========================================================= ========================================================= __________ __ __ \______ \__ ___/ |__/ |_____________ ____ ______ | | _/ | \ __\ __\_ __ \__ \ _/ __ \\____ \ | | \ | /| | | | | | \// __ \\ ___/| |_> > |______ /____/ |__| |__| |__| (____ /\___ > __/ \/ \/ \/|__| ========================================================= ==== HAS MUMMY EVER SAID DONT PLAY WITH ANONYMOUS??? ==== ========================================================= Bank of America went totally nuts and fucking mad cow and censored all the previous releases, as we love so much fingering prolapses after buttraeping. here we go again. so.... MEGA TEASEEEEEEEEEEEEEEEEERRRR ALSO COCKS \:D/ Summary of Information: By the way, if you asked Santa for a present this #LulzXmas BE PATIENT. Santa has another week people. Questions? Twitter @ DesructiveSec - Anontastic - Comment: This new information suggests that we may not be seeing any �Big� releases from #LulzXmas just yet, however it is advised that we not let our guards down as this could be what they are hoping for. Ends. Respectfully, Jay Haak Threat Analyst - 24/7 Early Warning Team TEKsystems Contractor for Bank Of America Cell: (281) 840-1822 Email: jay.haak@bankofamerica.com BAML-EWT email.png Subject: EWT - TACTO - Tracking Occupiers ----------------------------------------- BAML-EWT logo.png Source: RawStory.com / Twitter Date / Time: Tweeted � 28 APR 12 @ 21:07EST / Story Posted � 28 APR 12 @ 19:19EDT Summary of Information: The following tweet was observed: �Banks cooperating with police to track #Occupy protestors: goo.gl/tpvko #OWS #MAY1st #MAYDAY @M1GS� � AnonInfoWarfare. The link is to a story that was written by Andrew Jones of RawStory claiming that American banks and those overseas are working with law enforcement officials in order to detect and deter the Occupy Protestors attacks. Currently there are 20 comments from readers, 193 Recommendations to Facebook Users, and 27 Tweets About this Story have been observed. http://www.rawstory.com/rs/2012/04/28/banks-cooperating-with-police-to-track-occ upy-protesters/ Comment: Some comments that have been observed have been individuals claiming their not surprised while others are outraged. By this story being spread through the normal social media venues and #MAYDAY quickly approaching we could see some changes in the way Occupy decides to get the word out to their fellow protestors. EWT will continue to monitor for any developments regarding this story, or any suggestions of alternate means of communication regarding protest activities. Ends. Respectfully, Jay Haak Threat Analyst - 24/7 Early Warning Team TEKsystems Contractor for Bank Of America Cell: (281) 840-1822 Email: jay.haak@bankofamerica.com BAML-EWT email.png Source: IRC/Pastebin Date / Time: 28 APR 12/Paste � 27 APR 12 Summary of Information: A user going by the nick Laurelai entered the Channel #voxanon in the VoxAnon IRC stating that Barrett Brown isn�t a snitch. �hxxps://pastebin.com/LtadDiFC oh look barrett brown isn�t a snitch either�. The pastebin is a series of several text messages between what is believed to be an informant and a law enforcement official. Full paste contents are attached to this message in a Word Document for further analysis. Comment: These messages could be from Sabu who was ousted as an informant not long ago, however there is nothing to substantiate this and is merely an assumption. Ends. Respectfully, Jay Haak Threat Analyst - 24/7 Early Warning Team TEKsystems Contractor for Bank Of America Cell: (281) 840-1822 Email: jay.haak@bankofamerica.com BAML-EWT email.png ================================================================================ ==================================================== ================================================================================ ==================================================== Subject: EWT - TACTO -------------------- BAML-EWT logo.png Source: IRC/Pastebin Date / Time: 28 APR 12/Paste � 27 APR 12 Summary of Information: A user going by the nick Laurelai entered the Channel #voxanon in the VoxAnon IRC stating that Barrett Brown isn�t a snitch. �hxxps://pastebin.com/LtadDiFC oh look barrett brown isn�t a snitch either�. The pastebin is a series of several text messages between what is believed to be an informant and a law enforcement official. Full paste contents are attached to this message in a Word Document for further analysis. Comment: These messages could be from Sabu who was ousted as an informant not long ago, however there is nothing to substantiate this and is merely an assumption. Ends. Respectfully, Jay Haak Threat Analyst - 24/7 Early Warning Team TEKsystems Contractor for Bank Of America Cell: (281) 840-1822 Email: jay.haak@bankofamerica.com BAML-EWT email.png -------------------------------------------------------------------------------- ------------------------------------------------------------------------ Subject: FLASH INITIAL - Anonymous targeting www.goldmansachs.com in DDOS channel -------------------------------------------------------------------------------- - cid:image001.png@01CCAEB9.C9EDA800 ConfidentialDataGISTMPandora17hola38 This advisory is informational only. Threat Management has been made aware of Threat Activity taking place external to the Enterprise. This report is intended to provide early warning information should this threat begin to impact Enterprise-wide operations. Distribution should be limited to �need-to-know� parties. INITIAL FLASH SUMMARY On the AnonOps IRC server, in the #DDOS channel, at approximately 4:05 PM ET, members of Anonymous began to discuss and then to target www.goldmansachs.com. It appears as if there is already a booster created for this attack, and the attack is currently underway. Other anons are talking up the attack in others channels, such as #antisec and #lulxsecreborn. #DDOS channel has 179 people in the channel. Threat Management reached out to our contact at Goldman Sachs, and have made CTPS management aware. Source: IRC � AnonOps #DDOS Date/Time: 31 Mar 12 @ 16:05EST � Present Summary of Information: The following is the transcript of the development of the current attack on Goldman Sachs (DO NOT CLICK LINKS!): CONTENT BEGINS * Kenny_Powers has changed the topic to: #DDOS :: TARGET: www.goldmansachs.com :: BOOSTER: http://pastebin.com/YSfGyAqr :: [ #OpDownWithACTA - #OpBlackout - #setup - #tutorials - #anonops - #OpGreece - #OpSyria - #Defacement - #Aph - #OpNewBlood - #OpPirateBay - #OpActaFR - #OperationGreenRights - #OpIran - #Polska - #vHost ] right Comment. Very small numbers in the channel, tools mention are LOIC and Slowloris. Ends. Next Steps � Monitoring for further traction by more anons, and any reported impact on the target. This FLASH will be updated as more information becomes available. -------------------------------------------------------------------------------- ----------------------------------------------------------- Subject: EWT - TACTO - JoshTheGod's IPs --------------------------------------- BAML-EWT logo.png Source: Twitter/josh-the-god.com Date / Time: 24 May 12 Summary of Information: �@JoshTheGod � We�ll just keep uploading your d0x everywhere, I�m sure your tiny botnet can�t handle 20+ sites. Cheers hxxp://t.co/SsXK4EpL� Sent by @UGDocs at 13:02EST. The link directs you to hxxp://www.josh-the-god.com which has several pieces of information that claim to identify JoshTheGod. Most recently posted (7 hours ago) was the suspected IP addresses for JoshTheGod. Comment: EWT is unable to determine the legitimacy of this information, but will continue to monitor the site for any further releases of information. Ends. //Paste Begins// JoshTheGod�s aka Josh Mendez�s IPs - �d0x� Save these and post them everywhere! He�s gotten the pastebin�s removed, and is currently DDOSing my Soup.IO account� Maybe because it�s the CORRECT INFORMATION? Next time newbie will remember to remove �direct-connect� - Have fun, I mean �block� these IPS: Josh�s IPs: Note the Windows box at OVH as well: cpanel.hfu.cc IP: 94.23.161.175 ftp.hfu.cc IP: 94.23.161.175 localhost.hfu.cc IP: 127.0.0.1 mail.hfu.cc IP: 94.23.161.175 ns1.hfu.cc IP: 94.23.161.175 ns2.hfu.cc IP: 176.31.237.84 ns3.hfu.cc IP: 96.9.186.213 server.hfu.cc IP: 176.31.237.84 webmail.hfu.cc IP: 94.23.161.175 windows.hfu.cc IP: 176.31.229.158 www.hfu.cc IP: 94.23.161.175 Plus for LULZ, his home IP, a little birdie told me a LOIC would take it down alone. Joshua Isabella Mendez a.k.a. �UGNazi� aka JoshTheGod. D0X / Addy: 73 Bodine Street, Staten Island, NY 10310 MySpace: hxxp://www.myspace.com/dancingsantajosh Photos: hxxp://www.myspace.com/dancingsantajosh/photos/ Twitter(s): hxxp://twitter.com/JoshTheGod - hxxp://twitter.com/UG Home IP: (pool-435091bb.dyn.optonline.net) :: 67.80.145.187 �All information was verified from their IP addresses that logged into irc.anonops.pro gladly provided to us by an informant who is an Oper in the IRC� //Paste Ends// Respectfully, Jay Haak Cyber Threat Analyst - 24/7 Early Warning Team TEKsystems Contractor for Bank Of America Cell: (281) 840-1822 Email: jay.haak@bankofamerica.com BAML-EWT email.png -------------------------------------------------------------------------------- --------------------------------------------------------- Subject: EWT - TACTO - @th3j35t3r Info UPDATE --------------------------------------------- BAML-EWT logo.png Source: Twitter Date / Time: 12-13 May 2012 Summary of Information: While monitoring a tweetdeck feed for �th3j35t3r� a user by the twitter handle @cubespherical began to call out th3j35t3r to speak with him (@cubespherical) through DM. Apparently th3j35t3r has not replied to the DM, and therefore @cubespherical has begun to provide Intel on th3j35t3r until th3j35t3r replies to the DM. Below is a transcript of the twitter information that has been suggested to be related to th3j35t3r. Smedley Manning ? @cubespherical - @th3j35t3r Still cruising in that Chevy Silverado? Gonna keep dropping info until you come back to me on DM. Let's not do this in the open? 1h Smedley Manning ? @cubespherical - @th3j35t3r 10 words for you. Dallas Cowboys. Scruffy Murphys GA, Shiner, Ft Benning, 2003. You. - Want to talk to me yet? Why so quiet? 1h Smedley Manning ? @cubespherical - @th3j35t3r ...Happy Birthday for next week ...RD. Don't go quiet on me, come back to DM. You don't want to talk about this in public do you? 17h Smedley Manning ? @cubespherical - @AnonymousDown True. only with the oysters and Tabasco. I know the oyster. Capiche me? He knows it too. DM. 17h Smedley Manning ? @cubespherical - Still waiting @th3j35t3r - I can go nuclear with it. You can still deal for now. DM is best for us both. Don't make mistake to ignore DM. from Alabama, US 12 May Smedley Manning ? @cubespherical - @th3j35t3r sent you a DM. You should check it at your earliest convenience. In your interests. from Alabama, US Comment: Everyone claims to have dox on th3j35t3r this information may not be credible, however it may be interesting to see how much more info is leaked by @cubspherical. In the event that the doxing tweets cease we may be able to ascertain that this info is legitimate and that th3j35t3r finally replied to the DM to avoid any further information being released. Ends. UPDATE The following image was posted in #anonops by username Astro stating �this is AWESOME http://i218.photobucket.com/albums/cc213/truelai3/BdK3T.jpg� COMMENT The image magnified shows a chain of Direct Messages stating that @cubespherical knew who @th3j35ter was and that he was going to be �outing� him after building money for wikileaks. Jeremiah Piper, 24x7 Monitoring TEKsystems - Onsite at Bank of America Office: (214)209-7160 Email: jeremiah.piper@bankofamerica.com http://www.TEKsystems.com cid:image002.png@01CCC06F.771CF0F0 -------------------------------------------------------------------------------- --------------------------------------------------- Subject: EWT TACTO - Assange Asylum ----------------------------------- Early Warning Team Assange Asylum has been added Modify my alert settings | View Assange Asylum | View TACTO Title: Assange Asylum Date Time Group: 8/15/2012 11:15 SOURCE: Open Source Internet; Twitter Attachment: No Attachment Websites \ URL: www.ustream.tv/channel.occupynewsnetwork http://www.nytimes.com/2012/08/16/world/americas/ecuador-says-britain-th reatened-to-enter-embassy-to-get-assange.html http://www.guardian.co.uk/media/2012/aug/16/julian-assange-ecuador-embas sy-asylum?newsfeed=true http://www.huffingtonpost.com/2012/08/15/julian-assange-ecuador-raid-uk- asylum_n_1784797.html?utm_hp_ref=media Tacto Updates: Summary of Intelligence: Throughout the evening reports via twitter, OSINT, and livestream video feeds have claimed that the UK has issued a notification to Ecuador's Embassy. The notification was perceived as a threat by Officials from Ecuador, "Today we have received from the United Kingdom an explicit threat in writing that they could assault our embassy in London if Ecuador does not hand over Julian Assange,� Mr. Pati�o said at a news conference in Quito, adding defiantly, �We are not a British colony.� This information has been all over social media throughout the evening. It has gained alot of attention from WikiLeaks supporters as well as Occupy members. When the reports initially came out that Julian Assange would be taken from the Embassy users were streaming via bambuser.com. Shortly after feeds began the site bambuser.com was takend down by a DDoS attack in which @AntiLeaks took credit. The J35t3r als Comment: EWT will continue to monitor this activity due to the negative ties between WikiLeaks and Bank of America. Due to the financial blockade BAC may be considered a target if Julian Assange is handed over to authorities, and the supporters decide to attack those they feel responsible. Intelligence Type: Informational Actions Taken: Credit Card Numbers Discoverd: No Credit Card Data Obtained: Modified: 8/15/2012 22:13 Created: 8/15/2012 22:13 Last Modified 8/15/2012 22:13 by Haak, Jay -------------------------------------------------------------------------------- ------------------------------------------- Subject: TACTO - Sopa Support ----------------------------- Team, Source: IRC - @Indymedia / #occupywallstreet Date/Time: 21 December 2011 @ 1840EST Summary of Information: http://judiciary.house.gov/issues/Rouge%20Websites/SOPA%20Supporters.pdf Do these organizations know what they have started? Follow the money Comment: The list is 4 pages in length and has a header of United States House of Representatives � Judiciary Committee � Chairman Lamar Smith (TX-21). List of Supporters: H.R. 3261, the Stop Online Piracy Act. Included among those named are two of our critical suppliers: MasterCard Worldwide and Visa, Inc. This has been the only mention of this document at this time, and it has not hit twitter as of yet. EWT will continue to monitor for any further developments. Ends. Respectfully, Jay Haak Threat Analyst - 24/7 Early Warning Team TEKsystems Contractor for Bank Of America Cell: (281) 840-1822 Email: jay.haak@bankofamerica.com BAML-EWT email.png -------------------------------------------------------------------------------- ------------------------------- Subject: TACTO - Break Up with BofA ----------------------------------- Source: Twitter Date/Time: 14 Feb 12 @ 14:08EST Summary of Information: The following message was tweeted by dharmaburning, �LIVE: Occupy SF #VD Break up with BofA (@occupy1liberty live at ustre.amEUCF/1) Comment: EWT will monitor for any developments or indications as to which locations may be targeted, and report them to the necessary individuals. Ends. Respectfully, Jay Haak Threat Analyst - 24/7 Early Warning Team TEKsystems Contractor for Bank Of America Cell: (281) 840-1822 Email: jay.haak@bankofamerica.com BAML-EWT email.png -------------------------------------------------------------------------------- ----------------------------- Subject: FLASH INITIAL: Threat of a virtual sit-in against BAC --------------------------------------------------------------- cid:image001.png@01CCAEB9.C9EDA800 ConfidentialDataGISTMPandora17hola38 This advisory is informational only. Threat Management has been made aware of Threat Activity taking place external to the Enterprise. This report is intended to provide early warning information should this threat begin to impact Enterprise-wide operations. Distribution should be limited to �need-to-know� parties. INITIAL FLASH SUMMARY The FBI warned BAC of a plan to attack multiple websites, including BAC, as part of a �virtual sit-in for Public Education�. Instructions for participation in this attack are at http://reclaimucsd.wordpress.com/category/virtual-sit-in/. This event is being hosted by the Public Education Coalition of UCSD. This page states that the virtual sit-in will take place from March 1st � 5th. And defines the attack as, �DAY OF ACTION, ELECTRONIC CIVIL DISOBEDIENCE, MARCH 1ST, NEOLIBERALISM, VIRTUAL SIT-IN�. Included in this page are instruction to download a .zip file that they claim only includes, �4 simple HTML pages�. They go on to give instructions on what needs to be copied and then pasted to the users browser. They state that this will work with any browser. They also provide instructions at virtualsitin.com for participants that are leery of downloading or on a machine in which the user cannot download from the internet. Specific targets listed on the website are bankofamerica.com, universityofcalifornia.edu, and jerrybrown.org. Thus far there has been tweets (below) suggesting that this action is �happening now� and calling for participants to join the action. "Download and click. Click = Action: March 1st-5th Virtual Sit-In << Reclaim UCSD hxxp://t.co/dUq52Qd2" - Sent by banglab at 06:46EST 01 March 2012.� "HAPPENING NOW - March 1st-5th Virtual Sit Participation wp.me/p2dCZS-5t via @ReclaimUCSD" - Sent by sadey_occupy at 03:50EST 01 March 2012.� Below are the instructions found within the .zip file on the website � To use the sit-in action page: 1. DOWNLOAD: You can download the action files and run them directly from your own hard drive here. This will help reduce the load on our server. We promise there are no viruses attached to these files. All you need to do is uncompress the zipped archive which will give you a directory with a bunch of files in it. Open the one called index.html in your browser and you'll be on your way to a pleasant sit-in. 2. Then click "Enter the Action" to participate. The action page runs automatically when it loads, but it takes 40-60 seconds to load depending on your connection speed. The frames at the top part of the page may initially load very slowly. This is a delay to allow the browser to call all the objects on the page. But once all frames are loaded the reload speed will increase. The status of the page is displayed in the upper 'status' window. 3. You are going to see lots of error messages saying "Not Found, the URL /funding (etc.) was not found on this server". This is by design and expected. Afterall, we don't really expect to find funding, equality, action, transparency, justice, ... under the current effects of neoliberalization and privatization that have pervaded higher education. 4. CONNECTION SPEED: In the 'speed' box on the right side in the bottom part of the page you see the speed at which the action page is reloading the frames in the top part. It automatically runs on the assumption that you have a slow dialup connection. If you have a fast dialup connection then click on the 'CHANGE SPEED' button to increase the speed of the operation. If you have a high speed connection - T1, ISDN, etc., as you might at a company, university, an internet cafe or even at home - then click on 'CHANGE SPEED' again to set the page for it's highest speed of operation. 5. The 'slow dialup' setting submits requests to each page every 6 seconds. The 'fast dialup' setting submits a requests every 3 seconds. The 'high speed' setting submits requests every second. The faster the operation, the better! 6. Okay, now just sit back and relax, or open a new browser window and do anything else you need to do, BUT LEAVE THE ACTION WINDOW OPEN IN THE BACKGROUND, THE LONGER THE BETTER. 7. SPAWN: If you are using the pages and you find that the computer is making effortless connections, and you have the system resources available in your computer to take the extra effort, then click on the 'Spawn' link. This runs another copy of the sit-in pages in another window. After clicking 'Spawn' redo steps 3 again in the new page to set the appropriate speed. 8. Again, if at any point you start to get a lot of time-out messages, or messages saying the server is probably down, then the servers are beginning to grind to a halt! If it gets to be annoying then close down and try again later (see final step below). 9. When you've had enough, just close the browser window that is displaying the action page. That will end your sit-in session. 10. MIRROR: This site is being mirrored on at least one other location. If you find that the current URL is too busy (does not load the action page), then try the mirror site. Comment. Thus far there has been no mention of this event in the usual chat rooms used by known hackitivists. This event is being called a gesture of Electronic Civil Disobedience and may be an opportunity for Anonymous to participate using more effective methods of attack. Ends. Next Steps �The Early Warning Team is monitoring for Hactivist participation in this event and the Threat Management Tech SME�s are looking into how this attack is going to work using the listed download. This FLASH will be updated as more information becomes available. -------------------------------------------------------------------------------- ------------------------------------- Date: 10/24/2012 8:50:37 PM Subject: Occupy News 10/24/12 ------------------------------ Occupy Wall Street/General Occupy movement makes lasting impact despite losing steam (10/23/12) Over a year ago, the Occupy movement exploded as major news outlets began covering the Occupy Wall Street protest in New York City�s Zuccotti Park. The protest quickly spread around the world in less than a month, but the movement has lost steam over the past year as authorities have cleared out all of the major Occupy camps around the country. While the movement has largely dropped out of public consciousness, Occupy protestors in cities around the world remain determined to have their voices heard, which raises the the question, is the Occupy movement over, or can it still make a difference? So far, Occupy hasn't led to any clear, quantifiable change in the American financial sector, which appears to be the movement's main goal. The goals and demands page of occupyaustin.org details the movement�s purpose: essentially, to protect the majority of Americans from the reckless, greedy actions of corporations and the super-rich. http://www.hilltopviewsonline.com/viewpoints/article_4880834e-194a-11e2-9555-001 a4bcf6878.html The young and the restless (10/23/12) Young people were among the hardest hit by the global recession, and youth unemployment will continue to be a risk factor for social and political instability worldwide, writes Jonathan Wood, of business risk consultancy Control Risks. The Arab Spring, Europe's anti-cuts protests, the global Occupy movement, and the London riots of 2011 all raised questions about the links between youth unemployment and social unrest.While the main driver of youth unemployment is economic weakness, government cuts have exacerbated the situation by reducing public sector workforces, cutting unemployment support and raising education costs. In the United States, youth unemployment leaped by one-third during the economic crisis to above 17%, where it has remained. http://www.bbc.co.uk/news/business-19997182 Why There Won�t Be a Bank Transfer Day in 2012 (10/24/12) From June 2011 to June 2012, credit unions reported a year-to-year increase of more than 2.16 million memberships � the largest influx of members in the past decade, according to data by the Credit Union National Association. In the prior year, there was only a 552,890-membership increase at credit unions. The four-fold jump in new memberships is easily attributed to last year�s Bank Transfer Day (held Nov. 5), the consumer movement that rallied fed-up bank customers to close their fee-riddled accounts and move their money to credit unions. The exact number of consumers who made the switch because of Bank Transfer Day is difficult to determine, but the movement did push credit unions into the spotlight.This year, however, there will be no official Bank Transfer Day to give banks a run for their customers and deposits, said Kristen Christian, the creator of Bank Transfer Day. http://www.mybanktracker.com/news/2012/10/24/no-bank-transfer-day-2012/ US 99Rise Activists Attempt To Bridge Gap With Occupy L.A. (10/23/12) Nick Wagner showed up on time to Pershing Square for the Occupy L.A. General Assembly, which meant that he got there too early. Occupy L.A. cannot be trusted to "keep the trains running on time," as the expression goes. Meetings usually convene at least half an hour after the advertised time, and there are no stop times--you can stay there talking all night if you'd like, because somebody will always be there. Wagner trekked in from Riverside with his girlfriend Crystal in hopes that this particular October night would draw a decent crowd of activists.The 32-year-old planned to address the General Assembly with information regarding the new movement he'd joined called 99Rise, an Occupy offshoot that focuses on nonviolence and issues relating to the intersection of corporate money and politics. http://www.neontommy.com/news/2012/10/99rise-activists-attempt-bridge-gap-occupy -la Occupy Naperville marks first year of activism (10/23/12) Members of Occupy Naperville commemorated their first anniversary last weekend, and they have no plans to go anywhere any time soon. �We haven�t missed a single Saturday,� said organizer and Warrenville resident Steve Alesch, who works in Naperville. Fifteen to 20 demonstrators continue to turn out every week, gathering at the Free Speech Pavilion on the Riverwalk. They spend an hour or so voicing their opposition to the influence of special interests on American politics, with chants and signs. http://napervillesun.suntimes.com/news/15896172-418/occupy-naperville-marks-firs t-year-of-activism.html Free Ben & Jerry's In Union Square Today To Promote Constitutional Amendment (10/24/12) According to a press release from OccupyWallStreet.org, Unilever's Ben Cohen will be in Union Square today handing out free rubber stamps as part of a campaign to amend the Constitution to "get money out of politics." The so-called Stamp Stampede will distribute tens of thousands of stamps and encourage people to use them on their currency, stamping bills with one of four messages: NOT TO BE USED FOR BRIBING POLITICIANS STAMP MONEY OUT OF POLITICS CORPORATIONS ARE NOT PEOPLE; MONEY IS NOT FREE SPEECH THE SYSTEM ISN'T BROKEN, IT'S FIXED In addition to the stamps, there will also be free Ben & Jerry's ice cream, from 11 a.m. to 6 p.m. http://gothamist.com/2012/10/24/free_ben_jerrys_in_union_square_tod.php Europe Robin Hood tax gains traction in Europe (10/24/12) Robin Hood may not have roamed Sherwood Forest for hundreds of years, but fans of his "steal from the rich, give to the poor" ethos appear to have made inroads into European tax policy. The European Union's executive body said Tuesday that 10 members of the 27-nation group had agreed to move forward with a Financial Transaction Tax, also known as the Robin Hood tax. Supporters say the controversial move will raise billions of euros for cash-strapped governments by applying a small tax on transactions in financial markets. But critics say imposing the tax will drive investors away and act as a break on economic growth. Nobel Prize wining economist James Tobin first proposed taxing transactions in the foreign exchange market in the 1970s to limit volatility and curb speculation. The idea of taxing financial transactions more broadly really started to gain ground earlier this year, when former French President Nicolas Sarkozy began touting it as a way out of Europe's financial crisis. The tax has become a cause c�l�bre of grassroots organizations that often dress up in Robin Hood costumes and march in the streets. It has also been affiliated with parts of the Occupy Wall Street movement in the Untied States. http://buzz.money.cnn.com/2012/10/24/robin-hood-tax/?section=money_markets&utm_s ource=feedburner&utm_medium=feed&utm_campaign=Feed%3A+rss%2Fmoney_markets+%28Mar kets%29 Madrid has peaceful anti-austerity protest (10/24/12) Thousands of anti-austerity protesters gathered outside Congress in Madrid while Spanish lawmakers debated next year's budget. It was the fourth "Occupy Congress" protest organized by the 25-S movement in the past month, ThinkSpain reported Wednesday. The group said more than 5,000 people participated in the Tuesday protest, Authorities placed the number of protesters at closer to 2,000. http://www.upi.com/Top_News/World-News/2012/10/24/Madrid-has-peaceful-anti-auste rity-protest/UPI-54071351081746/?spt=hs&or=tn Mitta Isley, MSLS Research & Records Management Cyber Threat Management & Information Sharing Global Information Security Office: (980) 387-9756 Email: mitta.p.isley@bankofamerica.com -------------------------------------------------------------------------------- ----------------------------------------------------------- Subject: EWT - TACTO - IRC Talk ------------------------------- BAML-EWT logo.png Source: IRC � AnonOps IRC - #AnonOps Date / Time: 24 May 12 � 10:30EST � 10:45EST Summary of Information: While monitoring the AnonOps IRC there were mentions of Bank of America, Countrywide, Fannie Mae, and Freddie Mac in regard to fraud. More importantly one of the users claims to have over 1000 documents to prove fraudulent activity. The user did not specify which company the documents belong to. Transcript follows comment. Comment: EWT has not observed any further comments in regard to the documents nor any specifics. With the upcoming OpNewSon these documents may be released in the dissemination of the purported �leaks� that this group claims to have. EWT will continue to monitor for any further developments. Ends. //Transcript Begins// they sign with the labels because they want things like press releases (which are not free btw), studio time they dont have to pay for, etc where bodys such as the riaa are trying to preserve their relevance ofcrouse they owe them ^^^ so they signed a contract, owe millions, arent getting paid because the money is going to the debt the label gives them thousands in advance sounds fair to me, if you dont want to owe someone money dont borrow it yeah whatevr I still think the RIAA is no longer needed. Record companies are now irrelevant. j's but borrowing it and then claiming its unfair that you have to repay it is stupid Moose makes a point with that i agree anonymoose but to be told "you've sold X millions of record's but we're not paying you" is wrong then they shouldnt have signed the contract not if they are in debt its not always that black and white my dear. I agree with that with Syn... But in general anonymoose is right Im not saying he isnt lol no one forced them to sign which is why im laughing so fuckin hard Syn but in the end it usually boils down to that just as no one forced people to sign mortgages they couldnt afford and didnt understand (or want to understand) shows the need for simplicity Moose: on that note why the fuck werent the ceos of those companies ever tried for fraud in the case of morgates particularly people could be said to have been tricked which companies specifically Countrywide, fannie may, and freddie mac coerced by different methods well fanny and freddie are basically hte government wilfully reckless in lending policies **NETSPLIT** Moose: they are owned by bank of america * Nijaxor (penis@penis.penis) has joined #anonops lolol boom * Effexor (FU@KING.HIVEMIND) has joined #anonops * BOFH (that@bastard.with.root) has joined #anonops * Wolfy (Howling@the.Moon.Tonight) has joined #anonops * Aha2Y (Aha-79@i.had.sex.with.your-sister.nl) has joined #anonops * Showers2All (Power2All@staff.anonops.li) has joined #anonops * Poke (cojones@rootadmin.anonops.com) has joined #anonops * Isis (great@staff.anonops.li) has joined #anonops * AnonOps sets mode +a #anonops Showers2All * AnonOps sets mode +q #anonops Poke * AnonOps sets mode +a #anonops Isis * AnonOps gives channel operator status to BOFH Wolfy Aha2Y Showers2All Poke Isis * AnonOps gives voice to Effexor As well is countrywide but its not fraud to say "here are the terms" and then someone agrees to that without understanding it because they dont want to ask questions for fear of someone thinking they are dumb and they dont want to read the contractsw * Poke has quit (Quit: leaving) * Nijaxor (penis@penis.penis) has left #anonops (Leaving) Also i have access to over 1k documents proving my point lol * Nijaxor (penis@penis.penis) has joined #anonops o/ * Wolfy gives voice to Nijaxor LulzDog: fanny mae, freddie mac and sally whatever are US gov * Nijaxor has quit (Quit: Leaving) sally whatever does student loans Moose you never covered countrywide Moose: they are owned by bank of America Yea i knnow you are right I never did and I was responding to that comment over what I did cover, fanny and freddie * Poke (cojones@AN-7pa.2vh.r88huf.IP) has joined #anonops * Tony_The_Tiger sets mode +q #anonops Poke * Tony_The_Tiger gives channel operator status to Poke * down_ (lets@get.dangero.us) has joined #anonops cojones mas grande I was grouping them as a whol as far as fraud goes **Mass Users Rejoin Due to Netsplit** * Poke sets mode +D #anonops Or at least conspiracy to commit fraud BTW Since Poke didnt feel fit to tell you hes moving leafs so hold onto your cawks shh * Poke is now known as epok * Yagami (Yagami2@AN-2v0.jf6.guvaeb.IP) has left #anonops * ZenPanda has quit (Ping timeout: 121 seconds) * Anon-Twats has quit (Ping timeout: 121 seconds) well fannie and freddie do not do direct loans, they usually buy on the secondary market they guarantee well over 50% of all mortgages in the US now lolol. http://humormood.com/wp-content/uploads/2012/05/3IA7l.jpg I think its rapidly approaching 90% but I just dont know offhand how many mortgages they actually own and taxpayers guarantee They shouldve died in 2008 if people stop paying their mortgages the government just raises taxes and/or prints more money to pay them off, its the tax payer that ends up losing LulzDog - (LulzDog@AN-8s4.a63.modebn.IP) //Transcript Ends// Respectfully, Jay Haak Cyber Threat Analyst - 24/7 Early Warning Team TEKsystems Contractor for Bank Of America Cell: (281) 840-1822 Email: jay.haak@bankofamerica.com BAML-EWT email.png -------------------------------------------------------------------------------- ---------------------------------------------------------- Subject: EWT - TACTO - Dox on UgNazi ------------------------------------ BAML-EWT logo.png Source: Pastebin.com Date / Time: 18 May 2012 Summary of Information: The following is a paste cited as being the confirmed dox of UgNazi members. Paste link: Pastebin.com/ZYp7DhrT � see full paste below. //PASTE BEGINS// Hello, Today I am contacting you regarding a series of recent DDoS attacks on multiple .gov websites (including cia.gov justice.gov dc.gov wa.gov nyc.gov and many others) The hacker also target many not .gov websites (including washington.org slcpd.com goarmy.com mcdonalds.com and many others) Most of, if not all of, the recent attacks have been coming from a group called ugnazi. The members of ugnazi according to their website (ugnazi.com) are JoshTheGod, CyberZeist, Cosmo, S3rver.exe, and MrOsama. These hackers have not only been DDoSing websites, they have leaked fbi documents ( hxxp://pastebin.com/VULutT1M ), commited numerous accounts of Credit Card Fraud, Hacked numerous websites, and more. Here is all the information I have on them, 3 out of the 5 members. =========== JoshTheGod =========== Leader of UGnazi Behind ufc.com hack, leaking personal information including SSNs of many people (see cocksecurity.com), and Credit Card Fruad. Name : Blake Bronstad Dob : October 12, 1992 Address: 219 elm st west apt 2e norwood, MN 55368 Mother: Catherine A Bronstad (60 Years old) Dad: Michael George Baker (45 Years old) Google Voice Number: 3472911346 ( I hacked ) . Real Number on it 9522390358 952-373-9068 952-239-0358 Skype: Josh.josh.joshy Isirgod Josh (Owner of it has gotten it back) Msn: Josh@fbi.tf Playertopcat@yahoo.com Josh@obbahhost.com ( Hacked ) Blake_nick@live.com ( Hacked ) Facebooks: https://www.facebook.com/profile.php?id=1648843204 https://www.facebook.com/profile.php?id=100001354736560 https://www.facebook.com/profile.php?id=100002023048908 This kid plays habbo all day. Aliases: Joshthegod Raidon Josh Matthews Nick James Robert Whitetaker Milo Matthews Josh Dotnet Emails: Josh@obbahhost.com Josh@fbi.tf admin@habbo.cm Domains: hxxp://Jm.com hxxp://UGNazi.com hxxp://Cocksecurity.com hxxp://Habbo.cm hxxp://paste.re hxxp://minecraft.re hxxp://fbi.tf Fake Dox hes Claimed: Name: Joshua B Matthews Age: 22 Address: 111 Mosel Ave Staten Island, NY 10304 Name: Joshua w Matthews Dob:11/28/1988 6887 FULLER STATION RD SCHENECTADY, NY 12303-5301 =========== Cosmo =========== Behind most of the recent DDoS attacks (see his twitter). Name: Eric Taylor Mom's name: Sheila Brown Address: 3337 E 15th St, Long Beach, California 90804 Cell Phone: 562-256-0832 Aol Instant Messanger Accounts: maybeCosmo, Cosmo@comcast.net Twitter: hxxp://twitter.com/#!/ThaCosmo Pastebin: hxxp://pastebin.com/u/maybecosmo Youtube: hxxp://www.youtube.com/user/TeamDiversityTD Website: hxxp://team-diversity.net/ =========== MrOsama =========== Also behind the recent DDoS attacks (see his twitter), and Credit Card Fraud. Known as The Godfather, Godfather, Vouch, and MrOsama. Ip Address: 72.209.213.15 ip72-209-213-15.dc.dc.cox.net Aol instant messanger account: Vouch YIM: ComeAfterUs@yahoo.com Icq: 421542 Msn: K@Live.com Twitter: hxxp://twitter.com/#!/UG Pastebin: hxxp://pastebin.com/u/mobster hxxps://carderprofit.cc/ account: mobster //Paste Ends// Respectfully, Jay Haak Threat Analyst - 24/7 Early Warning Team TEKsystems Contractor for Bank Of America Cell: (281) 840-1822 Email: jay.haak@bankofamerica.com BAML-EWT email.png -------------------------------------------------------------------------------- --------------------------------------- Subject: FLASH UPDATE - 5: STRATFOR (vendor) hacked, client list released, credit cards exposed -------------------------------------------------------------------------------- --------------- cid:image001.png@01CCCC50.E8FAC3E0 ConfidentialDataGISTMPandora17hola38 This advisory is informational only. Threat Management has been made aware of Threat Activity taking place external to the Enterprise. This report is intended to provide early warning information should this threat begin to impact Enterprise-wide operations. Distribution should be limited to �need-to-know� parties. INITIAL FLASH SUMMARY Early Warning Team reported the Initial attack on STRATFOR 24 DEC 2011 when Anonymous / #AntiSec, as part of an operation they call LulzXmas, took down the website www.stratfor.com and claimed they hacked into databases. STRATFOR is a private independent global intelligence company that provides in-depth analysis of world events founded in 1996 in Austin Texas. #AntiSec is primarily focused on attacking, exposing and embarrassing security vendors (white hats). Initially several tweets were sent out by various members of the hacktivist group Anonymous with a link to Pastebin with a list of 4000 clients of STRATFOR, which lists Bank Of America, eight of our critical vendors and several other financial institutions and governments from around the world. While there was no other information on the list other than the names of clients it was still a compromise of STRATFOR�s confidentiality and exposes the bank and its critical vendors to more possible attacks if any more information was compromised. SOACC has a subscription to STRATFOR - they provide their analysis (both daily and ad hoc updates) to the team. SOACC�s Sean Doherty�s sense is that STRATFOR would only have access to contact information/billing data; he doesn�t believe BAC has gone to STRATFOR with specific requests or taskings that would involve sharing any other data. We understand that other teams in/outside Corporate Security (GBCR etc.) might also use STRATFOR. Late on 25 DEC 2011, Anonymous / #Antisec released details on approximately 13,000 credit cards related to the STRATFOR breach. The data was passed to GIS Fraud. Only eight cards were from BAC, and of those, only one was still valid. Comment. Antisec has started to release credit card information allegedly obtained through the Stratfor breach. Over the last 24 hours, Antisec hackers have released over 13,000 credit card numbers, including CCVs and user information. Eight Bank of America cards were identified but only one was still valid. Antisec claims to have enough information to extend LulzXmas until the New Year. While this situation is certainly embarrassing for Stratfor, it seems the bulk of the data being released is dated. The card information has been passed to the fraud department for action. The 24/7 Early Warning Team is monitoring and will alert if there are any developments. Threat Management is monitoring for any other details or further release of data from the STRATFOR breach. Ends. STRATFOR (a/k/a Strategic Forecasting Inc.) is identified in ARIBA and the Global Sourcing PSR as a Tier 4 supplier with START scores of IS/Low, BC/Low. The last published START in ARBIA indicates that the supplier does not have access to customer information. Update: BAC associates whose email addresses were among the 944 compromised subscribers are starting to receive Phishing/harassment emails. The emails appear to be from the CEO of STRATFOR and ask the target to fill out an internet form. Thus far there have been three spear phishing emails that include suspicious links to a youtube video (which turns out to be a simple Rick Roll), a press release, and a �Rate STRATFOR�s incident response� entry. The �Rate STRATFOR�s incident response� form has been delivered as both a link and the form within the email itself depending on the attempt. In both cases the form does not attempt to �fool� the victim into thinking they are really dealing with STRATFOR. The links lead to nothing more than sophomoric harassing commentary. The emails have been sent to ABUSE and CCM. No malware or malicious code was found on any of the links. Comment: These is simple harassment and this is the first reported use of the information from the STRATFOR breach against individual victims. We should expect more of this, and most likely more sophisticated tactics and procedures from other cyber actors in the future. This may be an effort to track the numbers of individuals that follow the links. Ends. After further analysis, the STRATFOR compromised data dump was compared to the complete list of BAC domains. The total number of compromised credit card accounts and subscriber accounts has increased evidently. There are 93 compromised credit cards that are not expired and 944 compromised subscriber accounts that belong to active BAC employees. Anonymous as promised have posted links to 6 file sharing sites that contain sensitive data from the STRATFOR breach on Pastebin. The file contains 75,000 names, addresses, CCs and MD5 hashed passwords of STRATFOR customers. Comment: Link directs to a new pastebin which touches on the Stratfor hack once again, and then at the bottom lists another data dump. All the links appear to be the same file just different venues. In the file there are 17 BAC Personnel listed with names, addresses, and credit card information. Ends Corporate Security is working with Global Fraud Protection to block and reissue cards identified as compromised to mitigate the risk. The Investigative Services Intel and Analytics team has pulled the full data set from the Wiki location and done further analysis which will be used to determine the total impact to BOA customers. The Intel and Analytics team will work with Card Investigations and external partners to determine the full impact and risk. GCCIBT Risk Management checked within GBCR and it appears that most BAC subscribers utilize an invoice payment process for set of seat licenses as opposed to paying individually on Corp Cards for access. This should help limit exposure of any captured Visa card info. Anonymous is now claiming to have STRATFOR�s entire email spool, releasing a single email thread as proof. Enterprise Communications is reviewing the nature of email communications between STRATFOR and BAC to evaluate any risk. More information to follow. Next Steps - Control Center Monitoring and Incident Management have been notified and are reviewing the issue for potential mitigation requirements. GIS Engagement is also aware and working with appropriate Line of Business personnel. A more detailed update to this bulletin will be distributed as events warrant. Should this issue be declared an actual BAC-Impacting event, then GIS Incident Management will provide detailed updates through to closure.