=========================================================
=========================================================
__________ __ __
\______ \__ ___/ |__/ |_____________ ____ ______
| | _/ | \ __\ __\_ __ \__ \ _/ __ \\____ \
| | \ | /| | | | | | \// __ \\ ___/| |_> >
|______ /____/ |__| |__| |__| (____ /\___ > __/
\/ \/ \/|__|
=========================================================
==== HAS MUMMY EVER SAID DONT PLAY WITH ANONYMOUS??? ====
=========================================================
Bank of America went totally nuts and fucking mad cow
and censored all the previous releases, as we love so
much fingering prolapses after buttraeping. here we go
again.
so....
MEGA TEASEEEEEEEEEEEEEEEEERRRR
ALSO COCKS
\:D/
Summary of Information: By the way, if you asked Santa for a present
this #LulzXmas BE PATIENT. Santa has another week people. Questions?
Twitter @ DesructiveSec - Anontastic - Comment: This new information
suggests that we may not be seeing any �Big� releases from #LulzXmas
just yet, however it is advised that we not let our guards down as this
could be what they are hoping for. Ends.
Respectfully,
Jay Haak
Threat Analyst - 24/7 Early Warning Team
TEKsystems Contractor for Bank Of America
Cell: (281) 840-1822
Email: jay.haak@bankofamerica.com
BAML-EWT email.png
Subject: EWT - TACTO - Tracking Occupiers
-----------------------------------------
BAML-EWT logo.png
Source: RawStory.com / Twitter
Date / Time: Tweeted � 28 APR 12 @ 21:07EST / Story Posted � 28 APR 12 @
19:19EDT
Summary of Information: The following tweet was observed: �Banks
cooperating with police to track #Occupy protestors: goo.gl/tpvko #OWS #MAY1st
#MAYDAY @M1GS� � AnonInfoWarfare. The link is to a story that was written
by Andrew Jones of RawStory claiming that American banks and those overseas are
working with law enforcement officials in order to detect and deter the Occupy
Protestors attacks. Currently there are 20 comments from readers, 193
Recommendations to Facebook Users, and 27 Tweets About this Story have been
observed.
http://www.rawstory.com/rs/2012/04/28/banks-cooperating-with-police-to-track-occ
upy-protesters/
Comment: Some comments that have been observed have been individuals claiming
their not surprised while others are outraged. By this story being spread
through the normal social media venues and #MAYDAY quickly approaching we could
see some changes in the way Occupy decides to get the word out to their fellow
protestors. EWT will continue to monitor for any developments regarding this
story, or any suggestions of alternate means of communication regarding protest
activities. Ends.
Respectfully,
Jay Haak
Threat Analyst - 24/7 Early Warning Team
TEKsystems Contractor for Bank Of America
Cell: (281) 840-1822
Email: jay.haak@bankofamerica.com
BAML-EWT email.png
Source: IRC/Pastebin
Date / Time: 28 APR 12/Paste � 27 APR 12
Summary of Information: A user going by the nick Laurelai entered the Channel
#voxanon in the VoxAnon IRC stating that Barrett Brown isn�t a snitch.
�hxxps://pastebin.com/LtadDiFC oh look barrett brown isn�t a snitch
either�. The pastebin is a series of several text messages between what is
believed to be an informant and a law enforcement official. Full paste
contents are attached to this message in a Word Document for further analysis.
Comment: These messages could be from Sabu who was ousted as an informant not
long ago, however there is nothing to substantiate this and is merely an
assumption. Ends.
Respectfully,
Jay Haak
Threat Analyst - 24/7 Early Warning Team
TEKsystems Contractor for Bank Of America
Cell: (281) 840-1822
Email: jay.haak@bankofamerica.com
BAML-EWT email.png
================================================================================
====================================================
================================================================================
====================================================
Subject: EWT - TACTO
--------------------
BAML-EWT logo.png
Source: IRC/Pastebin
Date / Time: 28 APR 12/Paste � 27 APR 12
Summary of Information: A user going by the nick Laurelai entered the Channel
#voxanon in the VoxAnon IRC stating that Barrett Brown isn�t a snitch.
�hxxps://pastebin.com/LtadDiFC oh look barrett brown isn�t a snitch
either�. The pastebin is a series of several text messages between what is
believed to be an informant and a law enforcement official. Full paste
contents are attached to this message in a Word Document for further analysis.
Comment: These messages could be from Sabu who was ousted as an informant not
long ago, however there is nothing to substantiate this and is merely an
assumption. Ends.
Respectfully,
Jay Haak
Threat Analyst - 24/7 Early Warning Team
TEKsystems Contractor for Bank Of America
Cell: (281) 840-1822
Email: jay.haak@bankofamerica.com
BAML-EWT email.png
--------------------------------------------------------------------------------
------------------------------------------------------------------------
Subject: FLASH INITIAL - Anonymous targeting www.goldmansachs.com in DDOS
channel
--------------------------------------------------------------------------------
-
cid:image001.png@01CCAEB9.C9EDA800
ConfidentialDataGISTMPandora17hola38
This advisory is informational only. Threat Management has been made
aware of Threat Activity taking place external to the Enterprise. This
report is intended to provide early warning information should this
threat begin to impact Enterprise-wide operations.
Distribution should be limited to �need-to-know� parties.
INITIAL FLASH SUMMARY
On the AnonOps IRC server, in the #DDOS channel, at approximately 4:05
PM ET, members of Anonymous began to discuss and then to target
www.goldmansachs.com. It appears as if there is already a booster
created for this attack, and the attack is currently underway. Other
anons are talking up the attack in others channels, such as #antisec and
#lulxsecreborn. #DDOS channel has 179 people in the channel.
Threat Management reached out to our contact at Goldman Sachs, and have
made CTPS management aware.
Source: IRC � AnonOps #DDOS
Date/Time: 31 Mar 12 @ 16:05EST � Present
Summary of Information: The following is the transcript of the
development of the current attack on Goldman Sachs (DO NOT CLICK
LINKS!):
CONTENT BEGINS
* Kenny_Powers has changed the topic to: #DDOS :: TARGET:
www.goldmansachs.com :: BOOSTER: http://pastebin.com/YSfGyAqr :: [
#OpDownWithACTA - #OpBlackout - #setup - #tutorials - #anonops -
#OpGreece - #OpSyria - #Defacement - #Aph - #OpNewBlood - #OpPirateBay -
#OpActaFR - #OperationGreenRights - #OpIran - #Polska - #vHost ] <root>
right
Comment. Very small numbers in the channel, tools mention are LOIC and
Slowloris. Ends.
Next Steps � Monitoring for further traction by more anons, and any
reported impact on the target. This FLASH will be updated as more
information becomes available.
--------------------------------------------------------------------------------
-----------------------------------------------------------
Subject: EWT - TACTO - JoshTheGod's IPs
---------------------------------------
BAML-EWT logo.png
Source: Twitter/josh-the-god.com
Date / Time: 24 May 12
Summary of Information: �@JoshTheGod � We�ll just keep uploading your
d0x everywhere, I�m sure your tiny botnet can�t handle 20+ sites. Cheers
hxxp://t.co/SsXK4EpL� Sent by @UGDocs at 13:02EST. The link directs you to
hxxp://www.josh-the-god.com which has several pieces of information that claim
to identify JoshTheGod. Most recently posted (7 hours ago) was the suspected
IP addresses for JoshTheGod. Comment: EWT is unable to determine the
legitimacy of this information, but will continue to monitor the site for any
further releases of information. Ends.
//Paste Begins//
JoshTheGod�s aka Josh Mendez�s IPs - �d0x�
Save these and post them everywhere! He�s gotten the pastebin�s removed,
and is currently DDOSing my Soup.IO account� Maybe because it�s the CORRECT
INFORMATION?
Next time newbie will remember to remove �direct-connect� - Have fun, I
mean �block� these IPS:
Josh�s IPs: Note the Windows box at OVH as well:
cpanel.hfu.cc
IP: 94.23.161.175
ftp.hfu.cc
IP: 94.23.161.175
localhost.hfu.cc
IP: 127.0.0.1
mail.hfu.cc
IP: 94.23.161.175
ns1.hfu.cc
IP: 94.23.161.175
ns2.hfu.cc
IP: 176.31.237.84
ns3.hfu.cc
IP: 96.9.186.213
server.hfu.cc
IP: 176.31.237.84
webmail.hfu.cc
IP: 94.23.161.175
windows.hfu.cc
IP: 176.31.229.158
www.hfu.cc
IP: 94.23.161.175
Plus for LULZ, his home IP, a little birdie told me a LOIC would take it down
alone.
Joshua Isabella Mendez a.k.a. �UGNazi� aka JoshTheGod.
D0X / Addy:
73 Bodine Street, Staten Island, NY 10310
MySpace:
hxxp://www.myspace.com/dancingsantajosh
Photos:
hxxp://www.myspace.com/dancingsantajosh/photos/
Twitter(s):
hxxp://twitter.com/JoshTheGod - hxxp://twitter.com/UG Home IP:
(pool-435091bb.dyn.optonline.net) :: 67.80.145.187 �All information was
verified from their IP addresses that logged into irc.anonops.pro gladly
provided to us by an informant who is an Oper in the IRC�
//Paste Ends//
Respectfully,
Jay Haak
Cyber Threat Analyst - 24/7 Early Warning Team
TEKsystems Contractor for Bank Of America
Cell: (281) 840-1822
Email: jay.haak@bankofamerica.com
BAML-EWT email.png
--------------------------------------------------------------------------------
---------------------------------------------------------
Subject: EWT - TACTO - @th3j35t3r Info UPDATE
---------------------------------------------
BAML-EWT logo.png
Source: Twitter
Date / Time: 12-13 May 2012
Summary of Information: While monitoring a tweetdeck feed for
�th3j35t3r� a user by the twitter handle @cubespherical began to call
out th3j35t3r to speak with him (@cubespherical) through DM. Apparently
th3j35t3r has not replied to the DM, and therefore @cubespherical has
begun to provide Intel on th3j35t3r until th3j35t3r replies to the DM.
Below is a transcript of the twitter information that has been suggested
to be related to th3j35t3r.
Smedley Manning ? @cubespherical - @th3j35t3r Still cruising in that
Chevy Silverado? Gonna keep dropping info until you come back to me on
DM. Let's not do this in the open?
1h Smedley Manning ? @cubespherical - @th3j35t3r 10 words for you.
Dallas Cowboys. Scruffy Murphys GA, Shiner, Ft Benning, 2003. You. -
Want to talk to me yet? Why so quiet?
1h Smedley Manning ? @cubespherical - @th3j35t3r ...Happy Birthday for
next week ...RD. Don't go quiet on me, come back to DM. You don't want
to talk about this in public do you?
17h Smedley Manning ? @cubespherical - @AnonymousDown True. only with
the oysters and Tabasco. I know the oyster. Capiche me? He knows it too.
DM.
17h Smedley Manning ? @cubespherical - Still waiting @th3j35t3r - I can
go nuclear with it. You can still deal for now. DM is best for us both.
Don't make mistake to ignore DM.
from Alabama, US
12 May Smedley Manning ? @cubespherical - @th3j35t3r sent you a DM. You
should check it at your earliest convenience. In your interests.
from Alabama, US
Comment: Everyone claims to have dox on th3j35t3r this information may
not be credible, however it may be interesting to see how much more info
is leaked by @cubspherical. In the event that the doxing tweets cease
we may be able to ascertain that this info is legitimate and that
th3j35t3r finally replied to the DM to avoid any further information
being released. Ends.
UPDATE The following image was posted in #anonops by username Astro
stating �this is AWESOME
http://i218.photobucket.com/albums/cc213/truelai3/BdK3T.jpg� COMMENT The
image magnified shows a chain of Direct Messages stating that
@cubespherical knew who @th3j35ter was and that he was going to be
�outing� him after building money for wikileaks.
Jeremiah Piper, 24x7 Monitoring
TEKsystems - Onsite at Bank of America
Office: (214)209-7160
Email: jeremiah.piper@bankofamerica.com
http://www.TEKsystems.com
cid:image002.png@01CCC06F.771CF0F0
--------------------------------------------------------------------------------
---------------------------------------------------
Subject: EWT TACTO - Assange Asylum
-----------------------------------
Early Warning Team
<http://sharepoint.bankofamerica.com/sites/cis/vulnerability/Controlsand
ProcessEngineering/ThreatManagement/EWT>
Assange Asylum has been added
Modify my alert settings
<http://sharepoint.bankofamerica.com/sites/cis/vulnerability/Controlsand
ProcessEngineering/ThreatManagement/EWT/_layouts/MySubs.aspx> |
View Assange Asylum
<http://sharepoint.bankofamerica.com/sites/cis/vulnerability/Controlsand
ProcessEngineering/ThreatManagement/EWT//Lists/TACTO/DispForm.aspx?ID=99
> | View TACTO
<http://sharepoint.bankofamerica.com/sites/cis/vulnerability/Controlsand
ProcessEngineering/ThreatManagement/EWT/Lists/TACTO>
Title: Assange Asylum
Date Time Group: 8/15/2012 11:15
SOURCE: Open Source Internet; Twitter
Attachment: No Attachment
Websites \ URL: www.ustream.tv/channel.occupynewsnetwork
http://www.nytimes.com/2012/08/16/world/americas/ecuador-says-britain-th
reatened-to-enter-embassy-to-get-assange.html
http://www.guardian.co.uk/media/2012/aug/16/julian-assange-ecuador-embas
sy-asylum?newsfeed=true
http://www.huffingtonpost.com/2012/08/15/julian-assange-ecuador-raid-uk-
asylum_n_1784797.html?utm_hp_ref=media
Tacto Updates:
Summary of Intelligence: Throughout the evening reports via
twitter, OSINT, and livestream video feeds have claimed that the UK has
issued a notification to Ecuador's Embassy. The notification was
perceived as a threat by Officials from Ecuador, "Today we have received
from the United Kingdom an explicit threat in writing that they could
assault our embassy in London if Ecuador does not hand over Julian
Assange,� Mr. Pati�o said at a news conference in Quito, adding
defiantly, �We are not a British colony.� This information has been all
over social media throughout the evening. It has gained alot of
attention from WikiLeaks supporters as well as Occupy members. When the
reports initially came out that Julian Assange would be taken from the
Embassy users were streaming via bambuser.com. Shortly after feeds
began the site bambuser.com was takend down by a DDoS attack in which
@AntiLeaks took credit. The J35t3r als
Comment: EWT will continue to monitor this activity due to the
negative ties between WikiLeaks and Bank of America. Due to the
financial blockade BAC may be considered a target if Julian Assange is
handed over to authorities, and the supporters decide to attack those
they feel responsible.
Intelligence Type: Informational
Actions Taken:
Credit Card Numbers Discoverd: No
Credit Card Data Obtained:
Modified: 8/15/2012 22:13
Created: 8/15/2012 22:13
Last Modified 8/15/2012 22:13 by Haak, Jay
--------------------------------------------------------------------------------
-------------------------------------------
Subject: TACTO - Sopa Support
-----------------------------
Team,
Source: IRC - @Indymedia / #occupywallstreet
Date/Time: 21 December 2011 @ 1840EST
Summary of Information:
<jihad>
http://judiciary.house.gov/issues/Rouge%20Websites/SOPA%20Supporters.pdf
<badgerfem> Do these organizations know what they have started?
<badgerfem> Follow the money
Comment: The list is 4 pages in length and has a header of United
States House of Representatives � Judiciary Committee � Chairman Lamar
Smith (TX-21). List of Supporters: H.R. 3261, the Stop Online Piracy
Act. Included among those named are two of our critical suppliers:
MasterCard Worldwide and Visa, Inc. This has been the only mention of
this document at this time, and it has not hit twitter as of yet. EWT
will continue to monitor for any further developments. Ends.
Respectfully,
Jay Haak
Threat Analyst - 24/7 Early Warning Team
TEKsystems Contractor for Bank Of America
Cell: (281) 840-1822
Email: jay.haak@bankofamerica.com
BAML-EWT email.png
--------------------------------------------------------------------------------
-------------------------------
Subject: TACTO - Break Up with BofA
-----------------------------------
Source: Twitter
Date/Time: 14 Feb 12 @ 14:08EST
Summary of Information: The following message was tweeted by
dharmaburning, �LIVE: Occupy SF #VD Break up with BofA (@occupy1liberty
live at ustre.amEUCF/1) Comment: EWT will monitor for any developments
or indications as to which locations may be targeted, and report them to
the necessary individuals. Ends.
Respectfully,
Jay Haak
Threat Analyst - 24/7 Early Warning Team
TEKsystems Contractor for Bank Of America
Cell: (281) 840-1822
Email: jay.haak@bankofamerica.com
BAML-EWT email.png
--------------------------------------------------------------------------------
-----------------------------
Subject: FLASH INITIAL: Threat of a virtual sit-in against BAC
---------------------------------------------------------------
cid:image001.png@01CCAEB9.C9EDA800
ConfidentialDataGISTMPandora17hola38
This advisory is informational only. Threat Management has been made
aware of Threat Activity taking place external to the Enterprise. This
report is intended to provide early warning information should this
threat begin to impact Enterprise-wide operations.
Distribution should be limited to �need-to-know� parties.
INITIAL FLASH SUMMARY
The FBI warned BAC of a plan to attack multiple websites, including BAC,
as part of a �virtual sit-in for Public Education�. Instructions for
participation in this attack are at
http://reclaimucsd.wordpress.com/category/virtual-sit-in/. This event
is being hosted by the Public Education Coalition of UCSD. This page
states that the virtual sit-in will take place from March 1st � 5th.
And defines the attack as, �DAY OF ACTION, ELECTRONIC CIVIL
DISOBEDIENCE, MARCH 1ST, NEOLIBERALISM, VIRTUAL SIT-IN�. Included in
this page are instruction to download a .zip file that they claim only
includes, �4 simple HTML pages�. They go on to give instructions on
what needs to be copied and then pasted to the users browser. They
state that this will work with any browser. They also provide
instructions at virtualsitin.com for participants that are leery of
downloading or on a machine in which the user cannot download from the
internet. Specific targets listed on the website are bankofamerica.com,
universityofcalifornia.edu, and jerrybrown.org.
Thus far there has been tweets (below) suggesting that this action is
�happening now� and calling for participants to join the action.
"Download and click. Click = Action: March 1st-5th Virtual Sit-In <<
Reclaim UCSD hxxp://t.co/dUq52Qd2" - Sent by banglab at 06:46EST 01
March 2012.�
"HAPPENING NOW - March 1st-5th Virtual Sit Participation wp.me/p2dCZS-5t
via @ReclaimUCSD" - Sent by sadey_occupy at 03:50EST 01 March 2012.�
Below are the instructions found within the .zip file on the website �
To use the sit-in action page:
1. DOWNLOAD: You can download the action files and run them directly
from your own hard drive here. This will help reduce the load on our
server. We promise there are no viruses attached to these files. All you
need to do is uncompress the zipped archive which will give you a
directory with a bunch of files in it. Open the one called index.html in
your browser and you'll be on your way to a pleasant sit-in.
2. Then click "Enter the Action" to participate. The action page runs
automatically when it loads, but it takes 40-60 seconds to load
depending on your connection speed. The frames at the top part of the
page may initially load very slowly. This is a delay to allow the
browser to call all the objects on the page. But once all frames are
loaded the reload speed will increase. The status of the page is
displayed in the upper 'status' window.
3. You are going to see lots of error messages saying "Not Found, the
URL /funding (etc.) was not found on this server". This is by design and
expected. Afterall, we don't really expect to find funding, equality,
action, transparency, justice, ... under the current effects of
neoliberalization and privatization that have pervaded higher education.
4. CONNECTION SPEED: In the 'speed' box on the right side in the
bottom part of the page you see the speed at which the action page is
reloading the frames in the top part. It automatically runs on the
assumption that you have a slow dialup connection. If you have a fast
dialup connection then click on the 'CHANGE SPEED' button to increase
the speed of the operation. If you have a high speed connection - T1,
ISDN, etc., as you might at a company, university, an internet cafe or
even at home - then click on 'CHANGE SPEED' again to set the page for
it's highest speed of operation.
5. The 'slow dialup' setting submits requests to each page every 6
seconds. The 'fast dialup' setting submits a requests every 3 seconds.
The 'high speed' setting submits requests every second. The faster the
operation, the better!
6. Okay, now just sit back and relax, or open a new browser window
and do anything else you need to do, BUT LEAVE THE ACTION WINDOW OPEN IN
THE BACKGROUND, THE LONGER THE BETTER.
7. SPAWN: If you are using the pages and you find that the computer
is making effortless connections, and you have the system resources
available in your computer to take the extra effort, then click on the
'Spawn' link. This runs another copy of the sit-in pages in another
window. After clicking 'Spawn' redo steps 3 again in the new page to set
the appropriate speed.
8. Again, if at any point you start to get a lot of time-out
messages, or messages saying the server is probably down, then the
servers are beginning to grind to a halt! If it gets to be annoying then
close down and try again later (see final step below).
9. When you've had enough, just close the browser window that is
displaying the action page. That will end your sit-in session.
10. MIRROR: This site is being mirrored on at least one other
location. If you find that the current URL is too busy (does not load
the action page), then try the mirror site.
Comment. Thus far there has been no mention of this event in the usual
chat rooms used by known hackitivists. This event is being called a
gesture of Electronic Civil Disobedience and may be an opportunity for
Anonymous to participate using more effective methods of attack. Ends.
Next Steps �The Early Warning Team is monitoring for Hactivist
participation in this event and the Threat Management Tech SME�s are
looking into how this attack is going to work using the listed download.
This FLASH will be updated as more information becomes available.
--------------------------------------------------------------------------------
-------------------------------------
Date: 10/24/2012 8:50:37 PM
Subject: Occupy News 10/24/12
------------------------------
Occupy Wall Street/General
Occupy movement makes lasting impact despite losing steam (10/23/12)
Over a year ago, the Occupy movement exploded as major news outlets began
covering the Occupy Wall Street protest in New York City�s Zuccotti Park. The
protest quickly spread around the world in less than a month, but the movement
has lost steam over the past year as authorities have cleared out all of the
major Occupy camps around the country. While the movement has largely dropped
out of public consciousness, Occupy protestors in cities around the world
remain determined to have their voices heard, which raises the the question, is
the Occupy movement over, or can it still make a difference? So far, Occupy
hasn't led to any clear, quantifiable change in the American financial sector,
which appears to be the movement's main goal. The goals and demands page of
occupyaustin.org details the movement�s purpose: essentially, to protect the
majority of Americans from the reckless, greedy actions of corporations and the
super-rich.
http://www.hilltopviewsonline.com/viewpoints/article_4880834e-194a-11e2-9555-001
a4bcf6878.html
The young and the restless (10/23/12)
Young people were among the hardest hit by the global recession, and youth
unemployment will continue to be a risk factor for social and political
instability worldwide, writes Jonathan Wood, of business risk consultancy
Control Risks. The Arab Spring, Europe's anti-cuts protests, the global Occupy
movement, and the London riots of 2011 all raised questions about the links
between youth unemployment and social unrest.While the main driver of youth
unemployment is economic weakness, government cuts have exacerbated the
situation by reducing public sector workforces, cutting unemployment support
and raising education costs. In the United States, youth unemployment leaped by
one-third during the economic crisis to above 17%, where it has remained.
http://www.bbc.co.uk/news/business-19997182
Why There Won�t Be a Bank Transfer Day in 2012 (10/24/12)
From June 2011 to June 2012, credit unions reported a year-to-year increase of
more than 2.16 million memberships � the largest influx of members in the
past decade, according to data by the Credit Union National Association. In
the prior year, there was only a 552,890-membership increase at credit unions.
The four-fold jump in new memberships is easily attributed to last year�s
Bank Transfer Day (held Nov. 5), the consumer movement that rallied fed-up bank
customers to close their fee-riddled accounts and move their money to credit
unions. The exact number of consumers who made the switch because of Bank
Transfer Day is difficult to determine, but the movement did push credit unions
into the spotlight.This year, however, there will be no official Bank Transfer
Day to give banks a run for their customers and deposits, said Kristen
Christian, the creator of Bank Transfer Day.
http://www.mybanktracker.com/news/2012/10/24/no-bank-transfer-day-2012/
US
99Rise Activists Attempt To Bridge Gap With Occupy L.A. (10/23/12)
Nick Wagner showed up on time to Pershing Square for the Occupy L.A. General
Assembly, which meant that he got there too early. Occupy L.A. cannot be
trusted to "keep the trains running on time," as the expression goes.
Meetings usually convene at least half an hour after the advertised time, and
there are no stop times--you can stay there talking all night if you'd like,
because somebody will always be there. Wagner trekked in from Riverside with
his girlfriend Crystal in hopes that this particular October night would draw a
decent crowd of activists.The 32-year-old planned to address the General
Assembly with information regarding the new movement he'd joined called 99Rise,
an Occupy offshoot that focuses on nonviolence and issues relating to the
intersection of corporate money and politics.
http://www.neontommy.com/news/2012/10/99rise-activists-attempt-bridge-gap-occupy
-la
Occupy Naperville marks first year of activism (10/23/12)
Members of Occupy Naperville commemorated their first anniversary last weekend,
and they have no plans to go anywhere any time soon. �We haven�t missed a
single Saturday,� said organizer and Warrenville resident Steve Alesch, who
works in Naperville. Fifteen to 20 demonstrators continue to turn out every
week, gathering at the Free Speech Pavilion on the Riverwalk. They spend an
hour or so voicing their opposition to the influence of special interests on
American politics, with chants and signs.
http://napervillesun.suntimes.com/news/15896172-418/occupy-naperville-marks-firs
t-year-of-activism.html
Free Ben & Jerry's In Union Square Today To Promote Constitutional Amendment
(10/24/12)
According to a press release from OccupyWallStreet.org, Unilever's Ben Cohen
will be in Union Square today handing out free rubber stamps as part of a
campaign to amend the Constitution to "get money out of politics." The
so-called Stamp Stampede will distribute tens of thousands of stamps and
encourage people to use them on their currency, stamping bills with one of four
messages: NOT TO BE USED FOR BRIBING POLITICIANS STAMP MONEY OUT OF POLITICS
CORPORATIONS ARE NOT PEOPLE; MONEY IS NOT FREE SPEECH THE SYSTEM ISN'T BROKEN,
IT'S FIXED In addition to the stamps, there will also be free Ben & Jerry's ice
cream, from 11 a.m. to 6 p.m.
http://gothamist.com/2012/10/24/free_ben_jerrys_in_union_square_tod.php
Europe
Robin Hood tax gains traction in Europe (10/24/12)
Robin Hood may not have roamed Sherwood Forest for hundreds of years, but fans
of his "steal from the rich, give to the poor" ethos appear to have made
inroads into European tax policy. The European Union's executive body said
Tuesday that 10 members of the 27-nation group had agreed to move forward with
a Financial Transaction Tax, also known as the Robin Hood tax. Supporters say
the controversial move will raise billions of euros for cash-strapped
governments by applying a small tax on transactions in financial markets. But
critics say imposing the tax will drive investors away and act as a break on
economic growth. Nobel Prize wining economist James Tobin first proposed
taxing transactions in the foreign exchange market in the 1970s to limit
volatility and curb speculation. The idea of taxing financial transactions
more broadly really started to gain ground earlier this year, when former
French President Nicolas Sarkozy began touting it as a way out of Europe's
financial crisis. The tax has become a cause c�l�bre of grassroots
organizations that often dress up in Robin Hood costumes and march in the
streets. It has also been affiliated with parts of the Occupy Wall Street
movement in the Untied States.
http://buzz.money.cnn.com/2012/10/24/robin-hood-tax/?section=money_markets&utm_s
ource=feedburner&utm_medium=feed&utm_campaign=Feed%3A+rss%2Fmoney_markets+%28Mar
kets%29
Madrid has peaceful anti-austerity protest (10/24/12)
Thousands of anti-austerity protesters gathered outside Congress in Madrid
while Spanish lawmakers debated next year's budget. It was the fourth "Occupy
Congress" protest organized by the 25-S movement in the past month, ThinkSpain
reported Wednesday. The group said more than 5,000 people participated in the
Tuesday protest, Authorities placed the number of protesters at closer to
2,000.
http://www.upi.com/Top_News/World-News/2012/10/24/Madrid-has-peaceful-anti-auste
rity-protest/UPI-54071351081746/?spt=hs&or=tn
Mitta Isley, MSLS
Research & Records Management
Cyber Threat Management & Information Sharing
Global Information Security
Office: (980) 387-9756
Email: mitta.p.isley@bankofamerica.com <mailto:amy.k.taylor@bankofamerica.com>
--------------------------------------------------------------------------------
-----------------------------------------------------------
Subject: EWT - TACTO - IRC Talk
-------------------------------
BAML-EWT logo.png
Source: IRC � AnonOps IRC - #AnonOps
Date / Time: 24 May 12 � 10:30EST � 10:45EST
Summary of Information: While monitoring the AnonOps IRC there were mentions
of Bank of America, Countrywide, Fannie Mae, and Freddie Mac in regard to
fraud. More importantly one of the users claims to have over 1000 documents to
prove fraudulent activity. The user did not specify which company the
documents belong to. Transcript follows comment. Comment: EWT has not
observed any further comments in regard to the documents nor any specifics.
With the upcoming OpNewSon these documents may be released in the dissemination
of the purported �leaks� that this group claims to have. EWT will continue
to monitor for any further developments. Ends.
//Transcript Begins//
<anonymoose> they sign with the labels because they want things like press
releases (which are not free btw), studio time they dont have to pay for, etc
<sharpie> where bodys such as the riaa are trying to preserve their relevance
<Notion> ofcrouse they owe them
<Syn> ^^^
<anonymoose> so they signed a contract, owe millions, arent getting paid
because the money is going to the debt
<Notion> the label gives them thousands in advance
<anonymoose> sounds fair to me, if you dont want to owe someone money dont
borrow it
<Syn> yeah whatevr I still think the RIAA is no longer needed. Record companies
are now irrelevant. j's
<anonymoose> but borrowing it and then claiming its unfair that you have to
repay it is stupid
<LulzDog> Moose makes a point with that
<Syn> i agree anonymoose but to be told "you've sold X millions of record's but
we're not paying you" is wrong
<anonymoose> then they shouldnt have signed the contract
<Notion> not if they are in debt
<Syn> its not always that black and white my dear.
<norbert79> I agree with that with Syn...
<norbert79> But in general anonymoose is right
<Syn> Im not saying he isnt lol
<anonymoose> no one forced them to sign
<Syn> which is why im laughing so fuckin hard
<LulzDog> Syn but in the end it usually boils down to that
<anonymoose> just as no one forced people to sign mortgages they couldnt afford
and didnt understand (or want to understand) <down_> shows the need for
simplicity
<LulzDog> Moose: on that note why the fuck werent the ceos of those companies
ever tried for fraud
<sharpie> in the case of morgates particularly people could be said to have
been tricked
<anonymoose> which companies specifically
<LulzDog> Countrywide, fannie may, and freddie mac
<sharpie> coerced by different methods
<anonymoose> well fanny and freddie are basically hte government
<sharpie> wilfully reckless in lending policies
**NETSPLIT**
<LulzDog> Moose: they are owned by bank of america
* Nijaxor (penis@penis.penis) has joined #anonops
<Nijaxor> lolol
<Nijaxor> boom
* Effexor (FU@KING.HIVEMIND) has joined #anonops
* BOFH (that@bastard.with.root) has joined #anonops
* Wolfy (Howling@the.Moon.Tonight) has joined #anonops
* Aha2Y (Aha-79@i.had.sex.with.your-sister.nl) has joined #anonops
* Showers2All (Power2All@staff.anonops.li) has joined #anonops
* Poke (cojones@rootadmin.anonops.com) has joined #anonops
* Isis (great@staff.anonops.li) has joined #anonops
* AnonOps sets mode +a #anonops Showers2All
* AnonOps sets mode +q #anonops Poke
* AnonOps sets mode +a #anonops Isis
* AnonOps gives channel operator status to BOFH Wolfy Aha2Y Showers2All Poke
Isis
* AnonOps gives voice to Effexor
<LulzDog> As well is countrywide
<anonymoose> but its not fraud to say "here are the terms" and then someone
agrees to that without understanding it because they dont want to ask questions
for fear of someone thinking they are dumb and they dont want to read the
contractsw
* Poke has quit (Quit: leaving)
* Nijaxor (penis@penis.penis) has left #anonops (Leaving)
<LulzDog> Also i have access to over 1k documents proving my point lol
* Nijaxor (penis@penis.penis) has joined #anonops
<Nijaxor> o/
* Wolfy gives voice to Nijaxor
<anonymoose> LulzDog: fanny mae, freddie mac and sally whatever are US gov
* Nijaxor has quit (Quit: Leaving)
<anonymoose> sally whatever does student loans
<LulzDog> Moose you never covered countrywide
<anonymoose>
<LulzDog> Moose: they are owned by bank of America
<LulzDog> Yea i knnow
<anonymoose> you are right I never did and I was responding to that comment
over what I did cover, fanny and freddie
* Poke (cojones@AN-7pa.2vh.r88huf.IP) has joined #anonops
* Tony_The_Tiger sets mode +q #anonops Poke
* Tony_The_Tiger gives channel operator status to Poke
* down_ (lets@get.dangero.us) has joined #anonops
<down_> cojones mas grande
<LulzDog> I was grouping them as a whol as far as fraud goes
**Mass Users Rejoin Due to Netsplit**
* Poke sets mode +D #anonops
<LulzDog> Or at least conspiracy to commit fraud
<Syn> BTW Since Poke didnt feel fit to tell you hes moving leafs so hold onto
your cawks
<Poke> shh
* Poke is now known as epok
* Yagami (Yagami2@AN-2v0.jf6.guvaeb.IP) has left #anonops
* ZenPanda has quit (Ping timeout: 121 seconds)
* Anon-Twats has quit (Ping timeout: 121 seconds)
<anonymoose> well fannie and freddie do not do direct loans, they usually buy
on the secondary market
<anonymoose> they guarantee well over 50% of all mortgages in the US now
<BOFH> lolol. http://humormood.com/wp-content/uploads/2012/05/3IA7l.jpg
<anonymoose> I think its rapidly approaching 90% but I just dont know offhand
how many mortgages they actually own and taxpayers guarantee
<LulzDog> They shouldve died in 2008
<anonymoose> if people stop paying their mortgages the government just raises
taxes and/or prints more money to pay them off, its the tax payer that ends up
losing
LulzDog - (LulzDog@AN-8s4.a63.modebn.IP)
//Transcript Ends//
Respectfully,
Jay Haak
Cyber Threat Analyst - 24/7 Early Warning Team
TEKsystems Contractor for Bank Of America
Cell: (281) 840-1822
Email: jay.haak@bankofamerica.com
BAML-EWT email.png
--------------------------------------------------------------------------------
----------------------------------------------------------
Subject: EWT - TACTO - Dox on UgNazi
------------------------------------
BAML-EWT logo.png
Source: Pastebin.com
Date / Time: 18 May 2012
Summary of Information: The following is a paste cited as being the confirmed
dox of UgNazi members. Paste link: Pastebin.com/ZYp7DhrT � see full paste
below.
//PASTE BEGINS//
Hello, Today I am contacting you regarding a series of recent DDoS attacks on
multiple .gov websites (including cia.gov justice.gov dc.gov wa.gov nyc.gov and
many others) The hacker also target many not .gov websites (including
washington.org slcpd.com goarmy.com mcdonalds.com and many others)
Most of, if not all of, the recent attacks have been coming from a group called
ugnazi.
The members of ugnazi according to their website (ugnazi.com) are JoshTheGod,
CyberZeist, Cosmo, S3rver.exe, and MrOsama.
These hackers have not only been DDoSing websites, they have leaked fbi
documents ( hxxp://pastebin.com/VULutT1M ), commited numerous accounts of
Credit Card Fraud, Hacked numerous websites, and more.
Here is all the information I have on them, 3 out of the 5 members.
===========
JoshTheGod
===========
Leader of UGnazi
Behind ufc.com hack, leaking personal information including SSNs of many people
(see cocksecurity.com), and Credit Card Fruad.
Name : Blake Bronstad
Dob : October 12, 1992
Address:
219 elm st west apt 2e
norwood, MN 55368
Mother:
Catherine A Bronstad (60 Years old)
Dad:
Michael George Baker (45 Years old)
Google Voice Number:
3472911346 ( I hacked ) . Real Number on it 9522390358
952-373-9068
952-239-0358
Skype:
Josh.josh.joshy
Isirgod
Josh (Owner of it has gotten it back)
Msn:
Josh@fbi.tf
Playertopcat@yahoo.com
Josh@obbahhost.com ( Hacked )
Blake_nick@live.com ( Hacked )
Facebooks:
https://www.facebook.com/profile.php?id=1648843204
https://www.facebook.com/profile.php?id=100001354736560
https://www.facebook.com/profile.php?id=100002023048908
This kid plays habbo all day.
Aliases:
Joshthegod
Raidon
Josh Matthews
Nick James
Robert Whitetaker
Milo Matthews
Josh Dotnet
Emails:
Josh@obbahhost.com
Josh@fbi.tf
admin@habbo.cm
Domains:
hxxp://Jm.com
hxxp://UGNazi.com
hxxp://Cocksecurity.com
hxxp://Habbo.cm
hxxp://paste.re
hxxp://minecraft.re
hxxp://fbi.tf
Fake Dox hes Claimed:
Name: Joshua B Matthews
Age: 22
Address:
111 Mosel Ave
Staten Island, NY 10304
Name: Joshua w Matthews
Dob:11/28/1988
6887 FULLER STATION RD
SCHENECTADY, NY 12303-5301
===========
Cosmo
===========
Behind most of the recent DDoS attacks (see his twitter).
Name: Eric Taylor
Mom's name: Sheila Brown
Address: 3337 E 15th St, Long Beach, California 90804 Cell Phone: 562-256-0832
Aol Instant Messanger Accounts: maybeCosmo, Cosmo@comcast.net
Twitter: hxxp://twitter.com/#!/ThaCosmo
Pastebin: hxxp://pastebin.com/u/maybecosmo
Youtube: hxxp://www.youtube.com/user/TeamDiversityTD
Website: hxxp://team-diversity.net/
===========
MrOsama
===========
Also behind the recent DDoS attacks (see his twitter), and Credit Card Fraud.
Known as The Godfather, Godfather, Vouch, and MrOsama.
Ip Address:
72.209.213.15
ip72-209-213-15.dc.dc.cox.net
Aol instant messanger account: Vouch
YIM: ComeAfterUs@yahoo.com
Icq: 421542
Msn: K@Live.com
Twitter: hxxp://twitter.com/#!/UG
Pastebin: hxxp://pastebin.com/u/mobster
hxxps://carderprofit.cc/ account: mobster
//Paste Ends//
Respectfully,
Jay Haak
Threat Analyst - 24/7 Early Warning Team
TEKsystems Contractor for Bank Of America
Cell: (281) 840-1822
Email: jay.haak@bankofamerica.com
BAML-EWT email.png
--------------------------------------------------------------------------------
---------------------------------------
Subject: FLASH UPDATE - 5: STRATFOR (vendor) hacked, client list released,
credit cards exposed
--------------------------------------------------------------------------------
---------------
cid:image001.png@01CCCC50.E8FAC3E0
ConfidentialDataGISTMPandora17hola38
This advisory is informational only. Threat Management has been made
aware of Threat Activity taking place external to the Enterprise. This
report is intended to provide early warning information should this
threat begin to impact Enterprise-wide operations.
Distribution should be limited to �need-to-know� parties.
INITIAL FLASH SUMMARY
Early Warning Team reported the Initial attack on STRATFOR 24 DEC 2011
when Anonymous / #AntiSec, as part of an operation they call LulzXmas,
took down the website www.stratfor.com and claimed they hacked into
databases.
STRATFOR is a private independent global intelligence company that
provides in-depth analysis of world events founded in 1996 in Austin
Texas. #AntiSec is primarily focused on attacking, exposing and
embarrassing security vendors (white hats).
Initially several tweets were sent out by various members of the
hacktivist group Anonymous with a link to Pastebin with a list of 4000
clients of STRATFOR, which lists Bank Of America, eight of our critical
vendors and several other financial institutions and governments from
around the world. While there was no other information on the list other
than the names of clients it was still a compromise of STRATFOR�s
confidentiality and exposes the bank and its critical vendors to more
possible attacks if any more information was compromised.
SOACC has a subscription to STRATFOR - they provide their analysis (both
daily and ad hoc updates) to the team. SOACC�s Sean Doherty�s sense is
that STRATFOR would only have access to contact information/billing
data; he doesn�t believe BAC has gone to STRATFOR with specific requests
or taskings that would involve sharing any other data. We understand
that other teams in/outside Corporate Security (GBCR etc.) might also
use STRATFOR.
Late on 25 DEC 2011, Anonymous / #Antisec released details on
approximately 13,000 credit cards related to the STRATFOR breach. The
data was passed to GIS Fraud. Only eight cards were from BAC, and of
those, only one was still valid.
Comment. Antisec has started to release credit card information
allegedly obtained through the Stratfor breach. Over the last 24 hours,
Antisec hackers have released over 13,000 credit card numbers, including
CCVs and user information. Eight Bank of America cards were identified
but only one was still valid. Antisec claims to have enough information
to extend LulzXmas until the New Year. While this situation is certainly
embarrassing for Stratfor, it seems the bulk of the data being released
is dated. The card information has been passed to the fraud department
for action. The 24/7 Early Warning Team is monitoring and will alert if
there are any developments. Threat Management is monitoring for any
other details or further release of data from the STRATFOR breach. Ends.
STRATFOR (a/k/a Strategic Forecasting Inc.) is identified in ARIBA and
the Global Sourcing PSR as a Tier 4 supplier with START scores of
IS/Low, BC/Low. The last published START in ARBIA indicates that the
supplier does not have access to customer information.
Update: BAC associates whose email addresses were among the 944
compromised subscribers are starting to receive Phishing/harassment
emails. The emails appear to be from the CEO of STRATFOR and ask the
target to fill out an internet form. Thus far there have been three
spear phishing emails that include suspicious links to a youtube video
(which turns out to be a simple Rick Roll), a press release, and a �Rate
STRATFOR�s incident response� entry. The �Rate STRATFOR�s incident
response� form has been delivered as both a link and the form within the
email itself depending on the attempt. In both cases the form does not
attempt to �fool� the victim into thinking they are really dealing with
STRATFOR. The links lead to nothing more than sophomoric harassing
commentary. The emails have been sent to ABUSE and CCM.
No malware or malicious code was found on any of the links.
Comment: These is simple harassment and this is the first reported use
of the information from the STRATFOR breach against individual victims.
We should expect more of this, and most likely more sophisticated
tactics and procedures from other cyber actors in the future. This may
be an effort to track the numbers of individuals that follow the links.
Ends.
After further analysis, the STRATFOR compromised data dump was compared
to the complete list of BAC domains. The total number of compromised
credit card accounts and subscriber accounts has increased evidently.
There are 93 compromised credit cards that are not expired and 944
compromised subscriber accounts that belong to active BAC employees.
Anonymous as promised have posted links to 6 file sharing sites that
contain sensitive data from the STRATFOR breach on Pastebin. The file
contains 75,000 names, addresses, CCs and MD5 hashed passwords of
STRATFOR customers.
Comment: Link directs to a new pastebin which touches on the Stratfor
hack once again, and then at the bottom lists another data dump. All
the links appear to be the same file just different venues. In the file
there are 17 BAC Personnel listed with names, addresses, and credit card
information. Ends
Corporate Security is working with Global Fraud Protection to block and
reissue cards identified as compromised to mitigate the risk. The
Investigative Services Intel and Analytics team has pulled the full data
set from the Wiki location and done further analysis which will be used
to determine the total impact to BOA customers. The Intel and Analytics
team will work with Card Investigations and external partners to
determine the full impact and risk.
GCCIBT Risk Management checked within GBCR and it appears that most BAC
subscribers utilize an invoice payment process for set of seat licenses
as opposed to paying individually on Corp Cards for access. This should
help limit exposure of any captured Visa card info.
Anonymous is now claiming to have STRATFOR�s entire email spool,
releasing a single email thread as proof. Enterprise Communications is
reviewing the nature of email communications between STRATFOR and BAC to
evaluate any risk.
More information to follow.
Next Steps - Control Center Monitoring and Incident Management have been
notified and are reviewing the issue for potential mitigation
requirements. GIS Engagement is also aware and working with appropriate
Line of Business personnel. A more detailed update to this bulletin
will be distributed as events warrant. Should this issue be declared an
actual BAC-Impacting event, then GIS Incident Management will provide
detailed updates through to closure.
