Breach, Data Security, Threat Management

Anonymous shreds intelligence firm Stratfor in latest hack

In what may be its most devastating attack since HBGary, the Anonymous hacktivist collective rooted the database of security intelligence firm Stratfor to plunder a claimed 200 gigabytes of data.

As of Sunday afternoon, Stratfor's website was offline for maintenance, and Anonymous was posting to Pastebin samples of its booty, including Stratfor's extensive client list -- which consists of many major companies and law enforcement agencies -- and stolen credit card information belonging to members.

One of Anonymous' most visible members, Sabu, said on Twitter that the group pilfered some 90,000 credit card numbers, which were purportedly used to make about a million dollars in donations to charities. Some security experts, however, expressed doubt that the recipients would be able to keep the money because of the fraud involved.

Most embarrassing, it appears Stratfor failed to encrypt any of its credit card information, despite promises "to maintain safeguards to protect the security of these servers and your personally identifiable information," according to its privacy policy.

Statfor specializes in "strategic intelligence on global business, economic, security and geopolitical affairs," according to the company. Stratfor may have drawn the ire of Anonymous after it warned that the group may suffer consequences for its plan to expose the personal details of individuals associated with the dangerous Zetas drug cartel.

On Sunday, Stratfor's CEO turned to Facebook to apologize.

"Stratfor's relationship with its members and, in particular, the confidentiality of their subscriber information, are very important to Stratfor and me," said a note posted by CEO George Friedman. "We are working closely with law enforcement in their investigation and will assist them with the identification of the individual(s) who are responsible."

It is unclear the extent of data Anonymous stole in the attack, though it appears the intruders may control a trove of sensitive emails. Nick Selby, a police officer and principal of Police Led Intelligence, said in a blog post Saturday that if classified information was stolen, the impact of the hack will be much larger.

The ambush brought back memories of Anonymous' assault in January on HBGary and now-defunct security services firm HBGary Federal, when it published some 50,000 corporate emails, some of which revealed shady doings.

Anonymous, as part of a campaign known as "LulzXmas," vowed that the Stratfor compromise is just the first of a string of planned, politically motivated data leaks during the holiday season.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.