The notorious hacker group called Anonymous is claiming another successful hacking last Sunday. This time, its victim is the Stratfor Global Intelligence, a security think tank based in Austin, Texas. Anonymous proudly claims to have siphoned off 200GB of data that included emails and credit card information from employees of Stratfor clients.
Anonymous has twitted a link to a partial listing of individual names presumably from the clients of Stratfor. One of the tweets from an Anonymous IRC linked to the hacker group’s account read, “Not so private and secret anymore?”
The morning after saw the Stratfor’s website down with a notice that reads, “Site is currently undergoing maintenance.” Acknowledging that the intrusion has compromised personal information, the think tank has sent e-mails to members saying it has temporarily shut down its servers and e-mail facility.
The hacker group boasted that its loot contained high profile clients like Apple Inc., the U.S. Air Force, and Miami Police Department. It is mining the hacked data of more than 4,000 credit card numbers that includes 90,000 from law enforcers, journalists and executives from the likes of Fox News. One Anonymous hacker intimated the information would be used to fulfill the group objective of pilfering funds from these accounts to serve as Christmas donations. And indeed, as of this time, several victims have reported unauthorized transactions in their credit cards.
Anonymous also tweeted that there are “enough targets lined up to extend the fun fun fun of LulzXmas for the entire next week,” referring to Lulz Security which is another hacking group.
Stratfor has been providing risk reduction and management services to economic, political, and military clients and charges them for analytical reports delivered through emails, the web, and videos. Sensitive information about Stratfor’s government agencies and companies did not appear compromised but the haul of credit card data poses a risk to the individual employees working for these clients who had used them to officially subscribe.
Once again, Anonymous adds insult to injury. Claiming that it was able to get hold of the credit card details because Stratfor apparently failed to encrypt them – a blunder that was easy to avoid, Anonymous twitted that “If Stratfor would give a s— about their subscriber info they wouldn’t have stored CC/CCV data in clear text, with corresponding personal addresses.” If true, Stratfor faces a monumental embarrassment for a security-related company.