'Anonymous' hackers target U.S. security think tank
The loose-knit hacking movement "Anonymous" claimed Sunday to have stolen thousands of credit-card numbers and other personal information belonging to clients of U.S.-based security think tank Stratfor.
The Associated Press
LONDON — The loose-knit hacking movement "Anonymous" claimed Sunday to have stolen thousands of credit-card numbers and other personal information belonging to clients of U.S.-based security think tank Stratfor. One hacker said the goal was to pilfer funds from individuals' accounts to give away as Christmas donations, and some victims confirmed unauthorized transactions linked to their credit cards.
Anonymous boasted of stealing Stratfor's confidential client list, which includes a range of entities from banks to Apple to the U.S. Air Force to the Miami Police Department, and mining it for more than 4,000 credit-card numbers, passwords and home addresses.
"Not so private and secret anymore?" the group taunted in a message on Twitter, promising that the attack on Stratfor was just the beginning of a Christmas-inspired assault on a long list of targets.
Anonymous said the client list it posted was a small slice of the 200 gigabytes worth of plunder it stole from Stratfor and promised more leaks. It said it was able to get the credit details in part because Stratfor didn't bother encrypting them — an easy-to-avoid blunder which, if true, would be a major embarrassment for any security-related company.
Austin, Texas-based Stratfor provides political, economic and military analysis to help clients reduce risk, according to a description on its YouTube page. It charges subscribers for its reports and analysis, delivered through the Web, emails and videos.
Lt. Col. John Dorrian, public-affairs officer for the Air Force, said that "for obvious reasons" the Air Force doesn't discuss specific vulnerabilities, threats or responses to them.
Miami Police Department spokesman Sgt. Freddie Cruz Jr. said that he could not confirm that the agency was a client of Stratfor. He said he had not received any information about any security breach involving the police department.
It soon became clear that proprietary information about the companies and government agencies that subscribe to Stratfor's newsletters did not appear to be at any significant risk, and that the main threat was posed to individual employees.
Hours after publishing what it claimed was Stratfor's client list, Anonymous tweeted a link to encrypted files online with the names, addresses and account details.
One receipt — to the American Red Cross — had Allen Barr's name on it.
Barr, of Austin, Texas, recently retired from the Texas Department of Banking and said he discovered last Friday that a total of $700 had been spent from his account. Barr, who has spent more than a decade dealing with cybercrime at banks, said five transactions were made in total.
"It was all charities, the Red Cross, CARE, Save the Children. So when the credit-card company called my wife she wasn't sure whether I was just donating," said Barr, who wasn't aware until a reporter with the AP called that his information had been compromised when Stratfor's computers were hacked.
Stratfor said in an email to members that it had suspended its servers and email after learning that its website had been hacked.
"We have reason to believe that the names of our corporate subscribers have been posted on other web sites," said the email, passed on to The Associated Press by subscribers. "We are diligently investigating the extent to which subscriber information may have been obtained."
The email, signed by Stratfor Chief Executive George Friedman, said the company is "working closely with law enforcement to identify who is behind the breach."
Repeated calls to Stratfor went unanswered Sunday and an answering machine thanked callers for contacting the "No. 1 source for global intelligence." Stratfor's website was down, with a banner saying "site is currently undergoing maintenance."
Wishing everyone a "Merry LulzXMas" — a nod to its spinoff hacking group Lulz Security — Anonymous also posted a link on Twitter to a site containing the email, phone number and credit number of a U.S. Homeland Security employee.
The employee, Cody Sultenfuss, said he had no warning before his details were posted.
"They took money I did not have," he told The Associated Press in a series of emails, which did not specify the amount taken. "I think why me? I am not rich."
Trending on seattletimes.com
Most viewed photo galleries
The Morning Memo
The Morning Memo jump starts your day with weather, traffic and news
Career Center Blog
Sign up for our newsletter
Get creative suggestions for making your house a home weekly in your inbox!