Bank of America hacked by Anonymous!


SUBMITTED BY: Guest

DATE: Feb. 25, 2013, 7:26 p.m.

FORMAT: Bash

SIZE: 54.2 kB

HITS: 7892

  1. =========================================================
  2. =========================================================
  3. __________ __ __
  4. \______ \__ ___/ |__/ |_____________ ____ ______
  5. | | _/ | \ __\ __\_ __ \__ \ _/ __ \\____ \
  6. | | \ | /| | | | | | \// __ \\ ___/| |_> >
  7. |______ /____/ |__| |__| |__| (____ /\___ > __/
  8. \/ \/ \/|__|
  9. =========================================================
  10. ==== HAS MUMMY EVER SAID DONT PLAY WITH ANONYMOUS??? ====
  11. =========================================================
  12. Bank of America went totally nuts and fucking mad cow
  13. and censored all the previous releases, as we love so
  14. much fingering prolapses after buttraeping. here we go
  15. again.
  16. so....
  17. MEGA TEASEEEEEEEEEEEEEEEEERRRR
  18. ALSO COCKS
  19. \:D/
  20. Summary of Information: By the way, if you asked Santa for a present
  21. this #LulzXmas BE PATIENT. Santa has another week people. Questions?
  22. Twitter @ DesructiveSec - Anontastic - Comment: This new information
  23. suggests that we may not be seeing any �Big� releases from #LulzXmas
  24. just yet, however it is advised that we not let our guards down as this
  25. could be what they are hoping for. Ends.
  26. Respectfully,
  27. Jay Haak
  28. Threat Analyst - 24/7 Early Warning Team
  29. TEKsystems Contractor for Bank Of America
  30. Cell: (281) 840-1822
  31. Email: jay.haak@bankofamerica.com
  32. BAML-EWT email.png
  33. Subject: EWT - TACTO - Tracking Occupiers
  34. -----------------------------------------
  35. BAML-EWT logo.png
  36. Source: RawStory.com / Twitter
  37. Date / Time: Tweeted 28 APR 12 @ 21:07EST / Story Posted 28 APR 12 @
  38. 19:19EDT
  39. Summary of Information: The following tweet was observed: �Banks
  40. cooperating with police to track #Occupy protestors: goo.gl/tpvko #OWS #MAY1st
  41. #MAYDAY @M1GS� � AnonInfoWarfare. The link is to a story that was written
  42. by Andrew Jones of RawStory claiming that American banks and those overseas are
  43. working with law enforcement officials in order to detect and deter the Occupy
  44. Protestors attacks. Currently there are 20 comments from readers, 193
  45. Recommendations to Facebook Users, and 27 Tweets About this Story have been
  46. observed.
  47. http://www.rawstory.com/rs/2012/04/28/banks-cooperating-with-police-to-track-occ
  48. upy-protesters/
  49. Comment: Some comments that have been observed have been individuals claiming
  50. their not surprised while others are outraged. By this story being spread
  51. through the normal social media venues and #MAYDAY quickly approaching we could
  52. see some changes in the way Occupy decides to get the word out to their fellow
  53. protestors. EWT will continue to monitor for any developments regarding this
  54. story, or any suggestions of alternate means of communication regarding protest
  55. activities. Ends.
  56. Respectfully,
  57. Jay Haak
  58. Threat Analyst - 24/7 Early Warning Team
  59. TEKsystems Contractor for Bank Of America
  60. Cell: (281) 840-1822
  61. Email: jay.haak@bankofamerica.com
  62. BAML-EWT email.png
  63. Source: IRC/Pastebin
  64. Date / Time: 28 APR 12/Paste 27 APR 12
  65. Summary of Information: A user going by the nick Laurelai entered the Channel
  66. #voxanon in the VoxAnon IRC stating that Barrett Brown isn�t a snitch.
  67. �hxxps://pastebin.com/LtadDiFC oh look barrett brown isn�t a snitch
  68. either�. The pastebin is a series of several text messages between what is
  69. believed to be an informant and a law enforcement official. Full paste
  70. contents are attached to this message in a Word Document for further analysis.
  71. Comment: These messages could be from Sabu who was ousted as an informant not
  72. long ago, however there is nothing to substantiate this and is merely an
  73. assumption. Ends.
  74. Respectfully,
  75. Jay Haak
  76. Threat Analyst - 24/7 Early Warning Team
  77. TEKsystems Contractor for Bank Of America
  78. Cell: (281) 840-1822
  79. Email: jay.haak@bankofamerica.com
  80. BAML-EWT email.png
  81. ================================================================================
  82. ====================================================
  83. ================================================================================
  84. ====================================================
  85. Subject: EWT - TACTO
  86. --------------------
  87. BAML-EWT logo.png
  88. Source: IRC/Pastebin
  89. Date / Time: 28 APR 12/Paste 27 APR 12
  90. Summary of Information: A user going by the nick Laurelai entered the Channel
  91. #voxanon in the VoxAnon IRC stating that Barrett Brown isn�t a snitch.
  92. �hxxps://pastebin.com/LtadDiFC oh look barrett brown isn�t a snitch
  93. either�. The pastebin is a series of several text messages between what is
  94. believed to be an informant and a law enforcement official. Full paste
  95. contents are attached to this message in a Word Document for further analysis.
  96. Comment: These messages could be from Sabu who was ousted as an informant not
  97. long ago, however there is nothing to substantiate this and is merely an
  98. assumption. Ends.
  99. Respectfully,
  100. Jay Haak
  101. Threat Analyst - 24/7 Early Warning Team
  102. TEKsystems Contractor for Bank Of America
  103. Cell: (281) 840-1822
  104. Email: jay.haak@bankofamerica.com
  105. BAML-EWT email.png
  106. --------------------------------------------------------------------------------
  107. ------------------------------------------------------------------------
  108. Subject: FLASH INITIAL - Anonymous targeting www.goldmansachs.com in DDOS
  109. channel
  110. --------------------------------------------------------------------------------
  111. -
  112. cid:image001.png@01CCAEB9.C9EDA800
  113. ConfidentialDataGISTMPandora17hola38
  114. This advisory is informational only. Threat Management has been made
  115. aware of Threat Activity taking place external to the Enterprise. This
  116. report is intended to provide early warning information should this
  117. threat begin to impact Enterprise-wide operations.
  118. Distribution should be limited to �need-to-know� parties.
  119. INITIAL FLASH SUMMARY
  120. On the AnonOps IRC server, in the #DDOS channel, at approximately 4:05
  121. PM ET, members of Anonymous began to discuss and then to target
  122. www.goldmansachs.com. It appears as if there is already a booster
  123. created for this attack, and the attack is currently underway. Other
  124. anons are talking up the attack in others channels, such as #antisec and
  125. #lulxsecreborn. #DDOS channel has 179 people in the channel.
  126. Threat Management reached out to our contact at Goldman Sachs, and have
  127. made CTPS management aware.
  128. Source: IRC AnonOps #DDOS
  129. Date/Time: 31 Mar 12 @ 16:05EST Present
  130. Summary of Information: The following is the transcript of the
  131. development of the current attack on Goldman Sachs (DO NOT CLICK
  132. LINKS!):
  133. CONTENT BEGINS
  134. * Kenny_Powers has changed the topic to: #DDOS :: TARGET:
  135. www.goldmansachs.com :: BOOSTER: http://pastebin.com/YSfGyAqr :: [
  136. #OpDownWithACTA - #OpBlackout - #setup - #tutorials - #anonops -
  137. #OpGreece - #OpSyria - #Defacement - #Aph - #OpNewBlood - #OpPirateBay -
  138. #OpActaFR - #OperationGreenRights - #OpIran - #Polska - #vHost ] <root>
  139. right
  140. Comment. Very small numbers in the channel, tools mention are LOIC and
  141. Slowloris. Ends.
  142. Next Steps Monitoring for further traction by more anons, and any
  143. reported impact on the target. This FLASH will be updated as more
  144. information becomes available.
  145. --------------------------------------------------------------------------------
  146. -----------------------------------------------------------
  147. Subject: EWT - TACTO - JoshTheGod's IPs
  148. ---------------------------------------
  149. BAML-EWT logo.png
  150. Source: Twitter/josh-the-god.com
  151. Date / Time: 24 May 12
  152. Summary of Information: �@JoshTheGod � We�ll just keep uploading your
  153. d0x everywhere, I�m sure your tiny botnet can�t handle 20+ sites. Cheers
  154. hxxp://t.co/SsXK4EpL� Sent by @UGDocs at 13:02EST. The link directs you to
  155. hxxp://www.josh-the-god.com which has several pieces of information that claim
  156. to identify JoshTheGod. Most recently posted (7 hours ago) was the suspected
  157. IP addresses for JoshTheGod. Comment: EWT is unable to determine the
  158. legitimacy of this information, but will continue to monitor the site for any
  159. further releases of information. Ends.
  160. //Paste Begins//
  161. JoshTheGod�s aka Josh Mendez�s IPs - �d0x�
  162. Save these and post them everywhere! He�s gotten the pastebin�s removed,
  163. and is currently DDOSing my Soup.IO account� Maybe because it�s the CORRECT
  164. INFORMATION?
  165. Next time newbie will remember to remove �direct-connect� - Have fun, I
  166. mean �block� these IPS:
  167. Josh�s IPs: Note the Windows box at OVH as well:
  168. cpanel.hfu.cc
  169. IP: 94.23.161.175
  170. ftp.hfu.cc
  171. IP: 94.23.161.175
  172. localhost.hfu.cc
  173. IP: 127.0.0.1
  174. mail.hfu.cc
  175. IP: 94.23.161.175
  176. ns1.hfu.cc
  177. IP: 94.23.161.175
  178. ns2.hfu.cc
  179. IP: 176.31.237.84
  180. ns3.hfu.cc
  181. IP: 96.9.186.213
  182. server.hfu.cc
  183. IP: 176.31.237.84
  184. webmail.hfu.cc
  185. IP: 94.23.161.175
  186. windows.hfu.cc
  187. IP: 176.31.229.158
  188. www.hfu.cc
  189. IP: 94.23.161.175
  190. Plus for LULZ, his home IP, a little birdie told me a LOIC would take it down
  191. alone.
  192. Joshua Isabella Mendez a.k.a. �UGNazi� aka JoshTheGod.
  193. D0X / Addy:
  194. 73 Bodine Street, Staten Island, NY 10310
  195. MySpace:
  196. hxxp://www.myspace.com/dancingsantajosh
  197. Photos:
  198. hxxp://www.myspace.com/dancingsantajosh/photos/
  199. Twitter(s):
  200. hxxp://twitter.com/JoshTheGod - hxxp://twitter.com/UG Home IP:
  201. (pool-435091bb.dyn.optonline.net) :: 67.80.145.187 �All information was
  202. verified from their IP addresses that logged into irc.anonops.pro gladly
  203. provided to us by an informant who is an Oper in the IRC�
  204. //Paste Ends//
  205. Respectfully,
  206. Jay Haak
  207. Cyber Threat Analyst - 24/7 Early Warning Team
  208. TEKsystems Contractor for Bank Of America
  209. Cell: (281) 840-1822
  210. Email: jay.haak@bankofamerica.com
  211. BAML-EWT email.png
  212. --------------------------------------------------------------------------------
  213. ---------------------------------------------------------
  214. Subject: EWT - TACTO - @th3j35t3r Info UPDATE
  215. ---------------------------------------------
  216. BAML-EWT logo.png
  217. Source: Twitter
  218. Date / Time: 12-13 May 2012
  219. Summary of Information: While monitoring a tweetdeck feed for
  220. �th3j35t3r� a user by the twitter handle @cubespherical began to call
  221. out th3j35t3r to speak with him (@cubespherical) through DM. Apparently
  222. th3j35t3r has not replied to the DM, and therefore @cubespherical has
  223. begun to provide Intel on th3j35t3r until th3j35t3r replies to the DM.
  224. Below is a transcript of the twitter information that has been suggested
  225. to be related to th3j35t3r.
  226. Smedley Manning ? @cubespherical - @th3j35t3r Still cruising in that
  227. Chevy Silverado? Gonna keep dropping info until you come back to me on
  228. DM. Let's not do this in the open?
  229. 1h Smedley Manning ? @cubespherical - @th3j35t3r 10 words for you.
  230. Dallas Cowboys. Scruffy Murphys GA, Shiner, Ft Benning, 2003. You. -
  231. Want to talk to me yet? Why so quiet?
  232. 1h Smedley Manning ? @cubespherical - @th3j35t3r ...Happy Birthday for
  233. next week ...RD. Don't go quiet on me, come back to DM. You don't want
  234. to talk about this in public do you?
  235. 17h Smedley Manning ? @cubespherical - @AnonymousDown True. only with
  236. the oysters and Tabasco. I know the oyster. Capiche me? He knows it too.
  237. DM.
  238. 17h Smedley Manning ? @cubespherical - Still waiting @th3j35t3r - I can
  239. go nuclear with it. You can still deal for now. DM is best for us both.
  240. Don't make mistake to ignore DM.
  241. from Alabama, US
  242. 12 May Smedley Manning ? @cubespherical - @th3j35t3r sent you a DM. You
  243. should check it at your earliest convenience. In your interests.
  244. from Alabama, US
  245. Comment: Everyone claims to have dox on th3j35t3r this information may
  246. not be credible, however it may be interesting to see how much more info
  247. is leaked by @cubspherical. In the event that the doxing tweets cease
  248. we may be able to ascertain that this info is legitimate and that
  249. th3j35t3r finally replied to the DM to avoid any further information
  250. being released. Ends.
  251. UPDATE The following image was posted in #anonops by username Astro
  252. stating �this is AWESOME
  253. http://i218.photobucket.com/albums/cc213/truelai3/BdK3T.jpg� COMMENT The
  254. image magnified shows a chain of Direct Messages stating that
  255. @cubespherical knew who @th3j35ter was and that he was going to be
  256. �outing� him after building money for wikileaks.
  257. Jeremiah Piper, 24x7 Monitoring
  258. TEKsystems - Onsite at Bank of America
  259. Office: (214)209-7160
  260. Email: jeremiah.piper@bankofamerica.com
  261. http://www.TEKsystems.com
  262. cid:image002.png@01CCC06F.771CF0F0
  263. --------------------------------------------------------------------------------
  264. ---------------------------------------------------
  265. Subject: EWT TACTO - Assange Asylum
  266. -----------------------------------
  267. Early Warning Team
  268. <http://sharepoint.bankofamerica.com/sites/cis/vulnerability/Controlsand
  269. ProcessEngineering/ThreatManagement/EWT>
  270. Assange Asylum has been added
  271. Modify my alert settings
  272. <http://sharepoint.bankofamerica.com/sites/cis/vulnerability/Controlsand
  273. ProcessEngineering/ThreatManagement/EWT/_layouts/MySubs.aspx> |
  274. View Assange Asylum
  275. <http://sharepoint.bankofamerica.com/sites/cis/vulnerability/Controlsand
  276. ProcessEngineering/ThreatManagement/EWT//Lists/TACTO/DispForm.aspx?ID=99
  277. > | View TACTO
  278. <http://sharepoint.bankofamerica.com/sites/cis/vulnerability/Controlsand
  279. ProcessEngineering/ThreatManagement/EWT/Lists/TACTO>
  280. Title: Assange Asylum
  281. Date Time Group: 8/15/2012 11:15
  282. SOURCE: Open Source Internet; Twitter
  283. Attachment: No Attachment
  284. Websites \ URL: www.ustream.tv/channel.occupynewsnetwork
  285. http://www.nytimes.com/2012/08/16/world/americas/ecuador-says-britain-th
  286. reatened-to-enter-embassy-to-get-assange.html
  287. http://www.guardian.co.uk/media/2012/aug/16/julian-assange-ecuador-embas
  288. sy-asylum?newsfeed=true
  289. http://www.huffingtonpost.com/2012/08/15/julian-assange-ecuador-raid-uk-
  290. asylum_n_1784797.html?utm_hp_ref=media
  291. Tacto Updates:
  292. Summary of Intelligence: Throughout the evening reports via
  293. twitter, OSINT, and livestream video feeds have claimed that the UK has
  294. issued a notification to Ecuador's Embassy. The notification was
  295. perceived as a threat by Officials from Ecuador, "Today we have received
  296. from the United Kingdom an explicit threat in writing that they could
  297. assault our embassy in London if Ecuador does not hand over Julian
  298. Assange,� Mr. Pati�o said at a news conference in Quito, adding
  299. defiantly, �We are not a British colony.� This information has been all
  300. over social media throughout the evening. It has gained alot of
  301. attention from WikiLeaks supporters as well as Occupy members. When the
  302. reports initially came out that Julian Assange would be taken from the
  303. Embassy users were streaming via bambuser.com. Shortly after feeds
  304. began the site bambuser.com was takend down by a DDoS attack in which
  305. @AntiLeaks took credit. The J35t3r als
  306. Comment: EWT will continue to monitor this activity due to the
  307. negative ties between WikiLeaks and Bank of America. Due to the
  308. financial blockade BAC may be considered a target if Julian Assange is
  309. handed over to authorities, and the supporters decide to attack those
  310. they feel responsible.
  311. Intelligence Type: Informational
  312. Actions Taken:
  313. Credit Card Numbers Discoverd: No
  314. Credit Card Data Obtained:
  315. Modified: 8/15/2012 22:13
  316. Created: 8/15/2012 22:13
  317. Last Modified 8/15/2012 22:13 by Haak, Jay
  318. --------------------------------------------------------------------------------
  319. -------------------------------------------
  320. Subject: TACTO - Sopa Support
  321. -----------------------------
  322. Team,
  323. Source: IRC - @Indymedia / #occupywallstreet
  324. Date/Time: 21 December 2011 @ 1840EST
  325. Summary of Information:
  326. <jihad>
  327. http://judiciary.house.gov/issues/Rouge%20Websites/SOPA%20Supporters.pdf
  328. <badgerfem> Do these organizations know what they have started?
  329. <badgerfem> Follow the money
  330. Comment: The list is 4 pages in length and has a header of United
  331. States House of Representatives � Judiciary Committee � Chairman Lamar
  332. Smith (TX-21). List of Supporters: H.R. 3261, the Stop Online Piracy
  333. Act. Included among those named are two of our critical suppliers:
  334. MasterCard Worldwide and Visa, Inc. This has been the only mention of
  335. this document at this time, and it has not hit twitter as of yet. EWT
  336. will continue to monitor for any further developments. Ends.
  337. Respectfully,
  338. Jay Haak
  339. Threat Analyst - 24/7 Early Warning Team
  340. TEKsystems Contractor for Bank Of America
  341. Cell: (281) 840-1822
  342. Email: jay.haak@bankofamerica.com
  343. BAML-EWT email.png
  344. --------------------------------------------------------------------------------
  345. -------------------------------
  346. Subject: TACTO - Break Up with BofA
  347. -----------------------------------
  348. Source: Twitter
  349. Date/Time: 14 Feb 12 @ 14:08EST
  350. Summary of Information: The following message was tweeted by
  351. dharmaburning, �LIVE: Occupy SF #VD Break up with BofA (@occupy1liberty
  352. live at ustre.amEUCF/1) Comment: EWT will monitor for any developments
  353. or indications as to which locations may be targeted, and report them to
  354. the necessary individuals. Ends.
  355. Respectfully,
  356. Jay Haak
  357. Threat Analyst - 24/7 Early Warning Team
  358. TEKsystems Contractor for Bank Of America
  359. Cell: (281) 840-1822
  360. Email: jay.haak@bankofamerica.com
  361. BAML-EWT email.png
  362. --------------------------------------------------------------------------------
  363. -----------------------------
  364. Subject: FLASH INITIAL: Threat of a virtual sit-in against BAC
  365. ---------------------------------------------------------------
  366. cid:image001.png@01CCAEB9.C9EDA800
  367. ConfidentialDataGISTMPandora17hola38
  368. This advisory is informational only. Threat Management has been made
  369. aware of Threat Activity taking place external to the Enterprise. This
  370. report is intended to provide early warning information should this
  371. threat begin to impact Enterprise-wide operations.
  372. Distribution should be limited to �need-to-know� parties.
  373. INITIAL FLASH SUMMARY
  374. The FBI warned BAC of a plan to attack multiple websites, including BAC,
  375. as part of a �virtual sit-in for Public Education�. Instructions for
  376. participation in this attack are at
  377. http://reclaimucsd.wordpress.com/category/virtual-sit-in/. This event
  378. is being hosted by the Public Education Coalition of UCSD. This page
  379. states that the virtual sit-in will take place from March 1st � 5th.
  380. And defines the attack as, �DAY OF ACTION, ELECTRONIC CIVIL
  381. DISOBEDIENCE, MARCH 1ST, NEOLIBERALISM, VIRTUAL SIT-IN�. Included in
  382. this page are instruction to download a .zip file that they claim only
  383. includes, �4 simple HTML pages�. They go on to give instructions on
  384. what needs to be copied and then pasted to the users browser. They
  385. state that this will work with any browser. They also provide
  386. instructions at virtualsitin.com for participants that are leery of
  387. downloading or on a machine in which the user cannot download from the
  388. internet. Specific targets listed on the website are bankofamerica.com,
  389. universityofcalifornia.edu, and jerrybrown.org.
  390. Thus far there has been tweets (below) suggesting that this action is
  391. �happening now� and calling for participants to join the action.
  392. "Download and click. Click = Action: March 1st-5th Virtual Sit-In <<
  393. Reclaim UCSD hxxp://t.co/dUq52Qd2" - Sent by banglab at 06:46EST 01
  394. March 2012.�
  395. "HAPPENING NOW - March 1st-5th Virtual Sit Participation wp.me/p2dCZS-5t
  396. via @ReclaimUCSD" - Sent by sadey_occupy at 03:50EST 01 March 2012.�
  397. Below are the instructions found within the .zip file on the website �
  398. To use the sit-in action page:
  399. 1. DOWNLOAD: You can download the action files and run them directly
  400. from your own hard drive here. This will help reduce the load on our
  401. server. We promise there are no viruses attached to these files. All you
  402. need to do is uncompress the zipped archive which will give you a
  403. directory with a bunch of files in it. Open the one called index.html in
  404. your browser and you'll be on your way to a pleasant sit-in.
  405. 2. Then click "Enter the Action" to participate. The action page runs
  406. automatically when it loads, but it takes 40-60 seconds to load
  407. depending on your connection speed. The frames at the top part of the
  408. page may initially load very slowly. This is a delay to allow the
  409. browser to call all the objects on the page. But once all frames are
  410. loaded the reload speed will increase. The status of the page is
  411. displayed in the upper 'status' window.
  412. 3. You are going to see lots of error messages saying "Not Found, the
  413. URL /funding (etc.) was not found on this server". This is by design and
  414. expected. Afterall, we don't really expect to find funding, equality,
  415. action, transparency, justice, ... under the current effects of
  416. neoliberalization and privatization that have pervaded higher education.
  417. 4. CONNECTION SPEED: In the 'speed' box on the right side in the
  418. bottom part of the page you see the speed at which the action page is
  419. reloading the frames in the top part. It automatically runs on the
  420. assumption that you have a slow dialup connection. If you have a fast
  421. dialup connection then click on the 'CHANGE SPEED' button to increase
  422. the speed of the operation. If you have a high speed connection - T1,
  423. ISDN, etc., as you might at a company, university, an internet cafe or
  424. even at home - then click on 'CHANGE SPEED' again to set the page for
  425. it's highest speed of operation.
  426. 5. The 'slow dialup' setting submits requests to each page every 6
  427. seconds. The 'fast dialup' setting submits a requests every 3 seconds.
  428. The 'high speed' setting submits requests every second. The faster the
  429. operation, the better!
  430. 6. Okay, now just sit back and relax, or open a new browser window
  431. and do anything else you need to do, BUT LEAVE THE ACTION WINDOW OPEN IN
  432. THE BACKGROUND, THE LONGER THE BETTER.
  433. 7. SPAWN: If you are using the pages and you find that the computer
  434. is making effortless connections, and you have the system resources
  435. available in your computer to take the extra effort, then click on the
  436. 'Spawn' link. This runs another copy of the sit-in pages in another
  437. window. After clicking 'Spawn' redo steps 3 again in the new page to set
  438. the appropriate speed.
  439. 8. Again, if at any point you start to get a lot of time-out
  440. messages, or messages saying the server is probably down, then the
  441. servers are beginning to grind to a halt! If it gets to be annoying then
  442. close down and try again later (see final step below).
  443. 9. When you've had enough, just close the browser window that is
  444. displaying the action page. That will end your sit-in session.
  445. 10. MIRROR: This site is being mirrored on at least one other
  446. location. If you find that the current URL is too busy (does not load
  447. the action page), then try the mirror site.
  448. Comment. Thus far there has been no mention of this event in the usual
  449. chat rooms used by known hackitivists. This event is being called a
  450. gesture of Electronic Civil Disobedience and may be an opportunity for
  451. Anonymous to participate using more effective methods of attack. Ends.
  452. Next Steps �The Early Warning Team is monitoring for Hactivist
  453. participation in this event and the Threat Management Tech SME�s are
  454. looking into how this attack is going to work using the listed download.
  455. This FLASH will be updated as more information becomes available.
  456. --------------------------------------------------------------------------------
  457. -------------------------------------
  458. Date: 10/24/2012 8:50:37 PM
  459. Subject: Occupy News 10/24/12
  460. ------------------------------
  461. Occupy Wall Street/General
  462. Occupy movement makes lasting impact despite losing steam (10/23/12)
  463. Over a year ago, the Occupy movement exploded as major news outlets began
  464. covering the Occupy Wall Street protest in New York City�s Zuccotti Park. The
  465. protest quickly spread around the world in less than a month, but the movement
  466. has lost steam over the past year as authorities have cleared out all of the
  467. major Occupy camps around the country. While the movement has largely dropped
  468. out of public consciousness, Occupy protestors in cities around the world
  469. remain determined to have their voices heard, which raises the the question, is
  470. the Occupy movement over, or can it still make a difference? So far, Occupy
  471. hasn't led to any clear, quantifiable change in the American financial sector,
  472. which appears to be the movement's main goal. The goals and demands page of
  473. occupyaustin.org details the movement�s purpose: essentially, to protect the
  474. majority of Americans from the reckless, greedy actions of corporations and the
  475. super-rich.
  476. http://www.hilltopviewsonline.com/viewpoints/article_4880834e-194a-11e2-9555-001
  477. a4bcf6878.html
  478. The young and the restless (10/23/12)
  479. Young people were among the hardest hit by the global recession, and youth
  480. unemployment will continue to be a risk factor for social and political
  481. instability worldwide, writes Jonathan Wood, of business risk consultancy
  482. Control Risks. The Arab Spring, Europe's anti-cuts protests, the global Occupy
  483. movement, and the London riots of 2011 all raised questions about the links
  484. between youth unemployment and social unrest.While the main driver of youth
  485. unemployment is economic weakness, government cuts have exacerbated the
  486. situation by reducing public sector workforces, cutting unemployment support
  487. and raising education costs. In the United States, youth unemployment leaped by
  488. one-third during the economic crisis to above 17%, where it has remained.
  489. http://www.bbc.co.uk/news/business-19997182
  490. Why There Won�t Be a Bank Transfer Day in 2012 (10/24/12)
  491. From June 2011 to June 2012, credit unions reported a year-to-year increase of
  492. more than 2.16 million memberships � the largest influx of members in the
  493. past decade, according to data by the Credit Union National Association. In
  494. the prior year, there was only a 552,890-membership increase at credit unions.
  495. The four-fold jump in new memberships is easily attributed to last year�s
  496. Bank Transfer Day (held Nov. 5), the consumer movement that rallied fed-up bank
  497. customers to close their fee-riddled accounts and move their money to credit
  498. unions. The exact number of consumers who made the switch because of Bank
  499. Transfer Day is difficult to determine, but the movement did push credit unions
  500. into the spotlight.This year, however, there will be no official Bank Transfer
  501. Day to give banks a run for their customers and deposits, said Kristen
  502. Christian, the creator of Bank Transfer Day.
  503. http://www.mybanktracker.com/news/2012/10/24/no-bank-transfer-day-2012/
  504. US
  505. 99Rise Activists Attempt To Bridge Gap With Occupy L.A. (10/23/12)
  506. Nick Wagner showed up on time to Pershing Square for the Occupy L.A. General
  507. Assembly, which meant that he got there too early. Occupy L.A. cannot be
  508. trusted to "keep the trains running on time," as the expression goes.
  509. Meetings usually convene at least half an hour after the advertised time, and
  510. there are no stop times--you can stay there talking all night if you'd like,
  511. because somebody will always be there. Wagner trekked in from Riverside with
  512. his girlfriend Crystal in hopes that this particular October night would draw a
  513. decent crowd of activists.The 32-year-old planned to address the General
  514. Assembly with information regarding the new movement he'd joined called 99Rise,
  515. an Occupy offshoot that focuses on nonviolence and issues relating to the
  516. intersection of corporate money and politics.
  517. http://www.neontommy.com/news/2012/10/99rise-activists-attempt-bridge-gap-occupy
  518. -la
  519. Occupy Naperville marks first year of activism (10/23/12)
  520. Members of Occupy Naperville commemorated their first anniversary last weekend,
  521. and they have no plans to go anywhere any time soon. �We haven�t missed a
  522. single Saturday,� said organizer and Warrenville resident Steve Alesch, who
  523. works in Naperville. Fifteen to 20 demonstrators continue to turn out every
  524. week, gathering at the Free Speech Pavilion on the Riverwalk. They spend an
  525. hour or so voicing their opposition to the influence of special interests on
  526. American politics, with chants and signs.
  527. http://napervillesun.suntimes.com/news/15896172-418/occupy-naperville-marks-firs
  528. t-year-of-activism.html
  529. Free Ben & Jerry's In Union Square Today To Promote Constitutional Amendment
  530. (10/24/12)
  531. According to a press release from OccupyWallStreet.org, Unilever's Ben Cohen
  532. will be in Union Square today handing out free rubber stamps as part of a
  533. campaign to amend the Constitution to "get money out of politics." The
  534. so-called Stamp Stampede will distribute tens of thousands of stamps and
  535. encourage people to use them on their currency, stamping bills with one of four
  536. messages: NOT TO BE USED FOR BRIBING POLITICIANS STAMP MONEY OUT OF POLITICS
  537. CORPORATIONS ARE NOT PEOPLE; MONEY IS NOT FREE SPEECH THE SYSTEM ISN'T BROKEN,
  538. IT'S FIXED In addition to the stamps, there will also be free Ben & Jerry's ice
  539. cream, from 11 a.m. to 6 p.m.
  540. http://gothamist.com/2012/10/24/free_ben_jerrys_in_union_square_tod.php
  541. Europe
  542. Robin Hood tax gains traction in Europe (10/24/12)
  543. Robin Hood may not have roamed Sherwood Forest for hundreds of years, but fans
  544. of his "steal from the rich, give to the poor" ethos appear to have made
  545. inroads into European tax policy. The European Union's executive body said
  546. Tuesday that 10 members of the 27-nation group had agreed to move forward with
  547. a Financial Transaction Tax, also known as the Robin Hood tax. Supporters say
  548. the controversial move will raise billions of euros for cash-strapped
  549. governments by applying a small tax on transactions in financial markets. But
  550. critics say imposing the tax will drive investors away and act as a break on
  551. economic growth. Nobel Prize wining economist James Tobin first proposed
  552. taxing transactions in the foreign exchange market in the 1970s to limit
  553. volatility and curb speculation. The idea of taxing financial transactions
  554. more broadly really started to gain ground earlier this year, when former
  555. French President Nicolas Sarkozy began touting it as a way out of Europe's
  556. financial crisis. The tax has become a cause c�l�bre of grassroots
  557. organizations that often dress up in Robin Hood costumes and march in the
  558. streets. It has also been affiliated with parts of the Occupy Wall Street
  559. movement in the Untied States.
  560. http://buzz.money.cnn.com/2012/10/24/robin-hood-tax/?section=money_markets&utm_s
  561. ource=feedburner&utm_medium=feed&utm_campaign=Feed%3A+rss%2Fmoney_markets+%28Mar
  562. kets%29
  563. Madrid has peaceful anti-austerity protest (10/24/12)
  564. Thousands of anti-austerity protesters gathered outside Congress in Madrid
  565. while Spanish lawmakers debated next year's budget. It was the fourth "Occupy
  566. Congress" protest organized by the 25-S movement in the past month, ThinkSpain
  567. reported Wednesday. The group said more than 5,000 people participated in the
  568. Tuesday protest, Authorities placed the number of protesters at closer to
  569. 2,000.
  570. http://www.upi.com/Top_News/World-News/2012/10/24/Madrid-has-peaceful-anti-auste
  571. rity-protest/UPI-54071351081746/?spt=hs&or=tn
  572. Mitta Isley, MSLS
  573. Research & Records Management
  574. Cyber Threat Management & Information Sharing
  575. Global Information Security
  576. Office: (980) 387-9756
  577. Email: mitta.p.isley@bankofamerica.com <mailto:amy.k.taylor@bankofamerica.com>
  578. --------------------------------------------------------------------------------
  579. -----------------------------------------------------------
  580. Subject: EWT - TACTO - IRC Talk
  581. -------------------------------
  582. BAML-EWT logo.png
  583. Source: IRC � AnonOps IRC - #AnonOps
  584. Date / Time: 24 May 12 � 10:30EST � 10:45EST
  585. Summary of Information: While monitoring the AnonOps IRC there were mentions
  586. of Bank of America, Countrywide, Fannie Mae, and Freddie Mac in regard to
  587. fraud. More importantly one of the users claims to have over 1000 documents to
  588. prove fraudulent activity. The user did not specify which company the
  589. documents belong to. Transcript follows comment. Comment: EWT has not
  590. observed any further comments in regard to the documents nor any specifics.
  591. With the upcoming OpNewSon these documents may be released in the dissemination
  592. of the purported �leaks� that this group claims to have. EWT will continue
  593. to monitor for any further developments. Ends.
  594. //Transcript Begins//
  595. <anonymoose> they sign with the labels because they want things like press
  596. releases (which are not free btw), studio time they dont have to pay for, etc
  597. <sharpie> where bodys such as the riaa are trying to preserve their relevance
  598. <Notion> ofcrouse they owe them
  599. <Syn> ^^^
  600. <anonymoose> so they signed a contract, owe millions, arent getting paid
  601. because the money is going to the debt
  602. <Notion> the label gives them thousands in advance
  603. <anonymoose> sounds fair to me, if you dont want to owe someone money dont
  604. borrow it
  605. <Syn> yeah whatevr I still think the RIAA is no longer needed. Record companies
  606. are now irrelevant. j's
  607. <anonymoose> but borrowing it and then claiming its unfair that you have to
  608. repay it is stupid
  609. <LulzDog> Moose makes a point with that
  610. <Syn> i agree anonymoose but to be told "you've sold X millions of record's but
  611. we're not paying you" is wrong
  612. <anonymoose> then they shouldnt have signed the contract
  613. <Notion> not if they are in debt
  614. <Syn> its not always that black and white my dear.
  615. <norbert79> I agree with that with Syn...
  616. <norbert79> But in general anonymoose is right
  617. <Syn> Im not saying he isnt lol
  618. <anonymoose> no one forced them to sign
  619. <Syn> which is why im laughing so fuckin hard
  620. <LulzDog> Syn but in the end it usually boils down to that
  621. <anonymoose> just as no one forced people to sign mortgages they couldnt afford
  622. and didnt understand (or want to understand) <down_> shows the need for
  623. simplicity
  624. <LulzDog> Moose: on that note why the fuck werent the ceos of those companies
  625. ever tried for fraud
  626. <sharpie> in the case of morgates particularly people could be said to have
  627. been tricked
  628. <anonymoose> which companies specifically
  629. <LulzDog> Countrywide, fannie may, and freddie mac
  630. <sharpie> coerced by different methods
  631. <anonymoose> well fanny and freddie are basically hte government
  632. <sharpie> wilfully reckless in lending policies
  633. **NETSPLIT**
  634. <LulzDog> Moose: they are owned by bank of america
  635. * Nijaxor (penis@penis.penis) has joined #anonops
  636. <Nijaxor> lolol
  637. <Nijaxor> boom
  638. * Effexor (FU@KING.HIVEMIND) has joined #anonops
  639. * BOFH (that@bastard.with.root) has joined #anonops
  640. * Wolfy (Howling@the.Moon.Tonight) has joined #anonops
  641. * Aha2Y (Aha-79@i.had.sex.with.your-sister.nl) has joined #anonops
  642. * Showers2All (Power2All@staff.anonops.li) has joined #anonops
  643. * Poke (cojones@rootadmin.anonops.com) has joined #anonops
  644. * Isis (great@staff.anonops.li) has joined #anonops
  645. * AnonOps sets mode +a #anonops Showers2All
  646. * AnonOps sets mode +q #anonops Poke
  647. * AnonOps sets mode +a #anonops Isis
  648. * AnonOps gives channel operator status to BOFH Wolfy Aha2Y Showers2All Poke
  649. Isis
  650. * AnonOps gives voice to Effexor
  651. <LulzDog> As well is countrywide
  652. <anonymoose> but its not fraud to say "here are the terms" and then someone
  653. agrees to that without understanding it because they dont want to ask questions
  654. for fear of someone thinking they are dumb and they dont want to read the
  655. contractsw
  656. * Poke has quit (Quit: leaving)
  657. * Nijaxor (penis@penis.penis) has left #anonops (Leaving)
  658. <LulzDog> Also i have access to over 1k documents proving my point lol
  659. * Nijaxor (penis@penis.penis) has joined #anonops
  660. <Nijaxor> o/
  661. * Wolfy gives voice to Nijaxor
  662. <anonymoose> LulzDog: fanny mae, freddie mac and sally whatever are US gov
  663. * Nijaxor has quit (Quit: Leaving)
  664. <anonymoose> sally whatever does student loans
  665. <LulzDog> Moose you never covered countrywide
  666. <anonymoose>
  667. <LulzDog> Moose: they are owned by bank of America
  668. <LulzDog> Yea i knnow
  669. <anonymoose> you are right I never did and I was responding to that comment
  670. over what I did cover, fanny and freddie
  671. * Poke (cojones@AN-7pa.2vh.r88huf.IP) has joined #anonops
  672. * Tony_The_Tiger sets mode +q #anonops Poke
  673. * Tony_The_Tiger gives channel operator status to Poke
  674. * down_ (lets@get.dangero.us) has joined #anonops
  675. <down_> cojones mas grande
  676. <LulzDog> I was grouping them as a whol as far as fraud goes
  677. **Mass Users Rejoin Due to Netsplit**
  678. * Poke sets mode +D #anonops
  679. <LulzDog> Or at least conspiracy to commit fraud
  680. <Syn> BTW Since Poke didnt feel fit to tell you hes moving leafs so hold onto
  681. your cawks
  682. <Poke> shh
  683. * Poke is now known as epok
  684. * Yagami (Yagami2@AN-2v0.jf6.guvaeb.IP) has left #anonops
  685. * ZenPanda has quit (Ping timeout: 121 seconds)
  686. * Anon-Twats has quit (Ping timeout: 121 seconds)
  687. <anonymoose> well fannie and freddie do not do direct loans, they usually buy
  688. on the secondary market
  689. <anonymoose> they guarantee well over 50% of all mortgages in the US now
  690. <BOFH> lolol. http://humormood.com/wp-content/uploads/2012/05/3IA7l.jpg
  691. <anonymoose> I think its rapidly approaching 90% but I just dont know offhand
  692. how many mortgages they actually own and taxpayers guarantee
  693. <LulzDog> They shouldve died in 2008
  694. <anonymoose> if people stop paying their mortgages the government just raises
  695. taxes and/or prints more money to pay them off, its the tax payer that ends up
  696. losing
  697. LulzDog - (LulzDog@AN-8s4.a63.modebn.IP)
  698. //Transcript Ends//
  699. Respectfully,
  700. Jay Haak
  701. Cyber Threat Analyst - 24/7 Early Warning Team
  702. TEKsystems Contractor for Bank Of America
  703. Cell: (281) 840-1822
  704. Email: jay.haak@bankofamerica.com
  705. BAML-EWT email.png
  706. --------------------------------------------------------------------------------
  707. ----------------------------------------------------------
  708. Subject: EWT - TACTO - Dox on UgNazi
  709. ------------------------------------
  710. BAML-EWT logo.png
  711. Source: Pastebin.com
  712. Date / Time: 18 May 2012
  713. Summary of Information: The following is a paste cited as being the confirmed
  714. dox of UgNazi members. Paste link: Pastebin.com/ZYp7DhrT � see full paste
  715. below.
  716. //PASTE BEGINS//
  717. Hello, Today I am contacting you regarding a series of recent DDoS attacks on
  718. multiple .gov websites (including cia.gov justice.gov dc.gov wa.gov nyc.gov and
  719. many others) The hacker also target many not .gov websites (including
  720. washington.org slcpd.com goarmy.com mcdonalds.com and many others)
  721. Most of, if not all of, the recent attacks have been coming from a group called
  722. ugnazi.
  723. The members of ugnazi according to their website (ugnazi.com) are JoshTheGod,
  724. CyberZeist, Cosmo, S3rver.exe, and MrOsama.
  725. These hackers have not only been DDoSing websites, they have leaked fbi
  726. documents ( hxxp://pastebin.com/VULutT1M ), commited numerous accounts of
  727. Credit Card Fraud, Hacked numerous websites, and more.
  728. Here is all the information I have on them, 3 out of the 5 members.
  729. ===========
  730. JoshTheGod
  731. ===========
  732. Leader of UGnazi
  733. Behind ufc.com hack, leaking personal information including SSNs of many people
  734. (see cocksecurity.com), and Credit Card Fruad.
  735. Name : Blake Bronstad
  736. Dob : October 12, 1992
  737. Address:
  738. 219 elm st west apt 2e
  739. norwood, MN 55368
  740. Mother:
  741. Catherine A Bronstad (60 Years old)
  742. Dad:
  743. Michael George Baker (45 Years old)
  744. Google Voice Number:
  745. 3472911346 ( I hacked ) . Real Number on it 9522390358
  746. 952-373-9068
  747. 952-239-0358
  748. Skype:
  749. Josh.josh.joshy
  750. Isirgod
  751. Josh (Owner of it has gotten it back)
  752. Msn:
  753. Josh@fbi.tf
  754. Playertopcat@yahoo.com
  755. Josh@obbahhost.com ( Hacked )
  756. Blake_nick@live.com ( Hacked )
  757. Facebooks:
  758. https://www.facebook.com/profile.php?id=1648843204
  759. https://www.facebook.com/profile.php?id=100001354736560
  760. https://www.facebook.com/profile.php?id=100002023048908
  761. This kid plays habbo all day.
  762. Aliases:
  763. Joshthegod
  764. Raidon
  765. Josh Matthews
  766. Nick James
  767. Robert Whitetaker
  768. Milo Matthews
  769. Josh Dotnet
  770. Emails:
  771. Josh@obbahhost.com
  772. Josh@fbi.tf
  773. admin@habbo.cm
  774. Domains:
  775. hxxp://Jm.com
  776. hxxp://UGNazi.com
  777. hxxp://Cocksecurity.com
  778. hxxp://Habbo.cm
  779. hxxp://paste.re
  780. hxxp://minecraft.re
  781. hxxp://fbi.tf
  782. Fake Dox hes Claimed:
  783. Name: Joshua B Matthews
  784. Age: 22
  785. Address:
  786. 111 Mosel Ave
  787. Staten Island, NY 10304
  788. Name: Joshua w Matthews
  789. Dob:11/28/1988
  790. 6887 FULLER STATION RD
  791. SCHENECTADY, NY 12303-5301
  792. ===========
  793. Cosmo
  794. ===========
  795. Behind most of the recent DDoS attacks (see his twitter).
  796. Name: Eric Taylor
  797. Mom's name: Sheila Brown
  798. Address: 3337 E 15th St, Long Beach, California 90804 Cell Phone: 562-256-0832
  799. Aol Instant Messanger Accounts: maybeCosmo, Cosmo@comcast.net
  800. Twitter: hxxp://twitter.com/#!/ThaCosmo
  801. Pastebin: hxxp://pastebin.com/u/maybecosmo
  802. Youtube: hxxp://www.youtube.com/user/TeamDiversityTD
  803. Website: hxxp://team-diversity.net/
  804. ===========
  805. MrOsama
  806. ===========
  807. Also behind the recent DDoS attacks (see his twitter), and Credit Card Fraud.
  808. Known as The Godfather, Godfather, Vouch, and MrOsama.
  809. Ip Address:
  810. 72.209.213.15
  811. ip72-209-213-15.dc.dc.cox.net
  812. Aol instant messanger account: Vouch
  813. YIM: ComeAfterUs@yahoo.com
  814. Icq: 421542
  815. Msn: K@Live.com
  816. Twitter: hxxp://twitter.com/#!/UG
  817. Pastebin: hxxp://pastebin.com/u/mobster
  818. hxxps://carderprofit.cc/ account: mobster
  819. //Paste Ends//
  820. Respectfully,
  821. Jay Haak
  822. Threat Analyst - 24/7 Early Warning Team
  823. TEKsystems Contractor for Bank Of America
  824. Cell: (281) 840-1822
  825. Email: jay.haak@bankofamerica.com
  826. BAML-EWT email.png
  827. --------------------------------------------------------------------------------
  828. ---------------------------------------
  829. Subject: FLASH UPDATE - 5: STRATFOR (vendor) hacked, client list released,
  830. credit cards exposed
  831. --------------------------------------------------------------------------------
  832. ---------------
  833. cid:image001.png@01CCCC50.E8FAC3E0
  834. ConfidentialDataGISTMPandora17hola38
  835. This advisory is informational only. Threat Management has been made
  836. aware of Threat Activity taking place external to the Enterprise. This
  837. report is intended to provide early warning information should this
  838. threat begin to impact Enterprise-wide operations.
  839. Distribution should be limited to �need-to-know� parties.
  840. INITIAL FLASH SUMMARY
  841. Early Warning Team reported the Initial attack on STRATFOR 24 DEC 2011
  842. when Anonymous / #AntiSec, as part of an operation they call LulzXmas,
  843. took down the website www.stratfor.com and claimed they hacked into
  844. databases.
  845. STRATFOR is a private independent global intelligence company that
  846. provides in-depth analysis of world events founded in 1996 in Austin
  847. Texas. #AntiSec is primarily focused on attacking, exposing and
  848. embarrassing security vendors (white hats).
  849. Initially several tweets were sent out by various members of the
  850. hacktivist group Anonymous with a link to Pastebin with a list of 4000
  851. clients of STRATFOR, which lists Bank Of America, eight of our critical
  852. vendors and several other financial institutions and governments from
  853. around the world. While there was no other information on the list other
  854. than the names of clients it was still a compromise of STRATFOR�s
  855. confidentiality and exposes the bank and its critical vendors to more
  856. possible attacks if any more information was compromised.
  857. SOACC has a subscription to STRATFOR - they provide their analysis (both
  858. daily and ad hoc updates) to the team. SOACC�s Sean Doherty�s sense is
  859. that STRATFOR would only have access to contact information/billing
  860. data; he doesn�t believe BAC has gone to STRATFOR with specific requests
  861. or taskings that would involve sharing any other data. We understand
  862. that other teams in/outside Corporate Security (GBCR etc.) might also
  863. use STRATFOR.
  864. Late on 25 DEC 2011, Anonymous / #Antisec released details on
  865. approximately 13,000 credit cards related to the STRATFOR breach. The
  866. data was passed to GIS Fraud. Only eight cards were from BAC, and of
  867. those, only one was still valid.
  868. Comment. Antisec has started to release credit card information
  869. allegedly obtained through the Stratfor breach. Over the last 24 hours,
  870. Antisec hackers have released over 13,000 credit card numbers, including
  871. CCVs and user information. Eight Bank of America cards were identified
  872. but only one was still valid. Antisec claims to have enough information
  873. to extend LulzXmas until the New Year. While this situation is certainly
  874. embarrassing for Stratfor, it seems the bulk of the data being released
  875. is dated. The card information has been passed to the fraud department
  876. for action. The 24/7 Early Warning Team is monitoring and will alert if
  877. there are any developments. Threat Management is monitoring for any
  878. other details or further release of data from the STRATFOR breach. Ends.
  879. STRATFOR (a/k/a Strategic Forecasting Inc.) is identified in ARIBA and
  880. the Global Sourcing PSR as a Tier 4 supplier with START scores of
  881. IS/Low, BC/Low. The last published START in ARBIA indicates that the
  882. supplier does not have access to customer information.
  883. Update: BAC associates whose email addresses were among the 944
  884. compromised subscribers are starting to receive Phishing/harassment
  885. emails. The emails appear to be from the CEO of STRATFOR and ask the
  886. target to fill out an internet form. Thus far there have been three
  887. spear phishing emails that include suspicious links to a youtube video
  888. (which turns out to be a simple Rick Roll), a press release, and a �Rate
  889. STRATFOR�s incident response� entry. The �Rate STRATFOR�s incident
  890. response� form has been delivered as both a link and the form within the
  891. email itself depending on the attempt. In both cases the form does not
  892. attempt to �fool� the victim into thinking they are really dealing with
  893. STRATFOR. The links lead to nothing more than sophomoric harassing
  894. commentary. The emails have been sent to ABUSE and CCM.
  895. No malware or malicious code was found on any of the links.
  896. Comment: These is simple harassment and this is the first reported use
  897. of the information from the STRATFOR breach against individual victims.
  898. We should expect more of this, and most likely more sophisticated
  899. tactics and procedures from other cyber actors in the future. This may
  900. be an effort to track the numbers of individuals that follow the links.
  901. Ends.
  902. After further analysis, the STRATFOR compromised data dump was compared
  903. to the complete list of BAC domains. The total number of compromised
  904. credit card accounts and subscriber accounts has increased evidently.
  905. There are 93 compromised credit cards that are not expired and 944
  906. compromised subscriber accounts that belong to active BAC employees.
  907. Anonymous as promised have posted links to 6 file sharing sites that
  908. contain sensitive data from the STRATFOR breach on Pastebin. The file
  909. contains 75,000 names, addresses, CCs and MD5 hashed passwords of
  910. STRATFOR customers.
  911. Comment: Link directs to a new pastebin which touches on the Stratfor
  912. hack once again, and then at the bottom lists another data dump. All
  913. the links appear to be the same file just different venues. In the file
  914. there are 17 BAC Personnel listed with names, addresses, and credit card
  915. information. Ends
  916. Corporate Security is working with Global Fraud Protection to block and
  917. reissue cards identified as compromised to mitigate the risk. The
  918. Investigative Services Intel and Analytics team has pulled the full data
  919. set from the Wiki location and done further analysis which will be used
  920. to determine the total impact to BOA customers. The Intel and Analytics
  921. team will work with Card Investigations and external partners to
  922. determine the full impact and risk.
  923. GCCIBT Risk Management checked within GBCR and it appears that most BAC
  924. subscribers utilize an invoice payment process for set of seat licenses
  925. as opposed to paying individually on Corp Cards for access. This should
  926. help limit exposure of any captured Visa card info.
  927. Anonymous is now claiming to have STRATFOR�s entire email spool,
  928. releasing a single email thread as proof. Enterprise Communications is
  929. reviewing the nature of email communications between STRATFOR and BAC to
  930. evaluate any risk.
  931. More information to follow.
  932. Next Steps - Control Center Monitoring and Incident Management have been
  933. notified and are reviewing the issue for potential mitigation
  934. requirements. GIS Engagement is also aware and working with appropriate
  935. Line of Business personnel. A more detailed update to this bulletin
  936. will be distributed as events warrant. Should this issue be declared an
  937. actual BAC-Impacting event, then GIS Incident Management will provide
  938. detailed updates through to closure.

comments powered by Disqus