Thursday, December 29, 2011
Anonymous hacks STRATFOR
Hacked US security firm Stratfor has told its subscribers that it may take a week or even longer to restore its website.
The site went offline on 24 December.
Hackers have posted credit card details, email addresses, phone numbers and encrypted passwords which they said were taken during the attack.
Stratfor has said it will pay for a credit card fraud protection service for members whose payment details might have been compromised by the breach.
Tweets posted on accounts linked to the hacktivist group Anonymous said that the US Department of Defense, the defence firm Lockheed Martin and Bank of America were among Stratfor's clients.
A recent message posted by @YourAnonNews added that other parties affected by the hack included Google, American Express, Coca-Cola, Boeing, Sony, Microsoft and the mining group BHP Billiton.
An email from Stratfor to its subscribers said: "At our expense, we have taken measures to provide our members whose credit card information may have been compromised with access to CSID, a leading provider of global identity protection and fraud detection solutions and technologies.
"We have arranged to provide one year of CSID's coverage to such members at no cost.
"As part of our ongoing investigation, we have also decided to delay the launching of our website until a thorough review and adjustment by outside experts can be completed."
The identity theft prevention service Identity Finder has carried out its own analysis of details posted online about hacked clients whose names fell between A and M. It suggested that the attack netted:
9,651 unexpired credit card numbers
47,680 unique email addresses
25,680 unique telephone numbers
44,188 encrypted passwords of which roughly half could be "easily cracked"
This list is expected to grow if the hackers publish details of the N to Z list.
A tweet posted to the account @AnonymousIRC on 25 December claimed that $1m (£650,000) had been taken from the hacked accounts and had been given to charity.
Participants in Anonymous have subsequently posted screenshots which allegedly show money being transferred to the charities Red Cross, Save the Children and Care.
The organisations will have to return the money if credit card owners report the charges as being unauthorised. Some supporters of the Anonymous movement have also expressed concern that the charities could theoretically be charged a fee for the return of the transactions.
Anonymous Twitter accounts have also hinted that the hackers planned to release details of emails harvested in the breach, adding that "Stratfor is not the 'harmless company' it tries to paint itself as.
Stratfor could not be reached for comment. However a video posted by Fred Burton, its vice president of intelligence, to YouTube promised to provide updates "as more details become available" and offered details about the credit card protection scheme.
Posted by Steve Douglass at 7:58 AM