A couple of days ago, we learned that Anonymous hackers were on a mission to expose a Bank of America project aimed at monitoring the Internet for the activity of hacktivists and activists. On Wednesday, the hackers announced that a total of 14 GB of data was released.
The information is allegedly related to Bank of America (BoA), Bloomberg, Thomson Reuters, TEKSystems, the company presumably put in charge of the spying activity, and ClearForest, the firm that’s said to be responsible for the monitoring software.
According to the hacktivists, the data they’ve leaked contains the details of hundreds of thousands of executives and employees from organizations around the world.
In addition, they make a number of interesting remarks. They say that the overall quality of the research commissioned by Bank of America and “others” is poor and “potentially false.”
Also, they highlight the fact that the collected data was stored without being properly secured.
“The source of this release has confirmed that the data was not acquired by a hack but because it was stored on a misconfigured server and basically open for grabs,” the hacktivists stated.
“Even more alarming, the data was retrieved from an Israeli server in Tel Aviv – while ClearForest is based in Tel Aviv it remains unclear why this huge amount of data was stored insecurely on an open server.”
They added, “This incident shows how irresponsible companies handle the data of more than dubious projects. Even more alarmingly, the findings indicate that corporations like Bank of America are funding these operations. We release the received files in full to raise awareness to this issue and to send a signal to corporations and Governments that this is unacceptable.”
Bank of America representatives have told Computerworld that their own systems have not been compromised and that the leaked data originates from a third-party company.
The bank has confirmed that the third party was working on a “pilot program” for monitoring publicly available information in an effort to identify security threats.