A group claiming to be a faction of "hactivist" organization Anonymous infiltrated the Web site of a U.S. intelligence analysis firm and stole thousands of credit card numbers, site passwords and home addresses.
Strategic Forecast Chief Executive and founder George Friedman confirmed the hack on Christmas Day and warned that some members who had spoken out against the attack on Facebook were at risk of having their personal data published repeatedly on other Web sites. "In order to protect yourselves, we recommend taking security precautions when speaking out on Facebook or abstaining from it altogether." The Austin, Texas-based firm took its Web site offline and the site remained down on Monday. Stratfor used Facebook to provide updates to members.
A group calling itself Antisec and claiming to be part of Anonymous said on the message site Pastebin that it had posted 4,000 credit cards, passwords and home addresses of Stratfor's private client list, which includes the U.S. Defense Department, Army, Air Force, law enforcement, major security contractors and technology firms, including Apple and Microsoft, according to media reports. Friedman denied the group had stolen information on Stratfor's private clients, saying the data applied to some members that had purchased the firm's publications.
How much information was stolen is not clear. Stratfor has declined to discuss the hack in detail, because it is under investigation by law enforcement. Antisec has said it has much more data that will be released in the future, including 2.7 million emails. Security firm F-Secure reported Monday that the group posted a second list of more than 13,000 credit card numbers. The hackers claim all the information taken was unencrypted, which would be an embarrassment for Stratfor, if true.
Giving a Robin Hood twist to the break in, the hackers posted receipts of donations made to charities using Stratfor members' credit cards. Recipients included the Red Cross, Care, Save The Children and African Child Foundation. While stealing from the rich to give to the poor may sound benevolent, the stunt may end up costing the charities. Unauthorized charges usually result in a chargeback by credit card companies.
"In some cases, charities could be hit with penalties," Mikko Hypponen, chief research officer for security vendor F-Secure, said Monday in the company's blog. "At the very least, they will lose time and money in handling the chargebacks."
Besides making charity contributions, the hackers called for the release of Bradley Manning, the disaffected Army soldier accused of providing reams of classified information to whistleblower site WikiLeaks.
The hackers' claim of being part of Anonymous was challenged Sunday. In a press release posted on Pastebin, a group claiming to be the real Anonymous denied any involvement in the Stratfor hack. "This hack is most definitely not the work of Anonymous," the release said.
Anonymous is not believed to be a single group of hackers, but a loose alliance of many groups. The organization has taken credit for many hacks, including some retaliatory attacks on companies Anonymous deemed as enemies of WikiLeaks. In August, Anonymous took credit for defacing the Syrian Ministry of Defense Web site in retaliation for the government crackdown on protesters.