Bank of America has confirmed that some of the data included in the massive leak by Anonymous-affiliated group “Par:AnoIA” does belong to them, but that it didn’t come from their owns systems, but those of a third-party contractor.
The 14GB leak contains internal BoA emails that apparently show that they have hired IT consultancy firm TEKsystems to monitor the public online activity of hackers that might or have targeted the bank (Anonymous, TeaMp0isoN, UGNazi and others) and activists that were involved in the Occupy Wall Street movement.
According to Computerworld, BoA hasn’t confirmed that particular partnership, but has explained that they were working on a “pilot program for monitoring publicly available information to identify information security threats.”
If the Par:AnoIA press release accompanying the leak is to be believed, all the data comes from a unnamed source that lifted it off a “misconfigured server” located in Tel Aviv.
Among the leaked data is also the source code of the OneCalais app, a software developed by Israeli company ClearForest (owned by Thomson Reuters) for the express purpose of harvesting and rifling through huge swaths of unstructured publicly accessible information in search for relevant data.
Also leaked is source code of what appears to be a module of the software made specifically for Bank of America.
Finally, the leak contains archives containing data about hundred of thousands of executives and employees from various corporations around the world, including salary information. The archives were found on the same server, and seem to belong to Bloomberg L.P. media corporation.
But what really bugs the hacker group is that the research done by TEKsystems is “sloppy, random and valueless” and “potentially false”, and the fact that BoA and others are contracting other companies to spy and collect information on private citizens – even though they do it by analyzing publicly available information.