Anonymous is claiming to have stolen 200GB worth of data, including e-mails and clients' credit card information, from a U.S.-based security think tank, the Associated Press reported today.
The hacking group also used Twitter to post a link to a list of clients apparently belonging to think tank Stratfor Global Intelligence.
"Not so private and secret anymore?" read one of numerous tweets from AnonymousIRC, a Twitter account linked to Anonymous.
This morning Stratfor's site was down. A notice reads: "Site is currently undergoing maintenance."
Anonymous also tweeted that it has "enough targets lined up to extend the fun fun fun of LulzXmas throught the entire next week." Lulz is a reference to a related hacking group known as Lulz Security.
Stratfor apparently said in an e-mail to members that it had suspended its servers and e-mail following a hack.
"We have reason to believe that the names of our corporate subscribers have been posted on other web sites," said the e-mail, which was obtained by the Associated Press via subscribers. "We are diligently investigating the extent to which subscriber information may have been obtained."
Anonymous claims it was able to steal the credit card data because it was unencrypted.
"If Stratfor would give a s--- about their subscriber info they wouldn't store CC/CCV numbers in cleartext, with corresponding addresses," according to one tweet.
Stratfor's long list of clients includes the U.S. Army, U.S. Air Force, and Miami Police Department, the AP reported.
~~~~~~~~~~~~~~~~~~~~~~~~~
LONDON (AP) — The loose-knit hacking movement "Anonymous" claimed Sunday to have stolen thousands of credit card numbers and other personal information belonging to clients of U.S.-based security think tank Stratfor. One hacker said the goal was to pilfer funds from individuals' accounts to give away as Christmas donations, and some victims confirmed unauthorized transactions linked to their credit cards.
Anonymous boasted of stealing Stratfor's confidential client list, which includes entities ranging from Apple Inc. to the U.S. Air Force to the Miami Police Department, and mining it for more than 4,000 credit card numbers, passwords and home addresses.
Austin, Texas-based Stratfor provides political, economic and military analysis to help clients reduce risk, according to a description on its YouTube page. It charges subscribers for its reports and analysis, delivered through the web, emails and videos. The company's main website was down, with a banner saying the "site is currently undergoing maintenance."
Proprietary information about the companies and government agencies that subscribe to Stratfor's newsletters did not appear to be at any significant risk, however, with the main threat posed to individual employees who had subscribed.
"Not so private and secret anymore?" Anonymous taunted in a message on Twitter, promising that the attack on Stratfor was just the beginning of a Christmas-inspired assault on a long list of targets.
Anonymous said the client list it had already posted was a small slice of the 200 gigabytes worth of plunder it stole from Stratfor and promised more leaks. It said it was able to get the credit card details in part because Stratfor didn't bother encrypting them — an easy-to-avoid blunder which, if true, would be a major embarrassment for any security-related company.
Fred Burton, Stratfor's vice president of intelligence, said the company had reported the intrusion to law enforcement and was working with them on the investigation.
Stratfor has protections in place meant to prevent such attacks, he said.
"But I think the hackers live in this kind of world where once they fixate on you or try to attack you it's extraordinarily difficult to defend against," Burton said.
Hours after publishing what it claimed was Stratfor's client list, Anonymous tweeted a link to encrypted files online with names, phone numbers, emails, addresses and credit card account details.
"Not as many as you expected? Worry not, fellow pirates and robin hoods. These are just the 'A's," read a message posted online that encouraged readers to download a file of the hacked information.
The attack is "just another in a massive string of breaches we've seen this year and in years past," said Josh Shaul, chief technology officer of Application Security Inc., a New York-based provider of database security software.
Still, companies that shared secret information with Stratfor in order to obtain threat assessments might worry that the information is among the 200 gigabytes of data that Anonymous claims to have stolen, he said.
"If an attacker is walking away with that much email, there might be some very juicy bits of information that they have," Shaul said.
Lt. Col. John Dorrian, public affairs officer for the Air Force, said that "for obvious reasons" the Air Force doesn't discuss specific vulnerabilities, threats or responses to them.
"The Air Force will continue to monitor the situation and, as always, take appropriate action as necessary to protect Air Force networks and information," he said in an email.
Miami Police Department spokesman Sgt. Freddie Cruz Jr. said that he could not confirm that the agency was a client of Stratfor, and he said he had not received any information about a security breach involving the police department.
Anonymous also linked to images online that it suggested were receipts for charitable donations made by the group manipulating the credit card data it stole.
"Thank you! Defense Intelligence Agency," read the text above one image that appeared to show a transaction summary indicating that an agency employee's information was used to donate $250 to a non-profit.
One receipt — to the American Red Cross — had Allen Barr's name on it.
Barr, of Austin, Texas, recently retired from the Texas Department of Banking and said he discovered last Friday that a total of $700 had been spent from his account. Barr, who has spent more than a decade dealing with cybercrime at banks, said five transactions were made in total.
"It was all charities, the Red Cross, CARE, Save the Children. So when the credit card company called my wife she wasn't sure whether I was just donating," said Barr, who wasn't aware until a reporter with the AP called that his information had been compromised when Stratfor's computers were hacked.
"It made me feel terrible. It made my wife feel terrible. We had to close the account."
Wishing everyone a "Merry LulzXMas" — a nod to its spinoff hacking group Lulz Security — Anonymous also posted a link on Twitter to a site containing the email, phone number and credit number of a U.S. Homeland Security employee.
The employee, Cody Sultenfuss, said he had no warning before his details were posted.
"They took money I did not have," he told The Associated Press in a series of emails, which did not specify the amount taken. "I think 'Why me?' I am not rich."
But the breach doesn't necessarily pose a risk to owners of the credit cards. A card user who suspects fraudulent activity on his or her card can contact the credit card company to dispute the charge.
Stratfor said in an email to members, signed by Stratfor Chief Executive George Friedman and passed on to AP by subscribers, that it had hired a "leading identity theft protection and monitoring service" on behalf of the Stratfor members affected by the attack. The company said it will send another email on services for affected members by Wednesday.
Stratfor acknowledged that an "unauthorized party" had revealed personal information and credit card data of some of its members.
The company had sent another email to subscribers earlier in the day saying it had suspended its servers and email after learning that its website had been hacked.
One member of the hacking group, who uses the handle AnonymousAbu on Twitter, claimed that more than 90,000 credit cards from law enforcement, the intelligence community and journalists — "corporate/exec accounts of people like Fox" News — had been hacked and used to "steal a million dollars" and make donations.
It was impossible to verify where credit card details were used. Fox News was not on the excerpted list of Stratfor members posted online, but other media organizations including MSNBC and Al-Jazeera English appeared in the file.
Anonymous warned it has "enough targets lined up to extend the fun fun fun of LulzXmas through the entire next week."
The group has previously claimed responsibility for attacks on credit card companies Visa Inc. and MasterCard Inc., eBay Inc.'s PayPal, as well as other groups in the music industry and the Church of Scientology.
~~~~~~~~~~~~~~~~~~~~~~~~~
While the rest of the world engaged in merriment and good cheer, hackers used the holidays to attack a United States research group that puts out a daily newsletter on security issues.
On Saturday, hackers who say they are members of the collective known as Anonymous claimed responsibility for crashing the Web site of the group, Stratfor Global Intelligence Service, and pilfering its client list, e-mails and credit card information in an operation they say is intended to steal $1 million for donations to charity. The hackers posted a list online that they say contains Stratfor’s confidential client list as well as credit card details, passwords and home addresses for some 4,000 Stratfor clients. The hackers also said they had details for more than 90,000 credit card accounts. Among the organizations listed as Stratfor clients: Bank of America, the Defense Department, Doctors Without Borders, Lockheed Martin, Los Alamos National Laboratory and the United Nations.
Pfc. Bradley Manning, a suspect
in information leaks.
The group also posted five receipts online that it said were of donations made with pilfered credit card details. One receipt showed a $180 donation from a United States Homeland Security employee, Edmund H. Tupay, to the American Red Cross. Another showed a $200 donation to the Red Cross from Allen Barr, a recently retired employee from the Texas Department of Banking. Neither responded to requests for comment.
Mr. Barr told The Associated Press that on Friday he discovered that $700 had been transferred from his account to charities including the Red Cross, Save the Children and CARE, but that he had not been aware that the transfer was tied to a breach of Stratfor’s site.
Stratfor executives did not return calls for comment on Sunday. In an e-mail to subscribers Sunday morning, Stratfor’s chief executive, George Friedman, confirmed that the company’s site had been hacked and said his company was working with law enforcement to track down the parties responsible.
“We have reason to believe that the names of our corporate subscribers have been posted on other Web sites,” Mr. Friedman wrote in the e-mail. “We are diligently investigating the extent to which subscriber information may have been obtained.”
The hackers took responsibility for the Stratfor attack on Twitter and said the attack would be the beginning of a weeklong holiday hacking spree. The breach was the latest in the online group’s ongoing campaign of computer attacks which, to date, has been aimed at MasterCard, Visa and PayPal as well as groups as diverse as the Church of Scientology, the Motion Picture Association of America and the Zetas, a Mexican crime syndicate.
The breach first surfaced on Saturday when hackers defaced Stratfor’s Web site with their own message. “Merry Lulzxmas!” the group wrote in a reference to Lulz Security, a hacking group loosely affiliated with Anonymous. “Are you ready for a week of mayhem?” By Sunday afternoon, the message had been replaced with a banner message that said: “Site is currently undergoing maintenance. Please check back soon.”
According to the hackers’ online postings, the group voted on what charities to contribute to. Among their choices were cancer and AIDS research, the American Red Cross, WikiLeaks and the Tor Project, a software that enables online anonymity.
Also according to their postings, the breach appears to have been conducted in retaliation for the arrest and imprisonment of Pfc. Bradley Manning, the Army intelligence analyst on trial on charges of leaking classified intelligence information and more than 250,000 diplomatic cables to WikiLeaks last year.
The attack was also likely intended to embarrass Stratfor, which specializes in intelligence and security. The hackers said they were able to obtain the credit card details because, they said, Stratfor had failed to encrypt them.
“The scary thing is that no matter what you do, every system has some level of vulnerability,” says Jerry Irvine, a member of the National Cyber Security Task Force. “The more you do from an advanced technical standpoint, the more common things go unnoticed. Getting into a system is really not that difficult.”
~~~~~~~~~~~~~~~~~~~~~~~~~
While the rest of the world engaged in merriment and good cheer, hackers used the holidays to attack a United States research group that puts out a daily newsletter on security issues.
On Saturday, hackers who say they are members of the collective known as Anonymous claimed responsibility for crashing the Web site of the group, Stratfor Global Intelligence Service, and pilfering its client list, e-mails and credit card information in an operation they say is intended to steal $1 million for donations to charity. The hackers posted a list online that they say contains Stratfor’s confidential client list as well as credit card details, passwords and home addresses for some 4,000 Stratfor clients. The hackers also said they had details for more than 90,000 credit card accounts. Among the organizations listed as Stratfor clients: Bank of America, the Defense Department, Doctors Without Borders, Lockheed Martin, Los Alamos National Laboratory and the United Nations.
The group also posted five receipts online that it said were of donations made with pilfered credit card details. One receipt showed a $180 donation from a United States Homeland Security employee, Edmund H. Tupay, to the American Red Cross. Another showed a $200 donation to the Red Cross from Allen Barr, a recently retired employee from the Texas Department of Banking. Neither responded to requests for comment.
Mr. Barr told The Associated Press that on Friday he discovered that $700 had been transferred from his account to charities including the Red Cross, Save the Children and CARE, but that he had not been aware that the transfer was tied to a breach of Stratfor’s site.
Stratfor executives did not return calls for comment on Sunday. In an e-mail to subscribers Sunday morning, Stratfor’s chief executive, George Friedman, confirmed that the company’s site had been hacked and said his company was working with law enforcement to track down the parties responsible.
“We have reason to believe that the names of our corporate subscribers have been posted on other Web sites,” Mr. Friedman wrote in the e-mail. “We are diligently investigating the extent to which subscriber information may have been obtained.”
The hackers took responsibility for the Stratfor attack on Twitter and said the attack would be the beginning of a weeklong holiday hacking spree. The breach was the latest in the online group’s ongoing campaign of computer attacks which, to date, has been aimed at MasterCard, Visa and PayPal as well as groups as diverse as the Church of Scientology, the Motion Picture Association of America and the Zetas, a Mexican crime syndicate.
The breach first surfaced on Saturday when hackers defaced Stratfor’s Web site with their own message. “Merry Lulzxmas!” the group wrote in a reference to Lulz Security, a hacking group loosely affiliated with Anonymous. “Are you ready for a week of mayhem?” By Sunday afternoon, the message had been replaced with a banner message that said: “Site is currently undergoing maintenance. Please check back soon.”
According to the hackers’ online postings, the group voted on what charities to contribute to. Among their choices were cancer and AIDS research, the American Red Cross, WikiLeaks and the Tor Project, a software that enables online anonymity.
Also according to their postings, the breach appears to have been conducted in retaliation for the arrest and imprisonment of Pfc. Bradley Manning, the Army intelligence analyst on trial on charges of leaking classified intelligence information and more than 250,000 diplomatic cables to WikiLeaks last year.
The attack was also likely intended to embarrass Stratfor, which specializes in intelligence and security. The hackers said they were able to obtain the credit card details because, they said, Stratfor had failed to encrypt them.
“The scary thing is that no matter what you do, every system has some level of vulnerability,” says Jerry Irvine, a member of the National Cyber Security Task Force. “The more you do from an advanced technical standpoint, the more common things go unnoticed. Getting into a system is really not that difficult.”
Credit to : Cnet,Yahoo,Google and NYTimes
0 comments:
Post a Comment