Pin It

Anonymous Hacks Bank Of America



Anonymous has gained a lot of stardom (good and bad) by crashing websites and hacking government servers. Anonymous usually come in handy when a particular person/s come together to raise a voice against certain injustices. If you take an example, Julian Assange from WikiLeaks would be the best one.

Anonymous has risen up against the system many a times. From defending the people of Gaza to the victims of brutality, Anonymous has never turned a blind eye to transgression and oppression no matter where it is occurring and by whom. But this time, Anonymous is back to settle a personal vendetta against their rival, the Bank of America.

They began posting "teasers" claiming that there has been a breach in the network of the Bank of America. The teasers began on the 25th of February on Anonymous' twitter account, @AnonymousIRC with the first tweet being "if you spy on us, we spy on you". Very James Bond, don't you think? Then there came a 14 gigabyte hurricane which brought with it private emails, spreadsheets and OneCalais (a text analysis and data mining program).

Leaked emails were sent by employees of TEKsystems which seems to be a staffing company for Cyber Threat Intelligence Analysts. TEKsystems, we assume, was hired by Bank of America. These analysts all had @bankofamerica.com email addresses while filing their reports. These reports consisted of details of online movements of activists such as Anonymous and Occupy Wall Street. And that is what spurred curiosity in our beloved hacktivists. Unlike cats, Anonymous can actually do something about their untamed curiosity!


One of the emails talks about IRC chat users discussing a list of companies that have given their support to the "Stop Online Piracy" Act available on the US House of Representatives website.


Email 1: One of the users states on IRC;

<badgerfem> Do these organizations know what they have started?
<badgerfem> Follow the money

This has been mentioned in the email from the security analyst to Bank of America, who also writes that: 

Included among those named are two of our critical suppliers: MasterCard Worldwide and Visa, Inc. This has been the only mention of this document at this time, and it has not hit twitter as of yet.  EWT will continue to monitor for any further developments. Ends.

Email 2: Security Analyst allegedly identifies the real owner of an Anonymous Twitter account @Anonymousown3r. The Analyst discusses his IP address, this identity and claims that the IP address is based in Brazil.

Email 3: Security Analyst discusses Twitter accounts @DestructiveSec and @TeaMp0is0n and their personal conflict. The Analyst further states;

TeaMp0is0N is claiming victory over the feud between the two groups and has provided a d0x of DestrutivSec in the form of a passport photo (see below) with comments:  Yes!  Submit them!  Also, report to the feds.  Get em arrested as well #RunRabbitRun.

These emails consist of everything from legitimate threats to Bank of America such as DDoS attacks and databases of stolen credit card numbers to live protests which were to be taken place at the actual site of Bank of America.

The responsibility for the attack was claimed by "Par:AnoIA"who say that they did not hack any information at all and the information was on an unprotected server accessible to anyone who knew where to look. Par:AnoIA say that the information had been provided to them by their sources and they had spread it intentionally.

According to Par:AnoIA;

It’s amazing to learn that there are paid analysts actually reading public chat rooms. We were quite aware of the fact that Anonymous are likely monitored, but we were thinking more along the lines of automatic logging. The data not only shows that there were actual people monitoring the channels (and Twitter) 24/7, but they send shift reports to Bank of America with their findings.

When asked about the list of keywords included in the data release Par:AnoIA said;

The keyword list is just ridiculous. It has become a running joke to use the keywords in every sentence now, rendering it useless.
OneCalais, the text-analyzing software, belong to a company that goes by the name of ClearForest in Israel. Par:AnoIA has stated in their press release that they have extracted 4.8 gigabytes of information from the server which also includes detailed career and salary information of executives and employees from various corporations.
As far as Bank of America is concerned, they have not admitted that the data released by Anonymous belongs to them nor that they have any connections with TEKsystems. They do, however, state that their own internal systems were not compromised.
Cheers!
About the Author:
This article has been written by Dr. Sindhia Javed Junejo. She is one of the core members of RHA team.

Subscribe to our Newsletter and receive updates directly via email - Get Ethical hacking and security tips directly to your inbox. Alternatively you can Join our Hackers Community on Facebook , Google+ and Twitter .

At RHA Infosec we provide different types of Security Testing from small business sites to Corporate Sites. Click Here to know more about our complete list of services.

Subscribe to RHA


Enjoyed this article?
Subscribe to "Rafay Hacking Articles" and get daily updates in your inbox for free!




Kindly Bookmark it and Share it with Friends:

1 comments :

Mehul Mohan on March 3, 2013 at 7:12 PM said...

Nice.. Anonymous simply rocks! I am a big fan of the team! :D

Dare to ask? :)

Blog Archive

 

Recent Comments

About

Rafay Baloch is an Independent security researcher, Internet marketer, Entrepreneur and a SEO consultant, He is the founder of RHA blog and multiple other blogs. Rafay got famous after finding a Remote Code Execution bug inside PayPal for which PayPal awarded him a sum of 10,000$ Read More..

Join In!

RHA © 2013. All Rights Reserved.