This page has been archived and commenting is disabled.

Phishing Out The Goldman Code Fishers

Tyler Durden's picture





 
Still out in the boonies, so a few more days without extended analysis. In the meantime, some more amusement on GoldmanGate: #810081;">Cryptogon has created a piece of html code that Google queries latch on to when searching for "Goldman Sachs Code Torrent", allowing the sysadmin to track which IPs and firms are querrying this keyword. Interesting results. From the website:

I have not seen as much activity from Goldman Sachs as I thought I would on my little honey pot. This is all so far. Then again, this hasn’t even been up 24 hours yet:

204.4.131.140 2009-07-07 12:01:17
/?paged=2
Referrer: #0000ff;">http://www.google.com/search?hl=en&rls=com.microsoft%3A*&q=Mr.+Aleynikov+strat&aq=f&oq=&aqi=
Hostname: cflodc1.gs.com*
SEARCH ENGINE: Google (page: 1)*
KEYWORDS: Mr. Aleynikov strat
 
Other interesting visits:

#0000ff;">Citadel Investment Group
64.22.160.1 2009-07-07 11:53:59
/?p=9712
Referrer: Direct hit
Hostname: cit1.citadelgroup.com
 
InfoNgen is the first Discovery Engine for business, finance and information professionals that knows what’s critical to you. Extracts relevant and timely information buried on the web, within emails, in desktop documents or on network drives. Identifies trends and connections between topics, companies or products that might not otherwise be apparent. And delivers results in real time.

63.87.234.186 2009-07-07 05:12:58
/?p=9712
Referrer: Direct hit
Hostname: host186.infongen.com

Batterymarch is a global equity specialist, investing in approximately 50 countries for clients around the world. Our unique quantitative strategies combine the power of technology with the wisdom of experienced fundamental investors.

199.58.12.24 2009-07-07
21:12:51
/?p=9712
Referrer: #0000ff;">http://www.google.com/reader/view/
Hostname: smtp.batterymarch.com

U.S. Army
128.190.125.2 2009-07-07 17:59:55
/?p=9712
Referrer: Direct hit
Hostname: wks125-2.belvoir.army.mil

Clough Capital

74.201.46.1 2009-07-07 17:38:18
/?p=9712
Referrer: Direct hit
Hostname: host1.cloughcapital.com

Microsoft

131.107.0.101 2009-07-07 17:09:44
/?p=9712
Referrer: From your blog
Hostname: tide531.microsoft.com

The Benefit Company

66.184.209.18 2009-07-07 16:20:15
/?p=9712
Referrer: Direct hit
Hostname: 66.184.209.18

At ECBridge™, we know that information is the lifeblood of today’s business. Our experienced, international team helps clients plan, implement and manage innovative e-business solutions. We can help
your firm gain competitive advantage, by extending the reach of your company’s information.

207.111.251.165 2009-07-07 16:12:14
/?p=9712
Referrer: Direct hit
Hostname: mail.ecbridge.com

New York City Police Department

206.212.185.216 2009-07-07 12:49:12
/?p=9712
Referrer: From your blog
Hostname: 206.212.185.216

City of Houston
204.235.227.149 2009-07-07 12:05:43
/?p=9712Referrer: From your blog
Hostname: 204.235.227.149

Note: U.S. Department of Homeland

Security is obsessed with this post, and with Cryptogon, today. There are at least a couple of DHS employees who read Cryptogon as a matter of routine, but the activity over the last 24 hours shows 10 visits, 43 page views from five different hosts/IPs:

sbcp5.dhs.gov 204.248.24.164
bcp1.cbp.dhs.gov 63.167.255.151
bcp3.cbp.dhs.gov 63.167.255.153
sbcp6.dhs.gov 204.248.24.165
sbcp3.dhs.gov 204.248.24.162

Not sure how long Cryptogon will be able to keep this page up, so check it out while you can. And let other comparable games begin.
 
hat tip Dora
 


- advertisements -

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Wed, 07/08/2009 - 07:52 | Link to Comment savara
savara's picture

Keep up the good work !

Wed, 07/08/2009 - 07:52 | Link to Comment Eduardo
Eduardo's picture

LOLLLLLLLL I searched the pirate bay to see if I got lucky ... nothing yet LOL

 

 

Wed, 07/08/2009 - 11:15 | Link to Comment Project Mayhem
Project Mayhem's picture

Give it time, lol

Wed, 07/08/2009 - 07:56 | Link to Comment FischerBlack
FischerBlack's picture

LOL, Fort Belvoir is the home of several spooky Department of Defense agencies.

Wed, 07/08/2009 - 11:18 | Link to Comment Project Mayhem
Project Mayhem's picture

I'm just waiting for Booz Allen Hamilton to show up in the logs

Wed, 07/08/2009 - 08:22 | Link to Comment Anonymous
Wed, 07/08/2009 - 08:33 | Link to Comment yellow submariner
yellow submariner's picture

It was me.

Wed, 07/08/2009 - 08:54 | Link to Comment Anonymous
Wed, 07/08/2009 - 08:54 | Link to Comment Anonymous
Wed, 07/08/2009 - 14:53 | Link to Comment dark pools of soros
dark pools of soros's picture

they would post code to get everyone to buy Citi

Wed, 07/08/2009 - 09:53 | Link to Comment Anonymous
Wed, 07/08/2009 - 10:21 | Link to Comment Ben_the_Bald
Ben_the_Bald's picture

Fun and games but this doesn't prove anything. In fact, I'm sure the ZH access logs have visits from the same servers all the time. Fact is you don't know why the Google search was made.

When someone finds the code and puts it on a warez server with open access then we are talking.

As for what's in the code, I'd take the government's word for it, a scheme for the "fair" manipulation of the market by GS. It will not be easy to port to your pc environment at home though. But GS's competitors certainly have similar in-house developed tools. Just ask the middleware providers like TIBCO. (Of course they wouldn't answer, but it's fun to ask).

Wed, 07/08/2009 - 11:22 | Link to Comment Project Mayhem
Project Mayhem's picture

As for what's in the code, I'd take the government's word for it, a scheme for the "fair" manipulation of the market by GS

 

If you believe this, I have a bridge to sell you in Brooklyn.

Wed, 07/08/2009 - 13:59 | Link to Comment Anonymous
Sat, 07/18/2009 - 00:07 | Link to Comment GILLERAN
GILLERAN's picture

Yeah, as in 'fair, if you've got friends at Treasury'.

Wed, 07/08/2009 - 13:00 | Link to Comment E Thomas St.
E Thomas St.'s picture

I think the funny thing is that such a silly honey pot attracted people from those places in the first place.

Wed, 07/08/2009 - 13:57 | Link to Comment Anonymous
Wed, 07/08/2009 - 14:33 | Link to Comment E Thomas St.
E Thomas St.'s picture

Which could indicate that the amount of malarky they could potentially pick up by using bots might interfere with the ability to devine anything of value.

Wed, 07/08/2009 - 21:34 | Link to Comment carpentersr
carpentersr's picture

Ah yes, Warez. When I first heard about this story, that is where I thought the code would be.

Wed, 07/08/2009 - 10:51 | Link to Comment Anonymous
Wed, 07/08/2009 - 11:49 | Link to Comment Anonymous
Wed, 07/08/2009 - 12:06 | Link to Comment asdf
asdf's picture

that's really insane, but the IMF doesn't seem to read Michael Pettis. "Recovery in Asia, full speed ahead!"

Wed, 07/08/2009 - 12:14 | Link to Comment Project Mayhem
Project Mayhem's picture

all aboard the fail whale!

Wed, 07/08/2009 - 14:00 | Link to Comment Anonymous
Thu, 07/09/2009 - 02:41 | Link to Comment yellow submariner
yellow submariner's picture

IMHO: Good point! Moreover it would be really strange, if the code would still be on a site in germany, while Aleynikov is set free for a bail.

Wed, 07/08/2009 - 14:56 | Link to Comment dark pools of soros
dark pools of soros's picture

we all should hope so..  we will have enough problems dealing with all the emerging markets as they mature than have to also deal with these blood suckers from the inside

Wed, 07/08/2009 - 15:13 | Link to Comment Cue Ball
Cue Ball's picture

My question & request is : how do I get that html program to search for hits on a public Company I like....seems like it would tell me who that Company is talking to.

Wed, 07/08/2009 - 16:26 | Link to Comment PenGun
PenGun's picture

 I really doubt it's a torrent. It's just some files somewhere. Now whoever finds it should torrent it immeadiataly.

Wed, 07/08/2009 - 17:34 | Link to Comment Anonymous
Tue, 07/14/2009 - 19:58 | Link to Comment Anonymous
Tue, 07/14/2009 - 20:03 | Link to Comment Anonymous
Do NOT follow this link or you will be banned from the site!