Tuesday, February 5, 2013

Anonymous posts over 4000 U.S. bank executive credentials

Summary: Anonymous appears to have published login and private information from over 4000 American bank executive credentials its Operation Last Resort, demanding US computer crime law reform.

By Violet Blue for Zero Day | February 4, 2013 -- 07:28 GMT (23:28 PST)

Following attacks on U.S. government websites last weekend, Anonymous seems to have made a new "Operation Last Resort" .gov website strike Sunday night.

Anonymous appears to have published login and private information from over 4,000 American bank executive accounts in the name of its new Operation Last Resort campaign, demanding U.S. computer crime law reform.

A spreadsheet has been published on a .gov website allegedly containing login information and credentials, IP addresses, and contact information of American bank executives.

If true, it could be that Anonymous has released banker information that could be connected to Federal Reserve computers, including contact information and cell phone numbers for U.S. bank Presidents, Vice Presidents, COO's Branch Managers, VP's and more.

The website used in this attack belongs to the Alabama Criminal Justice Information Center (ACJIC). The page extension URL is titled, "oops-we-did-it-again."















The spreadsheet document contains usernames, names of individuals and their titles at banks across the U.S., hashed passwords (not passwords in plain text). It was placed on a .gov website and on Pastebin, and publicized via various Anonymous accounts on Twitter and Facebook.

A Reddit member called the numbers and commented,

OK, I called a few of them. What must be so problematic for the Federal Reserve is not the information so much as this file was stolen from their computers at all.
The ramifications of that kind of loss of control is severe.

Banks listed on the document claim credentials from management at community banks, community credit unions, and more, across the United States.


A visit to the bank websites on the document shows that these are current employees at each of the banks.

Anonymous stated in its first Operation Last Resort defacement last friday (ussc.gov) it had infiltrated multiple federal websites over a period of time. The hacktivist entity dropped enough technical details to make it clear that its tracks were covered and that Anonymous still had access to .gov websites.

Significance of Monday, February 4?

While today in the United States it is the day of a major American sporting event (the Superbowl), this Sunday night's timing of Anon's document release coincides with another event more important to the new Anonymous campaign Operation Last Resort - a campaign anchored on the Swartz tragedy.

After the Anonymous OpLastResort hacks last weekend, last Monday a House panel issued a letter to Attorney General Eric Holder (.pdf link) with seven specific questions, and demanding answers regarding the Swartz prosecution.

Tomorrow, Monday February 4, is the deadline for Attorney General Eric Holder to answer specific questions regarding the Aaron Swartz prosecution.

Anonymous may be focusing on that deadline, as well.

Previously on the defaced ussc.gov website Anonymous cited the recent suicide of hacktivist Aaron Swartz as a "line that has been crossed."

The statement suggested retaliation for Swartz's tragic suicide, which many - including the family - believe was a result of overzealous prosecution by the Department of Justice and what the family deemed a "bullying" use of outdated computer crime laws.

With the letter to Holder, the House Oversight and Government Reform Committee requests a briefing with the Justice Department. CNET writes,

"Many questions have been raised about the appropriate level of punishment sought by prosecutors for Mr. Swartz's alleged offenses, and how the Computer Fraud and Abuse Act, cited in 11 of 13 counts against Mr. Swartz, should apply under similar circumstances," [Reps. Issa and Cummings] say in the letter, which requests a briefing no later than February 4.


The letter is another voice from the Federal side of the discussion, joining a chorus led by Democratic congresswoman Rep. Zoe Lofgren who has authored a bill called "Aaron's Law" that aims to change the 1984 Computer Fraud and Abuse Act (with which Swartz was being prosecuted).

Last friday February 1, Lofgren submitted a draft of the bill to be reviewed on Reddit. Ars Technica reported that after its online critique, a revised version of the bill was published today, with more far-reaching reforms.

Last weekend Anonymous commandeered the US Sentencing website to launch Operation Last Resort "warheads" (encrypted files suggested by Anonymous to be sensitive US government documents).

The defacement demanded reform on US computer crime laws, citing the January 11 tragic suicide of young hacker and digital rights activist Aaron Swartz.

Anonymous spent last weekend playing cat-and-mouse with the Department of Justice after taking over the ussc.gov website (still decimated and now "under construction" over a week later).

After the US government regained control of the .gov website used in the hacks and defacements, Anonymous regained control of two .gov sites and turned the sites into a mocking video game of Asteroids.

Public interest in Sunday's Asteroids game created a crowdsourced DDoS, downing the websites for days.

It is possible that banks and user information on tonight's new "oops we did it again" document may be connected to accounts at The Fed (The Federal Reserve Bank).

The Fed has a collection of services called Fedline, which operates at highly critical junctures across the U.S. banking system.

For instance, one of the services offered by Fedline is money and funding transfers via the U.S. Federal Reserve.

It enables financial institutions to transfer funds between member participants. These participants are estimated to be around more than 9,000 financial entities (such as banks).

Fedline is the primary U.S. network for high value, time-critical and international payments.

In 2007 the estimated average daily value of funds transferred via Fedline products was 2.7 trillion (an estimated 537,000 payments daily, the average was over $5 million per transaction).

At this point, the information on the document is unverified and exactly what banking systems the information may affect is not known. ZDNet will update this article with new information as it becomes known.

The Operation Last Resort video, posted Friday on the U.S. Sentencing Commission website now has 1,183,000 views. 

It is interesting to note that this second "official" #OpLastResort salvo does not cite AntiSec, as seen in the Asteroids game.

Anonymous appears intent to influence federal action - one way or another.

No comments:

Post a Comment