Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Hackers Claim Wall Street Resume Leak

Team GhostShell members said they've leaked usernames, passwords, and resumes from jobs board ITWallStreet.com.

2012 Salary Survey: 12 Career Insights
2012 Salary Survey: 12 Career Insights
(click image for larger view and for slideshow)
Many Wall Street workers and would-be employees got an unwelcome surprise Wednesday after a hacking group known as Team GhostShell leaked what it said was 50,000 user accounts for an online jobs board that focuses on Wall Street. The site, ITWallStreet.com, allows users to upload their resumes for searching by recruiters.

"IT Wall Street owned. Around 50.000 accounts compromised. The list contains both current, past, and rejected IT personal from Wall Street. The information is as detailed as ever with many other surprises in it. Please, enjoy," read a post to privatepaste.com signed by "Masakaki," who said he's "part of the Far-Eastern Financial District of #TeamGhostShell." The exploit was also announced by Team GhostShell on Twitter.

Reached by phone, a representative for Andiamo Partners, which runs the ITWallStreet.com website, said there was no one available to discuss the alleged leak, or whether it's investigating, and terminated the call. An email sent to an address listed on the company's website as a sales contact also bounced.

The post from Masakaki contained links to 12 posts made to both PasteSite.com and privatepaste.com. (A notice on the latter website, however, warns that "Due to continous [sic] abuse, privatepaste.com will be shutting down August 1st, 2012.") All 12 posts appear to have been deleted from both sites by site administrators.

But, according to news reports, the released data did appear to contain user credentials, including hashed passwords--some of which had been decoded into plaintext--for ITWallStreet.com users, as well as salary expectations, which ranged from $40,000 to $400,000. Other published information appeared to include emails between account managers and headhunters discussing clients' suitability for various roles. A published client list, meanwhile, included numerous Wall Street firms, such as Dow Jones, Morgan Stanley, and Wachovia Bank.

[ Learn One Secret That Stops Hackers: Girlfriends. ]

Despite the claim of having leaked about 50,000 user accounts, Masakaki noted that he'd held back 3,000 resumes from the data leak, "to trade them on the black market."

Why target Wall Street? In the post, Masakaki announced his support for the Occupy Wall Street movement, and appeared to promise further such disclosures. "GhostShell has been leaking left and right all kinds of targets, well we're here to bring some sort of order to it, which is why this district will function solely to provide leaks from an economical point of view, institutional and educational, but primary, it will focus on the financial aspect of things," according to his post. "With that being said, what better target to pick as a first release, than the place that puts all markets to shame in the world. Wall Street."

Previous Team GhostShell leaks have largely focused on Chinese websites as part of its "ProjectDragonFly," which the group describes as a "protest for freedom of speech in China." For example, Team GhostShell leader "deadmellox" claimed to have hacked 38 sites and released details on 200,000 accounts--including usernames and passwords--associated with numerous companies, including China Rencai, Mello Biotech, Yabao Hi-Tech Enterprises, as well as the Chinese branch of Fitch Ratings. Deadmellox also claimed to have exploited cross-site scripting vulnerabilities on numerous websites, including AOL, CNN, Puma, and Peugeot.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
7/25/2012 | 6:01:31 PM
re: Hackers Claim Wall Street Resume Leak
This goes back to what I said when the Occupy movement started and was chapter one in my 35 part series on the Attack of the Killer Algorithms as being the root behind the entire movement and that's what made it hard for folks to identify their purpose and granted many of the Occupy folks themselves didn't understand what is at the root of all of this but all know something is not right when being denied jobs, healthcare, you name it as we have algorithms running on servers 24/7 making life impacting decisions about all of us and some of that stuff is getting pretty flawed out there with algos for profit. Heck I even had a couple of the demonstrators email and ask me to explain it along with a couple editors from a couple major news sites as they didn't get it either, but that's what it is.

You have total frustration when a machine makes a decision and you can't even find a human to fix it when there are errors. People don't get jobs due to flawed data to where errors are made and on top of that the credit folks don't pay the states timely for their data mining bots and it may be 6 months or longer before the whole daily chain is fixed. In the mean, no help for the consumer even after they have chased all the data for errors and had it fixed, they still have to wait...so this is the root of the cause and I wrote another post called "Algo Duping" society and consumers with spun data so it's all out there. Here's the links to the 35 chapters and I have portion of my site that has a couple excellent videos that help explain this too if you scroll down. I'm all about educating the consumer and explaining how this stuff happens and to stop all the flawed data out there being spun and then accepted as gospel.

User Rank: Ninja
7/19/2012 | 6:18:15 PM
re: Hackers Claim Wall Street Resume Leak
I would have to say that they targeted the wrong individuals. Masakaki is attacking job seekers, just because they are applying for a position on Wall StGǪCGmon really. These are individuals who most likely are already unemployed and in debt hence posting resumes on a Wall St. job board looking for a better job! I am not one to pick and choose who is bad and who is good, I just call them like I see them and this stinks! I am definitely not the one to determine what is right and wrong either just expressing how I feel!

Masakaki has gotten it wrong, you want to hurt Wall St, donGt go after their potential hires who have no influence regarding Wall St., go after someone who has authority and by you exploiting them hopefully change will occur. I do not see a point in targeting potential employees. Trade resumes on the Black market? Is the job market that bad where I have to buy a bootleg resume from the black market? I ask this what well did this act do for their cause and where the results what they expected?

Paul Sprague
InformationWeek Contributor
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-04-17
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivile...
PUBLISHED: 2021-04-17
Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (ker...
PUBLISHED: 2021-04-17
A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. We have already fixed this vulnerability in the following versions: QTS Build 20210202 and later Q...
PUBLISHED: 2021-04-17
An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedia C...
PUBLISHED: 2021-04-16
jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDe...