ClearForest, a Thomson Reuters subsidiary which provides tools for data mining text and social media, suffered a severe attack by a group affiliated by Anonymous. A group called Par:AnoIA is distributing files it obtained from an unsecured server in ClearForest’s offices outside of Tel Aviv, including the source code for ClearForest’s proprietary data mining application, OneCalais.
The attack was apparently prompted by a project initiated by Bank of America to identify potential hacking threats. Bank of America described it as a “pilot program” for monitoring publicly available information in an effort to identify security threats. Bank of America apparently hired TEKSystems, an IT outsourcing subsidiary of Allegis Group, to manage the project. The project used ClearForest to monitor hacking activity on social media platforms and public Internet Relay Chat (IRC) channels.
Unfortunately, ClearForest’s systems were not well secured. The press release issued by Par:AnoIA claimed that its theft was not a hack because it was so easily obtained: “The source of this release has confirmed that the data was not acquired by a hack but because it was stored on a misconfigured server and basically open for grabs.”
ClearForest is not the first research-related victim of Anonymous. Stratfor Global Intelligence, a geopolitical research firm based in Austin Texas, was hacked in 2011 by Anonymous which stole unencrypted credit card information of Stratfor customers, as well as over 5 million internal emails which were then turned over to Wikileaks. Wikileaks published Stratfor’s internal emails in an attempt to portray the firm as a quasi-intelligence agency.
Nearly a third of the ClearForest information stolen by Anonymous was a project unrelated to Bank of America’s project. It appears that ClearForest was creating a database of compensation information encompassing approximately 200,000 executives, primarily from securities filings. The compensation information was contained in a folder labeled “Bloomberg”, so the hackers speculated that the information might have been related to a project on behalf of Bloomberg. They also noticed that data entries were entries are tagged with “reuterscompanycontent”, apparently not realizing that ClearForest is a subsidiary of Thomson Reuters. It is doubtful that Bloomberg would use a subsidiary of Thomson Reuters for a project.
Reuters acquired ClearForest in 2007 for an undisclosed sum. At the time, ClearForest had around 30 employees and 50 clients, primarily corporations. Most of its operations were based in a suburb of Tel Aviv, the site of the recent hack. Competitors to ClearForest include Connotate, which has been more actively marketing into the financial community, Mozenda and FirstRain.
The hacked data can be found at http://par-anoia.net/releases2013.html#bofa