Wednesday, July 8, 2009

Phishing Out The Goldman Code Fishers

Still out in the boonies, so a few more days without extended analysis. In the meantime, some more amusement on GoldmanGate: Cryptogon has created a piece of html code that Google queries latch on to when searching for "Goldman Sachs Code Torrent", allowing the sysadmin to track which IPs and firms are querrying this keyword. Interesting results. From the website:

I have not seen as much activity from Goldman Sachs as I thought I would on
my little honey pot. This is all so far. Then again, this hasn’t even been up 24
hours yet:

204.4.131.140 2009-07-07 12:01:17
/?paged=2
Referrer: http://www.google.com/search?hl=en&rls=com.microsoft%3A*&q=Mr.+Aleynikov+strat&aq=f&oq=&aqi=
Hostname: cflodc1.gs.com*
SEARCH ENGINE: Google (page: 1)*
KEYWORDS: Mr. Aleynikov strat

Other interesting visits:
Citadel Investment Group
64.22.160.1 2009-07-07 11:53:59
/?p=9712
Referrer: Direct hit
Hostname: cit1.citadelgroup.com

InfoNgen is the first Discovery Engine for business, finance and information professionals that knows what’s critical to you. Extracts relevant and timely information buried on the web, within emails, in desktop documents or on network drives. Identifies trends and connections between topics, companies or products that might not otherwise be apparent. And delivers results in real time.

63.87.234.186 2009-07-07 05:12:58
/?p=9712
Referrer: Direct hit
Hostname: host186.infongen.com

Batterymarch is a global equity specialist, investing in approximately 50 countries for clients around the world. Our unique quantitative strategies combine the power of technology with the wisdom of experienced fundamental investors.

199.58.12.24 2009-07-07
21:12:51
/?p=9712
Referrer: http://www.google.com/reader/view/
Hostname: smtp.batterymarch.com

U.S. Army

128.190.125.2 2009-07-07 17:59:55
/?p=9712
Referrer: Direct hit
Hostname: wks125-2.belvoir.army.mil

Clough Capital

74.201.46.1 2009-07-07 17:38:18
/?p=9712
Referrer: Direct hit
Hostname: host1.cloughcapital.com

Microsoft

131.107.0.101 2009-07-07 17:09:44
/?p=9712
Referrer: From your blog
Hostname: tide531.microsoft.com

The Benefit Company

66.184.209.18 2009-07-07 16:20:15
/?p=9712
Referrer: Direct hit
Hostname: 66.184.209.18

At ECBridge™, we know that information is the lifeblood of today’s business. Our experienced, international team helps clients plan, implement and manage innovative e-business solutions. We can help your firm gain competitive advantage, by extending the reach of your company’s information.

207.111.251.165 2009-07-07 16:12:14
/?p=9712
Referrer: Direct hit
Hostname: mail.ecbridge.com

New York City Police Department

206.212.185.216 2009-07-07 12:49:12
/?p=9712
Referrer: From your blog
Hostname: 206.212.185.216

City of Houston

204.235.227.149 2009-07-07 12:05:43
/?p=9712Referrer: From your blog
Hostname: 204.235.227.149

Note: U.S. Department of Homeland

Security is obsessed with this post, and with Cryptogon, today. There are at least a couple of DHS employees who read Cryptogon as a matter of routine, but the activity over the last 24 hours shows 10 visits, 43 page views from five different hosts/IPs:

sbcp5.dhs.gov 204.248.24.164
bcp1.cbp.dhs.gov 63.167.255.151
bcp3.cbp.dhs.gov 63.167.255.153
sbcp6.dhs.gov 204.248.24.165
sbcp3.dhs.gov 204.248.24.162


Not sure how long Cryptogon will be able to keep this page up, so check it out while you can. And let other comparable games begin.

hat tip Dora Sphere: Related Content
Print this post
blog comments powered by Disqus