US security firm Stratfor’s Website was
compromised over Christmas by the Anonymous group of hackers as part of a
“Robin Hood” rampage. Named LulzXmas, the campaign is aimed at robbing
the rich “one percent” and giving to the poor “99 percent”.The Stratfor
site went offline on 24 December and the company’s clients whose names,
addresses and payment card details were published online by Anonymous
were notified of their exposure.Charity Donations Anonymous has claimed
to have stolen $1m (£649,000) from the compromised accounts and to have
deposited the money with charities. A faction of Anonymous has posted
screenshots of money being transferred to the Red Cross, Save the
Children, and Care.Many of Stratfor’s customers are major companies and
government agencies, including the US Department of Defense. The Bank of
America, and Lockheed Martin – which was itself the victim of hackers
earlier this year.Other companies affected by the intrusion are said to
include Google, Microsoft, Sony, Coca-Cola, Boeing and American Express,
according to Anonymous’ postings.
Although Stratfor’s Website remains
offline, it has used its Facebook page to update its clients and denies
that the companies mentioned by Anonymous are actual clients.“Also
publicly released was a list of our members which the unauthorised party
claimed to be Stratfor's ‘private clients’. Contrary to this assertion,
the disclosure was merely a list of some of the members that have
purchased our publications and does not comprise a list of individuals
or entities that have a relationship with Stratfor beyond their purchase
of our subscription-based publications,” the company wroteFree ID
protection offered Stratfor has responded by providing compromised
clients with a free year of identity protection services provided by
CSID. The Global ID Protector service monitors criminal Web pages, chat
rooms, bulletin boards and other online forums for compromised personal
information. When illegal activity is detected, such as the trading or
selling of personal information online, the service notifies the
affected subscriber and provides instructions on how to prevent further
exposure and fraudulent actions.In a letter to subscribers, Stratfor CEO
George Friedman said, “We deeply regret that this event has occurred,
and we are working to prevent it from happening again. Our highest
concern is the impact that this has had on you, our loyal members and
friends … Please take advantage of this service.”Friedman added that the
site will remain closed for the foreseeable future; "As part of our
ongoing investigation, we have also decided to delay the launching of
our Website until a thorough review and adjustment by outside experts
can be completed."The embarrassment is not over for Stratfor if
Anonymous makes good its threat to reveal emails stolen during the
attack. These will expose more of Stratfor’s customers and show that
Stratfor “is not the ‘harmless company’ it tries to paint itself as.
You'll see in those emails,” Anonymous warned.According to a Pastebin
statement posted yesterday: “It's time to dump the full 75,000 names,
addresses, CCs [credit cards] and md5 hashed passwords to every customer
that has ever paid Stratfor. But that's not all: we're also dumping
~860,000 usernames, email addresses, and md5 hashed passwords for
everyone who's ever registered on Stratfor's site.”The hacker group is
planning more exploits for New Year's Eve: "On this date, we will be
launching our contributions to project mayhem by attacking multiple law
enforcement targets from coast to coast."
No comments:
Post a Comment