Bank of America says data breach occured at other company

[Erica Absetz <eabsetz () opensecurityfoundation org>]

http://www.networkworld.com/news/2013/022813-bank-of-america-says-data-267200.html

IDG News Service - Bank of America blamed a data breach on another
company that revealed internal emails related to monitoring of
hacktivist groups including Anonymous.

[ALSO: 15 of the worst data breaches]

A group affiliated with Anonymous, which calls itself the "Anonymous
Intelligence Agency: Par:AnoIA" released what it claims is 14GB of
data belonging to the bank and other organizations, including Thomson
Reuters, Bloomberg and TEKsystems.

Email correspondence in the data suggests that TEKsystems was a
contractor working for Bank of America and charged with monitoring
public activity by hacker networks targeting the bank.

In a statement, Bank of America did not confirm it was working with
TEKsystems, an IT consultancy that is part of the Allegis Group. But
it said the source of the data came from a third party. Bank of
America said its own systems were not compromised.

"In this instance, a third-party company was compromised," Bank of
America said Wednesday. "This company was working on a pilot program
for monitoring publicly available information to identify information
security threats."

Officials with TEKsystems and Allegis group could not be immediately reached.

In a news release, Par:AnoIA said the data came from an unsecured
server in Tel Aviv. "The source of this release has confirmed that the
data was not acquired by a hack but because it was stored on a
misconfigured server and basically open for grabs," the group said.

Large corporations have become increasingly interested in monitoring
social networks and hacker forums for indications that they may come
under attack. Companies that specialize in that kind of monitoring
have also been targeted by groups such as Anonymous.

HB Gary Federal, a California security consultancy, was compromised by
Anonymous in 2011 after the company had researched the real identities
of some Anonymous members. That breach disclosed emails describing a
proposal to help Bank of America's law firm, Hunton and Williams,
discredit the whistle-blowing site WikiLeaks.

For its part, the banking industry has drawn the ire of Anonymous
since it cut off payment processing of donations to WikiLeaks.

Par:AnoIA's data dump includes a batch of more than 500 emails with
brief reports on the Occupy Wall Street movement and hacking groups
such as TeaMp0isoN and UGNazi. It also contained briefings on public
releases of credit-card numbers. The sources for the information were
public sources, including Twitter, Pastebin and The Pirate Bay,
according to the emails.

The data also included a special file listing of four intelligence
analysts who authored some of the emails, including three who work for
TEKsystems and one who formerly worked for Bank of America.

All four have deleted their LinkedIn profiles, but the profiles still
appear in Google's cache. One analyst's profile was live as recently
as three days ago.

Par:AnoIA said its release also includes the application OneCalais,
which collects unstructured information from news stories, blogs and
research reports. The software is made by ClearForest, an Israeli
company owned by Thomson Reuters. Officials with Thomson Reuters and
ClearForest could not be immediately reached.

The compromised data also contained salary information on executives,
although much of it appears to be publicly available.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.