S. Sites. ]

The dumped data and files were reportedly retrieved from an unsecured server located in Tel Aviv, Israel, which also included a full version of OneCalais. "The source of this release has confirmed that the data was not acquired by a hack but because it was stored on a misconfigured server and basically open for grabs," according to Par:AnoIA.

In its statement, Par:AnoIA also noted that 4.8 GB of that data included "detailed career and salary information of hundred of thousands of executives and employees from various corporations all around the world." It said the file was tagged with "reuterscompanycontent" -- which seems to indicate that it came from Thomson Reuters -- although stored in a file named "Bloomberg." "What it was doing on the Israeli server is up to anyone's guess," said Par:AnoIA.

After the 14 GB of data was released, word quickly spread via Twitter that the published software included code designed to infect targeted PCs. "WARNING: The #Anonymous #BOA files include #TROJAN scripts and programs that 'call home' to #ClearForest and #OneCalais," according to a tweet from the OneCalais Twitter account, which broadcast its first tweet on Wednesday.

Bank of America confirmed that data from the bank -- including emails -- had been released by Anonymous, but blamed the underlying data breach on its contractor. "In this instance, a third-party company was compromised," according to a statement issued Wednesday by the bank. "This company was working on a pilot program for monitoring publicly available information to identify information security threats."

Interestingly, a subsequent Twitter post from Anonymous said, "The employees of the 'other company' (@TEKsystems) Bank of America is blaming were all using http://bankofamerica.com e-mail addresses."

Elements of Anonymous had previously targeted Wall Street, calling in 2011 for example for distributed denial-of-service attacks to be launched against the New York Stock Exchange (NYSE) in support of Occupy Wall Street protestors.

But news that Bank of America was spying on members of Anonymous and Occupy seemed to trigger widespread hacktivist outrage. "Hi we were wondering if you'd advise on how to hire incompetent ex-military spook goons to spy on private citizens. Expensive?" read a tweet to the Bank of America's customer support account on Twitter, sent by the Anonymous Operation Last Resort Twitter account.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
dbtinc
50%
50%
dbtinc,
User Rank: Apprentice
3/2/2013 | 2:19:21 PM
re: Anonymous Launches Operation Wall Street, Targets CEOs
Go for it! Our government can't but you guys can!
NSA Appoints Rob Joyce as Cyber Director
Dark Reading Staff 1/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: I like the old version of Google assistant much better.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-8567
PUBLISHED: 2021-01-21
Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods.
CVE-2020-8568
PUBLISHED: 2021-01-21
Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file contents to Kubernetes Secrets. This includes paths under var/lib/kubelet/pods that conta...
CVE-2020-8569
PUBLISHED: 2021-01-21
Kubernetes CSI snapshot-controller prior to v2.1.3 and v3.0.2 could panic when processing a VolumeSnapshot custom resource when: - The VolumeSnapshot referenced a non-existing PersistentVolumeClaim and the VolumeSnapshot did not reference any VolumeSnapshotClass. - The snapshot-controller crashes, ...
CVE-2020-8570
PUBLISHED: 2021-01-21
Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside of the current directory when copying multiple files from a remote pod which sends a maliciously crafted archive. This can potentially overwrite any files on the system of the process executi...
CVE-2020-8554
PUBLISHED: 2021-01-21
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typicall...