The world’s most notorious hacktivist collective, Anonymous, published a data dump targeting 4,000 Wall Street professionals.
Initially posted on Pastebin and the Alabama Criminal Justice Information Center (ACJIC), the information was posted by Anonymous and subsequently taken down by the site’s operators on Sunday. Although the ACJIC handled the situation, it was not completely remedied, as the list is still available through other online outlets. After Alabama government removed the information, Anonymous reposted the file, titled “oops-we-did-it-again.html” on a website of the Chinese government.
Contact information of people from cashiers to executives was published, along with logins, hashed passwords and their salts, which are intended to make them more difficult to crack in the first place.
“Now we have your attention America: Anonymous’s Superbowl Commercial 4k banker d0x via the FED,” read a tweet Sunday from Operation Last Resort (@OpLastResort). “Yes we posted over 4000 U.S. bank executive credentials,” the account followed up.
Apparently, the data is all authentic, as curious individuals have tested some of the numbers. “OK, I called a few of them,” a Reddit user said. “What must be so problematic for the Federal Reserve is not the information so much as this file was stolen from their computers at all. The ramifications of that kind of loss of control is severe.”
Anonymous launched Operation Last Resort following January’s tragic suicide of famed developer and Internet free speech activist Aaron Swartz. The operation seeks “reform of computer crime laws, and the overzealous prosecutors.” Swartz’ suicide has caused a backlash from several individuals and organizations who criticize the Department of Justice and prosecutors’ intimidation and bullying.
The dox was supposed to rally attention for a letter sent to Attorney General Eric Holder, signed by Darrell Issa (R-Calif.) and Elijah Cummings (D-Md.) of the House Oversight and Government Reform Committee. The letter addressed issues raised in the Swartz case, including questioning the Computer Fraud and Abuse Act (CFAA) and their use of superseding indictments.
A Federal Reserve spokesperson confirmed the breach to Huffington Post, but called the claim “overstated” and that the issue was “fixed after discovery and is no longer an issue.”
In regard to security systems, the Fed’s spokesperson only had to say that measures against attacks were “absolutely” in place.
Information Security in any sector–government, healthcare, media, etc.–should be a top priority. Fill your enterprise’s senior-level security requirements through Tiro Security and ask to find out more about our Executive Search options.