Anonymous Hackers Plunder Top US Security Think Tank
The "Anonymous" hacking group gave U.S. global intelligence firm Stratfor a big batch of Christmas coal by infiltrating the company's network and stealing thousands of emails and credit card details from its high-profile clients, with the goal of raiding the stolen accounts and donating $1 million to charity.
The hackers claimed they stole 200 gigabytes of private emails, as well as the credit card details of more than 90,000 clients of Strategic Forecasting, Inc., (Stratfor) an Austin, Texas-based research firm that advises top companies and government agencies on security, economic, business and political affairs.
Merry "LulzXmas"
On Dec. 24, after announcing the "LulzXmas" breach on its Twitter feed, Anonymous posted what it claims is a list of about 4,000 Stratfor clients, including AIG, Boeing, Chevron, Deutsche Bank, Bank of America, Wells Fargo and several international embassies and universities.
"Greetings Global Pirates," Anonymous wrote in a Pastebin post. "We truly hope that you've been enjoying the Lulzxmas festivities so far. The gifts that AnonSanta left under the LulzXmas tree are just the beginning. As we speak, his little helpers at the North Pole are readying his battle sleigh of lulz with more goodies to bring you LulzXmas joy all week long. Joy in the form of over $500,000 being expropriated from the bigshot clients of Stratfor. You didn't think we'd let 2011 end without a BANG, did you?"
The breach list also includes General Electric, Goldman Sachs, Google, the Defense Department, the United Nations, Western Union, HSBC, Lockheed Martin, Raytheon, World Bank, Sony, TD Bank and the U.S. Army, Navy, Air Force and Marines.
Robin Hood
The New York Times reported that Anonymous harvested more than 90,000 credit card accounts from Stratfor members. Anonymous plans to use the stolen credit card numbers to donate to charity; the group posted five receipts on Pastebin that appear to be from donations to groups including Save the Children and the Red Cross, all made with stolen credit cards. Stratfor's website is currently down.
Anonymous warns that the Stratfor hack is the beginning of a weeks-long campaign of chaos.
"Remember, #LulzXmas festivities will continue all week," the group wrote on Twitter. "We will continue to diligently report on the work of dedicated Anons. Stay tuned!"
Anonymous wants transparency
Besides the "Robin Hood" component of the breach, Anonymous says it instigated the hack to shine a light on just how poorly major corporations, with high-profile clients and millions of dollars in the mix, deal with basic security issues.
On its YourAnonNews Twitter feed, Anonymous said Stratfor did not securely encrypt its clients' customer payment information in its database. "Went through the password hashes available in the pastebin," Anonymous wrote on Twitter. "Some senior officials at Stratfor use passwords like 'stratfor...'"
Anonymous' unofficial spokesperson, Barrett Brown, wrote that Stratfor was targeted not for credit card details, but instead for its ties with major companies in the government and intelligence sectors that Anonymous sees as enemies of transparency. Such an enemy is the military consulting firm Booz Allen Hamilton , who Anonymous attacked in July after it discovered that the firm was working with the Justice Department and Bank of America to discredit WikiLeaks.
On Pastebin, Brown wrote that Anonymous launched the attack to continue its ongoing "movement against transparency and individual liberty."
"The e-mails obtained before Christmas Day will vastly improve our ability to continue that investigation and thereby bring to light other instances of corruption, crime, and deception on the part of certain powerful actors based in the U.S. and elsewhere."
- SecurityNewsDaily's Most-Read Storles of 2011
- Liberal Pranksters Toy With NewtGingrich.com
- 2012 Best Anti-Spyware Software Reviews
