EMAIL SIGN UP!
Most Popular This Week
- Corporate Win: Supreme Court Says Monsanto Has 'Control Over Product of Life'
- How the US Turned Three Pacifists into Violent Terrorists
- Cornel West: Obama 'Is a War Criminal'
- Revealed: How US State Department 'Twists Arms' on Monsanto's Behalf
- Victory in Seattle as Teachers Win Battle in Standardized Test Boycott
Popular content
Today's Top News
'Anonymous' Claims to Steal Security Think Tank Stratfor's Client List
The hacking movement Anonymous says it will mine the client list for credit card numbers and use them to make charitable donations.
The loose-knit hacking movement Anonymous claims to have stolen thousands of credit card numbers and other personal information belonging to clients of US-based security thinktank Stratfor. One hacker said the goal was to pilfer funds from individuals' accounts to give away as Christmas donations, and some victims confirmed unauthorized transactions linked to their credit cards.
A screenshot of the Stratfor's site on Christmas Day. Anonymous claimed Sunday to have stolen thousands of credit card numbers and other personal information belonging to clients of the security think tank. Anonymous boasted of stealing Stratfor's confidential client list – which includes entities including Apple, the US air force and the Miami police department – and mining it for more than 4,000 credit card numbers, passwords and home addresses.
Stratfor – based in Austin, Texas – provides political, economic and military analysis to help clients reduce risk, according to a description on its YouTube page. It charges subscribers for its reports and analysis, delivered through the web, emails and videos. The company's main website was down on Sunday, with a banner saying the "site is currently undergoing maintenance".
Proprietary information about the companies and government agencies that subscribe to Stratfor's newsletters did not appear to be at any significant risk, however, with the main threat posed to individual employees who had subscribed.
"Not so private and secret anymore?" Anonymous taunted in a message on Twitter, promising that the attack on Stratfor was just the beginning of a Christmas-inspired assault on a long list of targets.
Anonymous said the client list it had already posted was a small slice of the 200 gigabytes worth of plunder it stole from Stratfor, and promised more leaks. It said it was able to get the credit card details in part because Stratfor didn't bother encrypting them – an easy-to-avoid blunder which, if true, would be a major embarrassment for any security-related company.
Fred Burton, Stratfor's vice president of intelligence, said the company had reported the intrusion to law enforcement and was working with them on the investigation.
Stratfor has protections in place meant to prevent such attacks, he said.
"But I think the hackers live in this kind of world where once they fixate on you or try to attack you it's extraordinarily difficult to defend against," Burton added.
Hours after publishing what it claimed was Stratfor's client list, Anonymous tweeted a link to encrypted files online with names, phone numbers, emails, addresses and credit card account details.
"Not as many as you expected? Worry not, fellow pirates and robin hoods. These are just the 'A's," read a message posted online that encouraged readers to download a file of the hacked information.
The attack is "just another in a massive string of breaches we've seen this year and in years past," said Josh Shaul, chief technology officer of Application Security, a New York-based provider of database security software.
Still, companies that shared secret information with Stratfor in order to obtain threat assessments might worry that the information is among the 200 gigabytes of data that Anonymous claims to have stolen, he said.
"If an attacker is walking away with that much email, there might be some very juicy bits of information that they have," Shaul said.
Lieutenant Colonel John Dorrian, public affairs officer for the US air force, said that "for obvious reasons" it doesn't discuss specific vulnerabilities, threats or responses to them.
"The air force will continue to monitor the situation and, as always, take appropriate action as necessary to protect networks and information," he said in an email.
A Miami police department spokesman said he could not confirm that the agency was a client of Stratfor, adding he had not received any information about a security breach involving the police department.
Anonymous also linked to images online that it suggested were receipts for charitable donations made by the group manipulating the credit card data it stole.
"Thank you! Defense Intelligence Agency," read the text above one image that appeared to show a transaction summary indicating that an agency employee's information was used to donate $250 to a non-profit organization.
One receipt – to the American Red Cross – had Allen Barr's name on it.
Barr, of Austin, Texas, recently retired from the Texas Department of Banking and said he discovered last Friday that a total of $700 had been spent from his account. Barr, who has spent more than a decade dealing with cybercrime at banks, said five transactions were made in total.
"It was all charities, the Red Cross, CARE, Save the Children. So when the credit card company called my wife she wasn't sure whether I was just donating," said Barr, who wasn't aware until a reporter with the AP called that his information had been compromised when Stratfor's computers were hacked.
"It made me feel terrible. It made my wife feel terrible. We had to close the account."
Wishing everyone a "Merry LulzXMas" – a nod to its spinoff hacking group Lulz Security – Anonymous also posted a link on Twitter to a site containing the email, phone number and credit card number of a US Homeland Security employee.
The employee, Cody Sultenfuss, said he had no warning before his details were posted.
"They took money I did not have," he told the Associated Press in a series of emails, which did not specify the amount taken. "I think 'Why me?' I am not rich."
But the breach doesn't necessarily pose a risk to owners of the credit cards. A card user who suspects fraudulent activity on his or her card can contact the credit card company to dispute the charge.
Stratfor said in an email to members that it had suspended its servers and email after learning that its website had been hacked.
"We have reason to believe that the names of our corporate subscribers have been posted on other web sites," said the email, signed by Stratfor Chief Executive George Friedman and passed on to AP by subscribers. "We are diligently investigating the extent to which subscriber information may have been obtained."
"Stratfor's relationship with its members and, in particular, the confidentiality of their subscriber information, are very important to Stratfor and me," Friedman wrote.
One member of the hacking group, who uses the handle AnonymousAbu on Twitter, claimed that more than 90,000 credit cards from law enforcement, the intelligence community and journalists – "corporate/exec accounts of people like Fox" News – had been hacked and used to "steal a million dollars" and make donations.
It was impossible to verify where credit card details were used. Fox News was not on the excerpted list of Stratfor members posted online, but other media organizations including MSNBC and Al-Jazeera English appeared in the file.
Anonymous warned it has "enough targets lined up to extend the fun fun fun of LulzXmas through the entire next week".
Comments
Note: Disqus 2012 is best viewed on an up to date browser. Click here for information. Instructions for how to sign up to comment can be viewed here. Our Comment Policy can be viewed here. Please follow the guidelines. Note to Readers: Spam Filter May Capture Legitimate Comments...
38 Comments so far
Show AllWill the War Profiteers be demanding the return of Tiny Tim's crutches?
No, they will just extort as much money as they can from Tiny Tim until he starves to death at which point he won't need crutches.
Send in the drones. Now remember, if any bystanders or Children are killed in a US Air strike on a neighborhood in Virginia, they are merely collateral damage and the US Government is "defending Americans rights and liberties" by killing members of anonymous.
The parents of the children killed in a drone strike would be blamed, and held responsible, should they happen to survive, and would no doubt be charged with murder for involving their children in activities that would put them in harm's way.
"harm's way"
So, you are saying that not only is it OK for the USG to murder people, but that when the USG murders people who happen to be nearby it is the victim's fault?
Irony - the use of words to convey a meaning that is the opposite of its literal meaning:
Gaaah, that's what I get for reading and responding way too fast and, jumping to a conclusion in the process.
My sincere apologies to shadre.
Apology accepted, alternate_id. We all make that mistake on occasion - we're only human.
too funny
thank you for this incredibly valuable exchange! Occupy instances of way-too-fast mis-interlocution!
You beat me to it...lol
Thank you, locust, and others. I forget that not everyone "gets" irony.
If what Anonymous claims to be true in that Stratfor did not bother to encrypt credit card details of their customers (which is a basic requirement of any business large or small doing commerce on the web), then it speaks quite badly of the supposed 'security' think tank. Just as producing shoddy wares is the kiss of death for a luxury goods manufacturer, so is being lazy and cheap enough not to put in the relatively simple step of encryption software for processing card transactions for a firm that markets itself as a 'security think tank.' What the antics of Anonymous has pointed out time and again is that not only are the enemies of progressives fascists, but incompetent and greedy as well. This should disturb progressives to the bone, for there are plenty of examples of countries ruled by greedy and incompetent fascists -- it is called the Third World.
We are all the third world now...
Hear! Hear! Well typed! I boycott Sony.
"Stratfor didn't bother encrypting them – an easy-to-avoid blunder which, if true, would be a major embarrassment for any security-related company."
If this is true, given the ease by which info is encrypted, it is the epitome of corporate negligence and stupidity.
If this is not true, and the info was encrypted and successfully hacked, then present day encryption is worthless.
"The House Judiciary Committee held hearings on SOPA [Stop Online Piracy Act - designed to censor the internet] on November 16 and December 15, 2011. The Committee is scheduled to continue debate when Congress returns from its winter recess." - wikipedia
It is possible, though I think not probable, that there was no break-in, and that this story is an elaborate fiction, designed to enhance the chances that SOPA will be passed into law.
".....the info was encrypted and successfully hacked, then present day encryption is worthless."
Not necessarily so. There are many different levels of encryption strength. If you want strong encryption, then it will cost more money than weak encryption. Encryption strength fills a broad spectrum, from weak shareware programs downloaded from the internet for $10, to filling large departments of PhD mathematicians with multi-million-dollar supercomputers.
I suspect that Stratfor invested in the "$10" kind.
They got what they paid for. Anonymous fully understands the capitalist system.
"It is possible, though I think not probable, that there was no break-in, and that this story is an elaborate fiction, designed to enhance the chances that SOPA will be passed into law. "
Point to consider. But this is not really an act of "piracy". And SOPA is not going to do anything to stop groups like "Anonymous". The credit card numbers weren't copyrighted works and the donations made by Anonymous weren't counterfeit goods.
It seems like the Anonymous donations to charity is all small change given the "size" of the credit-card owners. One would think that Stratfor's peace-and-freedom-loving clients made these kinds of donations every year.
I want to see the list of names of Stratfor subscribers who tell the credit card agencies to stop payment on the Anonymous donations.
"One would think that Stratfor's peace-and-freedom-loving clients made these kinds of donations every year. "
One would be mistaken wouldn't they? I'd like to see that list as well.
Something is strange here. Why would someone about to make illegal use of credit card information announce it up front?
In order to expose a security company which apparently provides no security.
OK - that makes sense. Thanks.
I was aghast at the people being "SAD" that they had donated to the Red Cross and CARE. And there is something fishy about Cody's whining.
Anon gets the Monkey Wrench award.
Hey Stonepig,
You've coined a great one there!
The esteemed CD Monthly "Monkeywrench Award". God I love it. I think you're really on to something here. How about it anon hackers? Can you raise Goldman ShitSac Blankfien's credit rating and distribute all that money he stole from bailouts back to the charities?
Now a second blockbuster like that's going to get you nominated for another coveted "Monkey Wrench Award" in the CD Robin Hood Category.
Encore!
TJ
"They took money I did not have," he told the Associated Press in a series of emails, which did not specify the amount taken. "I think 'Why me?' I am not rich."
The rhetorical mirror question of the year - Homeland Security
Quis custodiet ipsos custodes?
I am thinking a whole new industry will crop up espousing to do just that. Afterall with smaller government the task will have to be outsourced. I wouldn't be surprised if Stratfor spun off a subsidary to do just that.
ABC News (Owned by Capital Cities/ Disney) has quite a piece of propaganda on the front page of their website today. Including an article called something like "What To Do When Anonymous Comes After You."
Common dreams? AP?!!!
It made me feel terrible. It made my wife feel terrible. We had to close the account. Yes, Mr. Barr and his wife feel so terrible that they will contact their credit card company and get the charges on their credit card for the donations expunged. Then they will claim the charitable donations on their federal and state tax returns anyway. Yep, they feel really terrible!
I wonder how many others won't have the chutzpah to retract the donations. Or will feel pressured into actually making donations after they retract the "anonymously" made ones. Either way the charitable organizations stand to profit. Bravo!
If I understand how it works, then the only ones who will end up paying are the credit card companies in time and efforts to cancel and reissuing new credit cards to everyone on the list and perhaps get stung for a few legit charges as well.
Which reminds me of an article I read earlier elsewhere that the Italian government is going to ban the use of cash over a relatively small amount in many if not most transactions, "Prime Minister Mario Monti, in office just over a month, wants landlords, plumbers, electricians and small businesses to stop conducting large transactions in cash, which critics say helps them evade taxes. The government on December 4 reduced the maximum allowed cash payment to €1,000 from €2,500."
(SMCP "Italian tax crackdown aims to cut cash habit
New PM focuses on curtailing evasion as one way to reduce country's €1.9 trillion debt
Bloomberg in Rome and Milan
Dec 27, 2011 ")
"The government on December 4 reduced the maximum allowed cash payment to €1,000 from €2,500."" How exactly do they plan on enforcing that if they can't enforce their tax laws?
Just instills all kinds of confidence in the booming private intelligence/security industry that is subsidized with tax payer dollars doesn't it?
""But I think the hackers live in this kind of world where once they fixate on you or try to attack you it's extraordinarily difficult to defend against," Burton added."
Doesn't this company live in the same world? Aren't they supposed to be accessing and reducing those risks for their clients? Or do they live in a parallel universe?
Just heard a "news" report on ABC reporting on the incident depicting "anonymous" as a "loosely knit group". Had to laugh. Just the way they tried to discredit OWS. Perhaps Stratfor should be as "loosely knit"? But no, they are "supposedly" a credible corporate security presence. I wonder how many in the media or Washington have stock in Stratfor? Would be a number I'd be interested in.
Just reread this article and it starts with the same line:
"The loose-knit hacking movement Anonymous "
Would appear everyone uses the same writers.
We need a similar group that'll mess up electronic payments to large defense contractors (can you say KBR or Blackwater?) who are ripping off the taxpayer. and make them wait many years to get their money. That would be hilarious.