UPDATE: Anonymous is now denying responsibility. See update at the end of this post.
The goal was apparently to steal funds from individual accounts and give those funds away as Christmas donations. Some of the victims have confirmed unauthorized transactions linked to their credit cards.
Anonymous boasted yesterday of swiping Stratfor’s confidential client list, which includes entities like Apple, the U.S. Air Force, and the Miami Police Department. The group reportedly collected over 4,000 credit card numbers, passwords and home addresses.
Stratfor, which is based in Texas, provides political, economic, and military analysis to help clients reduce risk. The company’s main website was down this morning with a banner saying the “site is currently undergoing maintenance.”
“Not so private and secret anymore?” Anonymous tweeted, adding that the attack on Stratfor was just the initial stages of of a holiday season attack on a long list ofpotential targets.
Anonymous said the client list it had already posted was a mere sampling of the 200 gigabytes’ worth of data it hacked away from Stratfor and promised more leaks. The hackers claim they were able to obtain the data because Stratfor didn’t bother to encrypt the files, a major misstep for any security firm if true.
Fred Burton, Stratfor’s vice president of intelligence, said the company had reported the attack to law enforcement, adding that Stratfor has protections in place meant to prevent such attacks.
“But I think the hackers live in this kind of world where once they fixate on you or try to attack you it’s extraordinarily difficult to defend against,” Burton said.
Hours after publishing the first portion of the Stratfor list, Anonymous tweeted a link to encrypted files containing the data.
“Not as many as you expected? Worry not, fellow pirates and robin hoods. These are just the A’s,” read a message posted online.
Anonymous also linked to images of receipts for charitable donations made by the group manipulating the credit card info it had illegally obtained.
“Thank you! Defense Intelligence Agency,” read a message above one picture that showed a transaction indicating that an agency employee’s information was used to donate $250 to a non-profit organization.
Another receipt to the American Red Cross had Allen Barr‘s name on it.
Barr is recently retired from the Texas Department of Banking. He said he learned last week that $700 had been spent from his account. Barr said five transactions were made in total.
“It was all charities, the Red Cross, CARE, Save the Children. So when the credit card company called my wife she wasn’t sure whether I was just donating,” said Barr
“It made me feel terrible. It made my wife feel terrible. We had to close the account.”
Wishing everyone a “Merry LulzXMas”, perhaps a tribute to its off-shoot hacking collective known as Lulz Security, Anonymous also posted tweet linking to an site containing the email address, phone number, and credit number info of a U.S. Homeland Security employee.
The employee, Cody Sultenfuss, said he had no warning before his details were posted.
Here is Stratfor’s official statement regarding the hack:
“On December 24th an unauthorized party disclosed personally identifiable information and related credit card data of some of our members. We have reason to believe that your personal and credit card data could have been included in the information that was illegally obtained and disclosed.“Also publicly released was a list of our members which the unauthorized party claimed to be Stratfor’s ‘private clients.’ Contrary to this assertion the disclosure was merely a list of some of the members that have purchased our publications and does not comprise a list of individuals or entities that have a relationship with Stratfor beyond their purchase of our subscription-based publications.“We are also working to restore access to our website and continuing to work closely with law enforcement regarding these matters. We will continue to update you regarding the status of these matters.”
UPDATE: Anonymous has issued a statement denying that they are responsiblefor the attack.
“The Stratfor hack is not the work of Anonymous. Stratfor is an open source intelligence agency, publishing daily reports on data collected from the open Internet. Hackers claiming to be Anonymous have distorted this truth in order to further their hidden agenda, and some Anons have taken the bait,” the group claimed in an online statement.
“The leaked client list represents subscribers to a daily publication which is the primary service of Stratfor. Stratfor analysts are widely considered to be extremely unbiased. Anonymous does not attack media sources.”
Anonymous says Stratfor has been deliberately misrepresented by “these so-called Anons” and portrayed in false light as a company which engages in activity similar to HBGary.
“Sabu (of LulzSec) and his crew are nothing more than opportunistic attention whores who are possibly agent provocateurs… As a media source, Stratfor’s work is protected by the freedom of press, a principle which Anonymous values greatly. This hack is most definitely not the work of Anonymous,” the group added.
0 comments:
Post a Comment