Hackers Claim Wall Street Resume Leak
Team GhostShell members said they've leaked usernames, passwords, and resumes from jobs board ITWallStreet.com.
"IT Wall Street owned. Around 50.000 accounts compromised. The list contains both current, past, and rejected IT personal from Wall Street. The information is as detailed as ever with many other surprises in it. Please, enjoy," read a post to privatepaste.com signed by "Masakaki," who said he's "part of the Far-Eastern Financial District of #TeamGhostShell." The exploit was also announced by Team GhostShell on Twitter.
Reached by phone, a representative for Andiamo Partners, which runs the ITWallStreet.com website, said there was no one available to discuss the alleged leak, or whether it's investigating, and terminated the call. An email sent to an address listed on the company's website as a sales contact also bounced.
The post from Masakaki contained links to 12 posts made to both PasteSite.com and privatepaste.com. (A notice on the latter website, however, warns that "Due to continous [sic] abuse, privatepaste.com will be shutting down August 1st, 2012.") All 12 posts appear to have been deleted from both sites by site administrators.
But, according to news reports, the released data did appear to contain user credentials, including hashed passwords--some of which had been decoded into plaintext--for ITWallStreet.com users, as well as salary expectations, which ranged from $40,000 to $400,000. Other published information appeared to include emails between account managers and headhunters discussing clients' suitability for various roles. A published client list, meanwhile, included numerous Wall Street firms, such as Dow Jones, Morgan Stanley, and Wachovia Bank.
[ Learn One Secret That Stops Hackers: Girlfriends. ]
Despite the claim of having leaked about 50,000 user accounts, Masakaki noted that he'd held back 3,000 resumes from the data leak, "to trade them on the black market."
Why target Wall Street? In the post, Masakaki announced his support for the Occupy Wall Street movement, and appeared to promise further such disclosures. "GhostShell has been leaking left and right all kinds of targets, well we're here to bring some sort of order to it, which is why this district will function solely to provide leaks from an economical point of view, institutional and educational, but primary, it will focus on the financial aspect of things," according to his post. "With that being said, what better target to pick as a first release, than the place that puts all markets to shame in the world. Wall Street."
Previous Team GhostShell leaks have largely focused on Chinese websites as part of its "ProjectDragonFly," which the group describes as a "protest for freedom of speech in China." For example, Team GhostShell leader "deadmellox" claimed to have hacked 38 sites and released details on 200,000 accounts--including usernames and passwords--associated with numerous companies, including China Rencai, Mello Biotech, Yabao Hi-Tech Enterprises, as well as the Chinese branch of Fitch Ratings. Deadmellox also claimed to have exploited cross-site scripting vulnerabilities on numerous websites, including AOL, CNN, Puma, and Peugeot.
Security information and event monitoring technology has been available for years, but the information can be hard to mine. In our SIEM Success report, we provide a step-by-step guide to make the most of your SIEM system. (Free registration required.)