Bank of America hacked by Anonymous!

=========================================================

=========================================================

__________ __ __

\_ _____ \_ _ ___/ | __/ | _____________ ____ ______

| | _/ | \ __ \ __ \_ __ \_ _ \ _/ __ \\ ____ \

| | \ | / | | | | | | \/ / __ \\ ___/ | | _> >

| ______ /____/ | __ | | __ | | __ | ( ____ / \_ __ > __/

\/ \/ \/ | __ |

=========================================================

==== HAS MUMMY EVER SAID DONT PLAY WITH ANONYMOUS??? ====

=========================================================

Bank of America went totally nuts and fucking mad cow

and censored all the previous releases, as we love so

much fingering prolapses after buttraeping. here we go

again.

so....

MEGA TEASEEEEEEEEEEEEEEEEERRRR

ALSO COCKS

\: D/

Summary of Information: By the way, if you asked Santa for a present

this #LulzXmas BE PATIENT. Santa has another week people. Questions?

Twitter @ DesructiveSec - Anontastic - Comment: This new information

suggests that we may not be seeing any �Big� releases from #LulzXmas

just yet, however it is advised that we not let our guards down as this

could be what they are hoping for . Ends.

Respectfully,

Jay Haak

Threat Analyst - 24 /7 Early Warning Team

TEKsystems Contractor for Bank Of America

Cell: ( 281 ) 840 -1822

Email: jay.haak@bankofamerica.com

BAML-EWT email.png

Subject: EWT - TACTO - Tracking Occupiers

-----------------------------------------

BAML-EWT logo.png

Source: RawStory.com / Twitter

Date / Time: Tweeted � 28 APR 12 @ 21 :07EST / Story Posted � 28 APR 12 @

19 :19EDT

Summary of Information: The following tweet was observed: �Banks

cooperating with police to track #Occupy protestors: goo.gl/tpvko #OWS #MAY1st

#MAYDAY @M1GS� � AnonInfoWarfare. The link is to a story that was written

by Andrew Jones of RawStory claiming that American banks and those overseas are

working with law enforcement officials in order to detect and deter the Occupy

Protestors attacks. Currently there are 20 comments from readers, 193

Recommendations to Facebook Users, and 27 Tweets About this Story have been

observed.

http://www.rawstory.com/rs/2012/04/28/banks-cooperating-with-police-to-track-occ

upy-protesters/

Comment: Some comments that have been observed have been individuals claiming

their not surprised while others are outraged. By this story being spread

through the normal social media venues and #MAYDAY quickly approaching we could

see some changes in the way Occupy decides to get the word out to their fellow

protestors. EWT will continue to monitor for any developments regarding this

story, or any suggestions of alternate means of communication regarding protest

activities. Ends.

Respectfully,

Jay Haak

Threat Analyst - 24 /7 Early Warning Team

TEKsystems Contractor for Bank Of America

Cell: ( 281 ) 840 -1822

Email: jay.haak@bankofamerica.com

BAML-EWT email.png

Source: IRC/Pastebin

Date / Time: 28 APR 12 /Paste � 27 APR 12

Summary of Information: A user going by the nick Laurelai entered the Channel

#voxanon in the VoxAnon IRC stating that Barrett Brown isn�t a snitch.

�hxxps://pastebin.com/LtadDiFC oh look barrett brown isn�t a snitch

either�. The pastebin is a series of several text messages between what is

believed to be an informant and a law enforcement official. Full paste

contents are attached to this message in a Word Document for further analysis.

Comment: These messages could be from Sabu who was ousted as an informant not

long ago, however there is nothing to substantiate this and is merely an

assumption. Ends.

Respectfully,

Jay Haak

Threat Analyst - 24 /7 Early Warning Team

TEKsystems Contractor for Bank Of America

Cell: ( 281 ) 840 -1822

Email: jay.haak@bankofamerica.com

BAML-EWT email.png

================================================================================

====================================================

================================================================================

====================================================

Subject: EWT - TACTO

--------------------

BAML-EWT logo.png

Source: IRC/Pastebin

Date / Time: 28 APR 12 /Paste � 27 APR 12

Summary of Information: A user going by the nick Laurelai entered the Channel

#voxanon in the VoxAnon IRC stating that Barrett Brown isn�t a snitch.

�hxxps://pastebin.com/LtadDiFC oh look barrett brown isn�t a snitch

either�. The pastebin is a series of several text messages between what is

believed to be an informant and a law enforcement official. Full paste

contents are attached to this message in a Word Document for further analysis.

Comment: These messages could be from Sabu who was ousted as an informant not

long ago, however there is nothing to substantiate this and is merely an

assumption. Ends.

Respectfully,

Jay Haak

Threat Analyst - 24 /7 Early Warning Team

TEKsystems Contractor for Bank Of America

Cell: ( 281 ) 840 -1822

Email: jay.haak@bankofamerica.com

BAML-EWT email.png

--------------------------------------------------------------------------------

------------------------------------------------------------------------

Subject: FLASH INITIAL - Anonymous targeting www.goldmansachs.com in DDOS

channel

--------------------------------------------------------------------------------

-

cid:image001.png@01CCAEB9.C9EDA800

ConfidentialDataGISTMPandora17hola38

This advisory is informational only. Threat Management has been made

aware of Threat Activity taking place external to the Enterprise. This

report is intended to provide early warning information should this

threat begin to impact Enterprise-wide operations.

Distribution should be limited to �need-to-know� parties.

INITIAL FLASH SUMMARY

On the AnonOps IRC server, in the #DDOS channel, at approximately 4:05

PM ET, members of Anonymous began to discuss and then to target

www.goldmansachs.com. It appears as if there is already a booster

created for this attack, and the attack is currently underway. Other

anons are talking up the attack in others channels, such as #antisec and

#lulxsecreborn. #DDOS channel has 179 people in the channel.

Threat Management reached out to our contact at Goldman Sachs, and have

made CTPS management aware.

Source: IRC � AnonOps #DDOS

Date/Time: 31 Mar 12 @ 16 :05EST � Present

Summary of Information: The following is the transcript of the

development of the current attack on Goldman Sachs ( DO NOT CLICK

LINKS! ) :

CONTENT BEGINS

* Kenny_Powers has changed the topic to: #DDOS :: TARGET:

www.goldmansachs.com :: BOOSTER: http://pastebin.com/YSfGyAqr :: [

#OpDownWithACTA - #OpBlackout - #setup - #tutorials - #anonops -

#OpGreece - #OpSyria - #Defacement - #Aph - #OpNewBlood - #OpPirateBay -

#OpActaFR - #OperationGreenRights - #OpIran - #Polska - #vHost ] <root>

right

Comment. Very small numbers in the channel, tools mention are LOIC and

Slowloris. Ends.

Next Steps � Monitoring for further traction by more anons, and any

reported impact on the target. This FLASH will be updated as more

information becomes available.

--------------------------------------------------------------------------------

-----------------------------------------------------------

Subject: EWT - TACTO - JoshTheGod 's IPs

---------------------------------------

BAML-EWT logo.png

Source: Twitter/josh-the-god.com

Date / Time: 24 May 12

Summary of Information: �@JoshTheGod � We�ll just keep uploading your

d0x everywhere, I�m sure your tiny botnet can�t handle 20+ sites. Cheers

hxxp://t.co/SsXK4EpL� Sent by @UGDocs at 13:02EST. The link directs you to

hxxp://www.josh-the-god.com which has several pieces of information that claim

to identify JoshTheGod. Most recently posted (7 hours ago) was the suspected

IP addresses for JoshTheGod. Comment: EWT is unable to determine the

legitimacy of this information, but will continue to monitor the site for any

further releases of information. Ends.

//Paste Begins//

JoshTheGod�s aka Josh Mendez�s IPs - �d0x�

Save these and post them everywhere! He�s gotten the pastebin�s removed,

and is currently DDOSing my Soup.IO account� Maybe because it�s the CORRECT

INFORMATION?

Next time newbie will remember to remove �direct-connect� - Have fun, I

mean �block� these IPS:

Josh�s IPs: Note the Windows box at OVH as well:

cpanel.hfu.cc

IP: 94.23.161.175

ftp.hfu.cc

IP: 94.23.161.175

localhost.hfu.cc

IP: 127.0.0.1

mail.hfu.cc

IP: 94.23.161.175

ns1.hfu.cc

IP: 94.23.161.175

ns2.hfu.cc

IP: 176.31.237.84

ns3.hfu.cc

IP: 96.9.186.213

server.hfu.cc

IP: 176.31.237.84

webmail.hfu.cc

IP: 94.23.161.175

windows.hfu.cc

IP: 176.31.229.158

www.hfu.cc

IP: 94.23.161.175

Plus for LULZ, his home IP, a little birdie told me a LOIC would take it down

alone.

Joshua Isabella Mendez a.k.a. �UGNazi� aka JoshTheGod.

D0X / Addy:

73 Bodine Street, Staten Island, NY 10310

MySpace:

hxxp://www.myspace.com/dancingsantajosh

Photos:

hxxp://www.myspace.com/dancingsantajosh/photos/

Twitter(s):

hxxp://twitter.com/JoshTheGod - hxxp://twitter.com/UG Home IP:

(pool-435091bb.dyn.optonline.net) :: 67.80.145.187 �All information was

verified from their IP addresses that logged into irc.anonops.pro gladly

provided to us by an informant who is an Oper in the IRC�

//Paste Ends//

Respectfully,

Jay Haak

Cyber Threat Analyst - 24/7 Early Warning Team

TEKsystems Contractor for Bank Of America

Cell: (281) 840-1822

Email: jay.haak@bankofamerica.com

BAML-EWT email.png

--------------------------------------------------------------------------------

---------------------------------------------------------

Subject: EWT - TACTO - @th3j35t3r Info UPDATE

---------------------------------------------

BAML-EWT logo.png

Source: Twitter

Date / Time: 12-13 May 2012

Summary of Information: While monitoring a tweetdeck feed for

�th3j35t3r� a user by the twitter handle @cubespherical began to call

out th3j35t3r to speak with him (@cubespherical) through DM. Apparently

th3j35t3r has not replied to the DM, and therefore @cubespherical has

begun to provide Intel on th3j35t3r until th3j35t3r replies to the DM.

Below is a transcript of the twitter information that has been suggested

to be related to th3j35t3r.

Smedley Manning ? @cubespherical - @th3j35t3r Still cruising in that

Chevy Silverado? Gonna keep dropping info until you come back to me on

DM. Let' s not do this in the open?

1h Smedley Manning ? @cubespherical - @th3j35t3r 10 words for you.

Dallas Cowboys. Scruffy Murphys GA, Shiner, Ft Benning, 2003 . You. -

Want to talk to me yet? Why so quiet?

1h Smedley Manning ? @cubespherical - @th3j35t3r ...Happy Birthday for

next week ...RD. Don 't go quiet on me, come back to DM. You don' t want

to talk about this in public do you?

17h Smedley Manning ? @cubespherical - @AnonymousDown True. only with

the oysters and Tabasco. I know the oyster. Capiche me? He knows it too.

DM.

17h Smedley Manning ? @cubespherical - Still waiting @th3j35t3r - I can

go nuclear with it. You can still deal for now. DM is best for us both.

Don 't make mistake to ignore DM.

from Alabama, US

12 May Smedley Manning ? @cubespherical - @th3j35t3r sent you a DM. You

should check it at your earliest convenience. In your interests.

from Alabama, US

Comment: Everyone claims to have dox on th3j35t3r this information may

not be credible, however it may be interesting to see how much more info

is leaked by @cubspherical. In the event that the doxing tweets cease

we may be able to ascertain that this info is legitimate and that

th3j35t3r finally replied to the DM to avoid any further information

being released. Ends.

UPDATE The following image was posted in #anonops by username Astro

stating �this is AWESOME

http://i218.photobucket.com/albums/cc213/truelai3/BdK3T.jpg� COMMENT The

image magnified shows a chain of Direct Messages stating that

@cubespherical knew who @th3j35ter was and that he was going to be

�outing� him after building money for wikileaks.

Jeremiah Piper, 24x7 Monitoring

TEKsystems - Onsite at Bank of America

Office: (214)209-7160

Email: jeremiah.piper@bankofamerica.com

http://www.TEKsystems.com

cid:image002.png@01CCC06F.771CF0F0

--------------------------------------------------------------------------------

---------------------------------------------------

Subject: EWT TACTO - Assange Asylum

-----------------------------------

Early Warning Team

<http://sharepoint.bankofamerica.com/sites/cis/vulnerability/Controlsand

ProcessEngineering/ThreatManagement/EWT>

Assange Asylum has been added

Modify my alert settings

<http://sharepoint.bankofamerica.com/sites/cis/vulnerability/Controlsand

ProcessEngineering/ThreatManagement/EWT/_layouts/MySubs.aspx> |

View Assange Asylum

<http://sharepoint.bankofamerica.com/sites/cis/vulnerability/Controlsand

ProcessEngineering/ThreatManagement/EWT//Lists/TACTO/DispForm.aspx?ID=99

> | View TACTO

<http://sharepoint.bankofamerica.com/sites/cis/vulnerability/Controlsand

ProcessEngineering/ThreatManagement/EWT/Lists/TACTO>

Title: Assange Asylum

Date Time Group: 8/15/2012 11:15

SOURCE: Open Source Internet; Twitter

Attachment: No Attachment

Websites \ URL: www.ustream.tv/channel.occupynewsnetwork

http://www.nytimes.com/2012/08/16/world/americas/ecuador-says-britain-th

reatened-to-enter-embassy-to-get-assange.html

http://www.guardian.co.uk/media/2012/aug/16/julian-assange-ecuador-embas

sy-asylum?newsfeed=true

http://www.huffingtonpost.com/2012/08/15/julian-assange-ecuador-raid-uk-

asylum_n_1784797.html?utm_hp_ref=media

Tacto Updates:

Summary of Intelligence: Throughout the evening reports via

twitter, OSINT, and livestream video feeds have claimed that the UK has

issued a notification to Ecuador' s Embassy. The notification was

perceived as a threat by Officials from Ecuador, "Today we have received

from the United Kingdom an explicit threat in writing that they could

assault our embassy in London if Ecuador does not hand over Julian

Assange,� Mr. Pati�o said at a news conference in Quito, adding

defiantly, �We are not a British colony.� This information has been all

over social media throughout the evening. It has gained alot of

attention from WikiLeaks supporters as well as Occupy members. When the

reports initially came out that Julian Assange would be taken from the

Embassy users were streaming via bambuser.com. Shortly after feeds

began the site bambuser.com was takend down by a DDoS attack in which

@AntiLeaks took credit. The J35t3r als

Comment: EWT will continue to monitor this activity due to the

negative ties between WikiLeaks and Bank of America. Due to the

financial blockade BAC may be considered a target if Julian Assange is

handed over to authorities, and the supporters decide to attack those

they feel responsible.

Intelligence Type: Informational

Actions Taken:

Credit Card Numbers Discoverd: No

Credit Card Data Obtained:

Modified: 8/15/2012 22:13

Created: 8/15/2012 22:13

Last Modified 8/15/2012 22:13 by Haak, Jay

--------------------------------------------------------------------------------

-------------------------------------------

Subject: TACTO - Sopa Support

-----------------------------

Team,

Source: IRC - @Indymedia / #occupywallstreet

Date/Time: 21 December 2011 @ 1840EST

Summary of Information:

<jihad>

http://judiciary.house.gov/issues/Rouge%20Websites/SOPA%20Supporters.pdf

<badgerfem> Do these organizations know what they have started?

<badgerfem> Follow the money

Comment: The list is 4 pages in length and has a header of United

States House of Representatives � Judiciary Committee � Chairman Lamar

Smith (TX-21). List of Supporters: H.R. 3261, the Stop Online Piracy

Act. Included among those named are two of our critical suppliers:

MasterCard Worldwide and Visa, Inc. This has been the only mention of

this document at this time, and it has not hit twitter as of yet. EWT

will continue to monitor for any further developments. Ends.

Respectfully,

Jay Haak

Threat Analyst - 24/7 Early Warning Team

TEKsystems Contractor for Bank Of America

Cell: (281) 840-1822

Email: jay.haak@bankofamerica.com

BAML-EWT email.png

--------------------------------------------------------------------------------

-------------------------------

Subject: TACTO - Break Up with BofA

-----------------------------------

Source: Twitter

Date/Time: 14 Feb 12 @ 14:08EST

Summary of Information: The following message was tweeted by

dharmaburning, �LIVE: Occupy SF #VD Break up with BofA (@occupy1liberty

live at ustre.amEUCF/1) Comment: EWT will monitor for any developments

or indications as to which locations may be targeted, and report them to

the necessary individuals. Ends.

Respectfully,

Jay Haak

Threat Analyst - 24/7 Early Warning Team

TEKsystems Contractor for Bank Of America

Cell: (281) 840-1822

Email: jay.haak@bankofamerica.com

BAML-EWT email.png

--------------------------------------------------------------------------------

-----------------------------

Subject: FLASH INITIAL: Threat of a virtual sit-in against BAC

---------------------------------------------------------------

cid:image001.png@01CCAEB9.C9EDA800

ConfidentialDataGISTMPandora17hola38

This advisory is informational only. Threat Management has been made

aware of Threat Activity taking place external to the Enterprise. This

report is intended to provide early warning information should this

threat begin to impact Enterprise-wide operations.

Distribution should be limited to �need-to-know� parties.

INITIAL FLASH SUMMARY

The FBI warned BAC of a plan to attack multiple websites, including BAC,

as part of a �virtual sit-in for Public Education�. Instructions for

participation in this attack are at

http://reclaimucsd.wordpress.com/category/virtual-sit-in/. This event

is being hosted by the Public Education Coalition of UCSD. This page

states that the virtual sit-in will take place from March 1st � 5th.

And defines the attack as, �DAY OF ACTION, ELECTRONIC CIVIL

DISOBEDIENCE, MARCH 1ST, NEOLIBERALISM, VIRTUAL SIT-IN�. Included in

this page are instruction to download a .zip file that they claim only

includes, �4 simple HTML pages�. They go on to give instructions on

what needs to be copied and then pasted to the users browser. They

state that this will work with any browser. They also provide

instructions at virtualsitin.com for participants that are leery of

downloading or on a machine in which the user cannot download from the

internet. Specific targets listed on the website are bankofamerica.com,

universityofcalifornia.edu, and jerrybrown.org.

Thus far there has been tweets (below) suggesting that this action is

�happening now� and calling for participants to join the action.

" Download and click. Click = Action: March 1st-5th Virtual Sit-In <<

Reclaim UCSD hxxp://t.co/dUq52Qd2" - Sent by banglab at 06:46EST 01

March 2012.�

"HAPPENING NOW - March 1st-5th Virtual Sit Participation wp.me/p2dCZS-5t

via @Reclaim UCSD " - Sent by sadey_occupy at 03:50EST 01 March 2012.�

Below are the instructions found within the .zip file on the website �

To use the sit-in action page:

1. DOWNLOAD: You can download the action files and run them directly

from your own hard drive here. This will help reduce the load on our

server. We promise there are no viruses attached to these files. All you

need to do is uncompress the zipped archive which will give you a

directory with a bunch of files in it. Open the one called index.html in

your browser and you'll be on your way to a pleasant sit-in.

2. Then click " Enter the Action " to participate. The action page runs

automatically when it loads, but it takes 40-60 seconds to load

depending on your connection speed. The frames at the top part of the

page may initially load very slowly. This is a delay to allow the

browser to call all the objects on the page. But once all frames are

loaded the reload speed will increase. The status of the page is

displayed in the upper 'status' window.

3. You are going to see lots of error messages saying " Not Found, the

URL /funding ( etc. ) was not found on this server ". This is by design and

expected. Afterall, we don't really expect to find funding, equality,

action, transparency, justice, ... under the current effects of

neoliberalization and privatization that have pervaded higher education.

4. CONNECTION SPEED: In the 'speed' box on the right side in the

bottom part of the page you see the speed at which the action page is

reloading the frames in the top part. It automatically runs on the

assumption that you have a slow dialup connection. If you have a fast

dialup connection then click on the 'CHANGE SPEED' button to increase

the speed of the operation. If you have a high speed connection - T1,

ISDN, etc., as you might at a company, university, an internet cafe or

even at home - then click on 'CHANGE SPEED' again to set the page for

it's highest speed of operation.

5. The 'slow dialup' setting submits requests to each page every 6

seconds. The 'fast dialup' setting submits a requests every 3 seconds.

The 'high speed' setting submits requests every second. The faster the

operation, the better!

6. Okay, now just sit back and relax, or open a new browser window

and do anything else you need to do, BUT LEAVE THE ACTION WINDOW OPEN IN

THE BACKGROUND, THE LONGER THE BETTER.

7. SPAWN: If you are using the pages and you find that the computer

is making effortless connections, and you have the system resources

available in your computer to take the extra effort, then click on the

'Spawn' link. This runs another copy of the sit-in pages in another

window. After clicking 'Spawn' redo steps 3 again in the new page to set

the appropriate speed.

8. Again, if at any point you start to get a lot of time-out

messages, or messages saying the server is probably down, then the

servers are beginning to grind to a halt! If it gets to be annoying then

close down and try again later (see final step below).

9. When you've had enough, just close the browser window that is

displaying the action page. That will end your sit-in session.

10. MIRROR: This site is being mirrored on at least one other

location. If you find that the current URL is too busy (does not load

the action page), then try the mirror site.

Comment. Thus far there has been no mention of this event in the usual

chat rooms used by known hackitivists. This event is being called a

gesture of Electronic Civil Disobedience and may be an opportunity for

Anonymous to participate using more effective methods of attack. Ends.

Next Steps �The Early Warning Team is monitoring for Hactivist

participation in this event and the Threat Management Tech SME�s are

looking into how this attack is going to work using the listed download.

This FLASH will be updated as more information becomes available.

--------------------------------------------------------------------------------

-------------------------------------

Date: 10/24/2012 8:50:37 PM

Subject: Occupy News 10/24/12

------------------------------

Occupy Wall Street/General

Occupy movement makes lasting impact despite losing steam (10/23/12)

Over a year ago, the Occupy movement exploded as major news outlets began

covering the Occupy Wall Street protest in New York City�s Zuccotti Park. The

protest quickly spread around the world in less than a month, but the movement

has lost steam over the past year as authorities have cleared out all of the

major Occupy camps around the country. While the movement has largely dropped

out of public consciousness, Occupy protestors in cities around the world

remain determined to have their voices heard, which raises the the question, is

the Occupy movement over, or can it still make a difference? So far, Occupy

hasn't led to any clear, quantifiable change in the American financial sector,

which appears to be the movement's main goal. The goals and demands page of

occupyaustin.org details the movement�s purpose: essentially, to protect the

majority of Americans from the reckless, greedy actions of corporations and the

super-rich.

http://www.hilltopviewsonline.com/viewpoints/article_4880834e-194a-11e2-9555-001

a4bcf6878.html

The young and the restless (10/23/12)

Young people were among the hardest hit by the global recession, and youth

unemployment will continue to be a risk factor for social and political

instability worldwide, writes Jonathan Wood, of business risk consultancy

Control Risks. The Arab Spring, Europe's anti-cuts protests, the global Occupy

movement, and the London riots of 2011 all raised questions about the links

between youth unemployment and social unrest.While the main driver of youth

unemployment is economic weakness, government cuts have exacerbated the

situation by reducing public sector workforces, cutting unemployment support

and raising education costs. In the United States, youth unemployment leaped by

one-third during the economic crisis to above 17%, where it has remained.

http://www.bbc.co.uk/news/business-19997182

Why There Won�t Be a Bank Transfer Day in 2012 (10/24/12)

From June 2011 to June 2012, credit unions reported a year-to-year increase of

more than 2.16 million memberships � the largest influx of members in the

past decade, according to data by the Credit Union National Association. In

the prior year, there was only a 552,890-membership increase at credit unions.

The four-fold jump in new memberships is easily attributed to last year�s

Bank Transfer Day (held Nov. 5), the consumer movement that rallied fed-up bank

customers to close their fee-riddled accounts and move their money to credit

unions. The exact number of consumers who made the switch because of Bank

Transfer Day is difficult to determine, but the movement did push credit unions

into the spotlight.This year, however, there will be no official Bank Transfer

Day to give banks a run for their customers and deposits, said Kristen

Christian, the creator of Bank Transfer Day.

http://www.mybanktracker.com/news/2012/10/24/no-bank-transfer-day-2012/

US

99Rise Activists Attempt To Bridge Gap With Occupy L.A. (10/23/12)

Nick Wagner showed up on time to Pershing Square for the Occupy L.A. General

Assembly, which meant that he got there too early. Occupy L.A. cannot be

trusted to " keep the trains running on time, " as the expression goes.

Meetings usually convene at least half an hour after the advertised time, and

there are no stop times--you can stay there talking all night if you'd like,

because somebody will always be there. Wagner trekked in from Riverside with

his girlfriend Crystal in hopes that this particular October night would draw a

decent crowd of activists.The 32-year-old planned to address the General

Assembly with information regarding the new movement he'd joined called 99Rise,

an Occupy offshoot that focuses on nonviolence and issues relating to the

intersection of corporate money and politics.

http://www.neontommy.com/news/2012/10/99rise-activists-attempt-bridge-gap-occupy

-la

Occupy Naperville marks first year of activism (10/23/12)

Members of Occupy Naperville commemorated their first anniversary last weekend,

and they have no plans to go anywhere any time soon. �We haven�t missed a

single Saturday,� said organizer and Warrenville resident Steve Alesch, who

works in Naperville. Fifteen to 20 demonstrators continue to turn out every

week, gathering at the Free Speech Pavilion on the Riverwalk. They spend an

hour or so voicing their opposition to the influence of special interests on

American politics, with chants and signs.

http://napervillesun.suntimes.com/news/15896172-418/occupy-naperville-marks-firs

t-year-of-activism.html

Free Ben & Jerry's In Union Square Today To Promote Constitutional Amendment

(10/24/12)

According to a press release from OccupyWallStreet.org, Unilever's Ben Cohen

will be in Union Square today handing out free rubber stamps as part of a

campaign to amend the Constitution to " get money out of politics. " The

so-called Stamp Stampede will distribute tens of thousands of stamps and

encourage people to use them on their currency, stamping bills with one of four

messages: NOT TO BE USED FOR BRIBING POLITICIANS STAMP MONEY OUT OF POLITICS

CORPORATIONS ARE NOT PEOPLE; MONEY IS NOT FREE SPEECH THE SYSTEM ISN'T BROKEN,

IT'S FIXED In addition to the stamps, there will also be free Ben & Jerry's ice

cream, from 11 a.m. to 6 p.m.

http://gothamist.com/2012/10/24/free_ben_jerrys_in_union_square_tod.php

Europe

Robin Hood tax gains traction in Europe (10/24/12)

Robin Hood may not have roamed Sherwood Forest for hundreds of years, but fans

of his " steal from the rich, give to the poor " ethos appear to have made

inroads into European tax policy. The European Union's executive body said

Tuesday that 10 members of the 27-nation group had agreed to move forward with

a Financial Transaction Tax, also known as the Robin Hood tax. Supporters say

the controversial move will raise billions of euros for cash-strapped

governments by applying a small tax on transactions in financial markets. But

critics say imposing the tax will drive investors away and act as a break on

economic growth. Nobel Prize wining economist James Tobin first proposed

taxing transactions in the foreign exchange market in the 1970s to limit

volatility and curb speculation. The idea of taxing financial transactions

more broadly really started to gain ground earlier this year, when former

French President Nicolas Sarkozy began touting it as a way out of Europe's

financial crisis. The tax has become a cause c�l�bre of grassroots

organizations that often dress up in Robin Hood costumes and march in the

streets. It has also been affiliated with parts of the Occupy Wall Street

movement in the Untied States.

http://buzz.money.cnn.com/2012/10/24/robin-hood-tax/?section=money_markets&utm_s

ource=feedburner&utm_medium=feed&utm_campaign=Feed%3A+rss%2Fmoney_markets+%28Mar

kets%29

Madrid has peaceful anti-austerity protest (10/24/12)

Thousands of anti-austerity protesters gathered outside Congress in Madrid

while Spanish lawmakers debated next year's budget. It was the fourth " Occupy

Congress " protest organized by the 25-S movement in the past month, ThinkSpain

reported Wednesday. The group said more than 5,000 people participated in the

Tuesday protest, Authorities placed the number of protesters at closer to

2,000.

http://www.upi.com/Top_News/World-News/2012/10/24/Madrid-has-peaceful-anti-auste

rity-protest/UPI-54071351081746/?spt=hs&or=tn

Mitta Isley, MSLS

Research & Records Management

Cyber Threat Management & Information Sharing

Global Information Security

Office: (980) 387-9756

Email: mitta.p.isley@bankofamerica.com <mailto:amy.k.taylor@bankofamerica.com>

--------------------------------------------------------------------------------

-----------------------------------------------------------

Subject: EWT - TACTO - IRC Talk

-------------------------------

BAML-EWT logo.png

Source: IRC � AnonOps IRC - #AnonOps

Date / Time: 24 May 12 � 10:30EST � 10:45EST

Summary of Information: While monitoring the AnonOps IRC there were mentions

of Bank of America, Countrywide, Fannie Mae, and Freddie Mac in regard to

fraud. More importantly one of the users claims to have over 1000 documents to

prove fraudulent activity. The user did not specify which company the

documents belong to. Transcript follows comment. Comment: EWT has not

observed any further comments in regard to the documents nor any specifics.

With the upcoming OpNewSon these documents may be released in the dissemination

of the purported �leaks� that this group claims to have. EWT will continue

to monitor for any further developments. Ends.

//Transcript Begins//

<anonymoose> they sign with the labels because they want things like press

releases (which are not free btw), studio time they dont have to pay for, etc

<sharpie> where bodys such as the riaa are trying to preserve their relevance

<Notion> ofcrouse they owe them

<Syn> ^^^

<anonymoose> so they signed a contract, owe millions, arent getting paid

because the money is going to the debt

<Notion> the label gives them thousands in advance

<anonymoose> sounds fair to me, if you dont want to owe someone money dont

borrow it

<Syn> yeah whatevr I still think the RIAA is no longer needed. Record companies

are now irrelevant. j's

<anonymoose> but borrowing it and then claiming its unfair that you have to

repay it is stupid

<LulzDog> Moose makes a point with that

<Syn> i agree anonymoose but to be told " you 've sold X millions of record' s but

we 're not paying you" is wrong

<anonymoose> then they shouldnt have signed the contract

<Notion> not if they are in debt

<Syn> its not always that black and white my dear.

<norbert79> I agree with that with Syn...

<norbert79> But in general anonymoose is right

<Syn> Im not saying he isnt lol

<anonymoose> no one forced them to sign

<Syn> which is why im laughing so fuckin hard

<LulzDog> Syn but in the end it usually boils down to that

<anonymoose> just as no one forced people to sign mortgages they couldnt afford

and didnt understand (or want to understand) <down_> shows the need for

simplicity

<LulzDog> Moose: on that note why the fuck werent the ceos of those companies

ever tried for fraud

<sharpie> in the case of morgates particularly people could be said to have

been tricked

<anonymoose> which companies specifically

<LulzDog> Countrywide, fannie may, and freddie mac

<sharpie> coerced by different methods

<anonymoose> well fanny and freddie are basically hte government

<sharpie> wilfully reckless in lending policies

**NETSPLIT**

<LulzDog> Moose: they are owned by bank of america

* Nijaxor (penis@penis.penis) has joined #anonops

<Nijaxor> lolol

<Nijaxor> boom

* Effexor (FU@KING.HIVEMIND) has joined #anonops

* BOFH (that@bastard.with.root) has joined #anonops

* Wolfy (Howling@the.Moon.Tonight) has joined #anonops

* Aha2Y (Aha-79@i.had.sex.with.your-sister.nl) has joined #anonops

* Showers2All (Power2All@staff.anonops.li) has joined #anonops

* Poke (cojones@rootadmin.anonops.com) has joined #anonops

* Isis (great@staff.anonops.li) has joined #anonops

* AnonOps sets mode +a #anonops Showers2All

* AnonOps sets mode +q #anonops Poke

* AnonOps sets mode +a #anonops Isis

* AnonOps gives channel operator status to BOFH Wolfy Aha2Y Showers2All Poke

Isis

* AnonOps gives voice to Effexor

<LulzDog> As well is countrywide

<anonymoose> but its not fraud to say "here are the terms" and then someone

agrees to that without understanding it because they dont want to ask questions

for fear of someone thinking they are dumb and they dont want to read the

contractsw

* Poke has quit (Quit: leaving)

* Nijaxor (penis@penis.penis) has left #anonops (Leaving)

<LulzDog> Also i have access to over 1k documents proving my point lol

* Nijaxor (penis@penis.penis) has joined #anonops

<Nijaxor> o/

* Wolfy gives voice to Nijaxor

<anonymoose> LulzDog: fanny mae, freddie mac and sally whatever are US gov

* Nijaxor has quit (Quit: Leaving)

<anonymoose> sally whatever does student loans

<LulzDog> Moose you never covered countrywide

<anonymoose>

<LulzDog> Moose: they are owned by bank of America

<LulzDog> Yea i knnow

<anonymoose> you are right I never did and I was responding to that comment

over what I did cover, fanny and freddie

* Poke (cojones@AN-7pa.2vh.r88huf.IP) has joined #anonops

* Tony_The_Tiger sets mode +q #anonops Poke

* Tony_The_Tiger gives channel operator status to Poke

* down_ (lets@get.dangero.us) has joined #anonops

<down_> cojones mas grande

<LulzDog> I was grouping them as a whol as far as fraud goes

**Mass Users Rejoin Due to Netsplit**

* Poke sets mode +D #anonops

<LulzDog> Or at least conspiracy to commit fraud

<Syn> BTW Since Poke didnt feel fit to tell you hes moving leafs so hold onto

your cawks

<Poke> shh

* Poke is now known as epok

* Yagami (Yagami2@AN-2v0.jf6.guvaeb.IP) has left #anonops

* ZenPanda has quit (Ping timeout: 121 seconds)

* Anon-Twats has quit (Ping timeout: 121 seconds)

<anonymoose> well fannie and freddie do not do direct loans, they usually buy

on the secondary market

<anonymoose> they guarantee well over 50% of all mortgages in the US now

<BOFH> lolol. http://humormood.com/wp-content/uploads/2012/05/3IA7l.jpg

<anonymoose> I think its rapidly approaching 90% but I just dont know offhand

how many mortgages they actually own and taxpayers guarantee

<LulzDog> They shouldve died in 2008

<anonymoose> if people stop paying their mortgages the government just raises

taxes and/or prints more money to pay them off, its the tax payer that ends up

losing

LulzDog - (LulzDog@AN-8s4.a63.modebn.IP)

//Transcript Ends//

Respectfully,

Jay Haak

Cyber Threat Analyst - 24/7 Early Warning Team

TEKsystems Contractor for Bank Of America

Cell: (281) 840-1822

Email: jay.haak@bankofamerica.com

BAML-EWT email.png

--------------------------------------------------------------------------------

----------------------------------------------------------

Subject: EWT - TACTO - Dox on UgNazi

------------------------------------

BAML-EWT logo.png

Source: Pastebin.com

Date / Time: 18 May 2012

Summary of Information: The following is a paste cited as being the confirmed

dox of UgNazi members. Paste link: Pastebin.com/ZYp7DhrT � see full paste

below.

//PASTE BEGINS//

Hello, Today I am contacting you regarding a series of recent DDoS attacks on

multiple .gov websites (including cia.gov justice.gov dc.gov wa.gov nyc.gov and

many others) The hacker also target many not .gov websites (including

washington.org slcpd.com goarmy.com mcdonalds.com and many others)

Most of, if not all of, the recent attacks have been coming from a group called

ugnazi.

The members of ugnazi according to their website (ugnazi.com) are JoshTheGod,

CyberZeist, Cosmo, S3rver.exe, and MrOsama.

These hackers have not only been DDoSing websites, they have leaked fbi

documents ( hxxp://pastebin.com/VULutT1M ), commited numerous accounts of

Credit Card Fraud, Hacked numerous websites, and more.

Here is all the information I have on them, 3 out of the 5 members.

===========

JoshTheGod

===========

Leader of UGnazi

Behind ufc.com hack, leaking personal information including SSNs of many people

(see cocksecurity.com), and Credit Card Fruad.

Name : Blake Bronstad

Dob : October 12, 1992

Address:

219 elm st west apt 2e

norwood, MN 55368

Mother:

Catherine A Bronstad (60 Years old)

Dad:

Michael George Baker (45 Years old)

Google Voice Number:

3472911346 ( I hacked ) . Real Number on it 9522390358

952-373-9068

952-239-0358

Skype:

Josh.josh.joshy

Isirgod

Josh (Owner of it has gotten it back)

Msn:

Josh@fbi.tf

Playertopcat@yahoo.com

Josh@obbahhost.com ( Hacked )

Blake_nick@live.com ( Hacked )

Facebooks:

https://www.facebook.com/profile.php?id=1648843204

https://www.facebook.com/profile.php?id=100001354736560

https://www.facebook.com/profile.php?id=100002023048908

This kid plays habbo all day.

Aliases:

Joshthegod

Raidon

Josh Matthews

Nick James

Robert Whitetaker

Milo Matthews

Josh Dotnet

Emails:

Josh@obbahhost.com

Josh@fbi.tf

admin@habbo.cm

Domains:

hxxp://Jm.com

hxxp://UGNazi.com

hxxp://Cocksecurity.com

hxxp://Habbo.cm

hxxp://paste.re

hxxp://minecraft.re

hxxp://fbi.tf

Fake Dox hes Claimed:

Name: Joshua B Matthews

Age: 22

Address:

111 Mosel Ave

Staten Island, NY 10304

Name: Joshua w Matthews

Dob:11/28/1988

6887 FULLER STATION RD

SCHENECTADY, NY 12303-5301

===========

Cosmo

===========

Behind most of the recent DDoS attacks (see his twitter).

Name: Eric Taylor

Mom' s name: Sheila Brown

Address: 3337 E 15th St, Long Beach, California 90804 Cell Phone: 562 -256-0832

Aol Instant Messanger Accounts: maybeCosmo, Cosmo@comcast.net

Twitter: hxxp://twitter.com/#!/ThaCosmo

Pastebin: hxxp://pastebin.com/u/maybecosmo

Youtube: hxxp://www.youtube.com/user/TeamDiversityTD

Website: hxxp://team-diversity.net/

===========

MrOsama

===========

Also behind the recent DDoS attacks ( see his twitter ) , and Credit Card Fraud.

Known as The Godfather, Godfather, Vouch, and MrOsama.

Ip Address:

72 .209.213.15

ip72-209-213-15.dc.dc.cox.net

Aol instant messanger account: Vouch

YIM: ComeAfterUs@yahoo.com

Icq: 421542

Msn: K@Live.com

Twitter: hxxp://twitter.com/#!/UG

Pastebin: hxxp://pastebin.com/u/mobster

hxxps://carderprofit.cc/ account: mobster

//Paste Ends//

Respectfully,

Jay Haak

Threat Analyst - 24 /7 Early Warning Team

TEKsystems Contractor for Bank Of America

Cell: ( 281 ) 840 -1822

Email: jay.haak@bankofamerica.com

BAML-EWT email.png

--------------------------------------------------------------------------------

---------------------------------------

Subject: FLASH UPDATE - 5 : STRATFOR ( vendor ) hacked, client list released,

credit cards exposed

--------------------------------------------------------------------------------

---------------

cid:image001.png@01CCCC50.E8FAC3E0

ConfidentialDataGISTMPandora17hola38

This advisory is informational only. Threat Management has been made

aware of Threat Activity taking place external to the Enterprise. This

report is intended to provide early warning information should this

threat begin to impact Enterprise-wide operations.

Distribution should be limited to �need-to-know� parties.

INITIAL FLASH SUMMARY

Early Warning Team reported the Initial attack on STRATFOR 24 DEC 2011

when Anonymous / #AntiSec, as part of an operation they call LulzXmas,

took down the website www.stratfor.com and claimed they hacked into

databases.

STRATFOR is a private independent global intelligence company that

provides in-depth analysis of world events founded in 1996 in Austin

Texas. #AntiSec is primarily focused on attacking, exposing and

embarrassing security vendors ( white hats ) .

Initially several tweets were sent out by various members of the

hacktivist group Anonymous with a link to Pastebin with a list of 4000

clients of STRATFOR, which lists Bank Of America, eight of our critical

vendors and several other financial institutions and governments from

around the world. While there was no other information on the list other

than the names of clients it was still a compromise of STRATFOR�s

confidentiality and exposes the bank and its critical vendors to more

possible attacks if any more information was compromised.

SOACC has a subscription to STRATFOR - they provide their analysis ( both

daily and ad hoc updates ) to the team. SOACC�s Sean Doherty�s sense is

that STRATFOR would only have access to contact information/billing

data ; he doesn�t believe BAC has gone to STRATFOR with specific requests

or taskings that would involve sharing any other data. We understand

that other teams in/outside Corporate Security ( GBCR etc. ) might also

use STRATFOR.

Late on 25 DEC 2011 , Anonymous / #Antisec released details on

approximately 13 ,000 credit cards related to the STRATFOR breach. The

data was passed to GIS Fraud. Only eight cards were from BAC, and of

those, only one was still valid.

Comment. Antisec has started to release credit card information

allegedly obtained through the Stratfor breach. Over the last 24 hours,

Antisec hackers have released over 13 ,000 credit card numbers, including

CCVs and user information. Eight Bank of America cards were identified

but only one was still valid. Antisec claims to have enough information

to extend LulzXmas until the New Year. While this situation is certainly

embarrassing for Stratfor, it seems the bulk of the data being released

is dated. The card information has been passed to the fraud department

for action. The 24 /7 Early Warning Team is monitoring and will alert if

there are any developments. Threat Management is monitoring for any

other details or further release of data from the STRATFOR breach. Ends.

STRATFOR ( a/k/a Strategic Forecasting Inc. ) is identified in ARIBA and

the Global Sourcing PSR as a Tier 4 supplier with START scores of

IS/Low, BC/Low. The last published START in ARBIA indicates that the

supplier does not have access to customer information.

Update: BAC associates whose email addresses were among the 944

compromised subscribers are starting to receive Phishing/harassment

emails. The emails appear to be from the CEO of STRATFOR and ask the

target to fill out an internet form. Thus far there have been three

spear phishing emails that include suspicious links to a youtube video

( which turns out to be a simple Rick Roll ) , a press release, and a �Rate

STRATFOR�s incident response� entry. The �Rate STRATFOR�s incident

response� form has been delivered as both a link and the form within the

email itself depending on the attempt. In both cases the form does not

attempt to �fool� the victim into thinking they are really dealing with

STRATFOR. The links lead to nothing more than sophomoric harassing

commentary. The emails have been sent to ABUSE and CCM.

No malware or malicious code was found on any of the links.

Comment: These is simple harassment and this is the first reported use

of the information from the STRATFOR breach against individual victims.

We should expect more of this, and most likely more sophisticated

tactics and procedures from other cyber actors in the future. This may

be an effort to track the numbers of individuals that follow the links.

Ends.

After further analysis, the STRATFOR compromised data dump was compared

to the complete list of BAC domains. The total number of compromised

credit card accounts and subscriber accounts has increased evidently.

There are 93 compromised credit cards that are not expired and 944

compromised subscriber accounts that belong to active BAC employees.

Anonymous as promised have posted links to 6 file sharing sites that

contain sensitive data from the STRATFOR breach on Pastebin. The file

contains 75 ,000 names, addresses, CCs and MD5 hashed passwords of

STRATFOR customers.

Comment: Link directs to a new pastebin which touches on the Stratfor

hack once again, and then at the bottom lists another data dump. All

the links appear to be the same file just different venues. In the file

there are 17 BAC Personnel listed with names, addresses, and credit card

information. Ends

Corporate Security is working with Global Fraud Protection to block and

reissue cards identified as compromised to mitigate the risk. The

Investigative Services Intel and Analytics team has pulled the full data

set from the Wiki location and done further analysis which will be used

to determine the total impact to BOA customers. The Intel and Analytics

team will work with Card Investigations and external partners to

determine the full impact and risk.

GCCIBT Risk Management checked within GBCR and it appears that most BAC

subscribers utilize an invoice payment process for set of seat licenses

as opposed to paying individually on Corp Cards for access. This should

help limit exposure of any captured Visa card info.

Anonymous is now claiming to have STRATFOR�s entire email spool,

releasing a single email thread as proof. Enterprise Communications is

reviewing the nature of email communications between STRATFOR and BAC to

evaluate any risk.

More information to follow.

Next Steps - Control Center Monitoring and Incident Management have been

notified and are reviewing the issue for potential mitigation

requirements. GIS Engagement is also aware and working with appropriate

Line of Business personnel. A more detailed update to this bulletin

will be distributed as events warrant. Should this issue be declared an

actual BAC-Impacting event, then GIS Incident Management will provide