Online “hacktivist” group Anonymous claimed on Sunday it had stolen a trove of e-mails and credit card information from US-based security firm Stratfor’s clients and vowed additional attacks.
Hackers provided a link on Twitter to what they said was Stratfor’s private client list, which included the US Department of Defense, US Army, US Air Force, law enforcement agencies, top security contractors and technology firms like Apple and Microsoft.
They also posted images online claiming to show receipts from donations made by the hackers on behalf of some of Stratfor’s clients by using their credit card data.
The hackers said they were able to obtain the information in part because Stratfor did not encrypt it, which could prove a major source of embarrassment to the global intelligence firm.
“Anonymous hacks and discredits @STRATFOR intelligence company,” Twitter user YourAnonNews wrote on the micro-blogging Web site. “Maybe they should learn what encryption is.”
An alleged Anonymous hacker who uses the Twitter handle anonymouSabu claimed that more than 90,000 credit cards from law enforcement, journalists and the intelligence community had been leaked and used for “over a million dollars” in donations.
However, a widely distributed hacking message posted online mentioned just 4,000 credit cards, passwords and home addresses.
Among the donations shown was a US$494 payment on behalf of the Defense Department for textbooks, a school uniform and food crisis education provided by charity CARE for impoverished girls and women.
A US$180 payment was allegedly made to the American Red Cross on behalf of a US Department of Homeland Security official, and was signed: “Thank you! Department of Homeland Security.”
Another US$200 payment was made to the American Red Cross on behalf of a Texas Department of Banking official.
In an e-mail to its members, Stratfor said it had suspended its e-mail and servers after learning the Web site was hacked.
In a subsequent message, it said the disclosure was “merely a list of some of the members that have purchased our publications and does not comprise a list of individuals or entities that have a relationship with Stratfor.”
Stratfor said it had contracted a “leading identity theft protection and monitoring service” and urged members to take their own precautions, including notifying banks about any suspicious credit card activity.
“We are on top of the situation and will continue to be vigilant in our implementation of the latest, and most comprehensive, data security measures,” said the e-mail, signed by George Friedman, Stratfor’s chief executive.
“We are working to restore access to our Web site and continuing to work closely with law enforcement,” Friedman wrote, adding his “sincerest apologies for this unfortunate incident.”
The company’s Web site was still down late yesterday afternoon.
Wishing a “Merry LulzXmas” to all — an apparent reference to Anonymous-affiliated group Lulz Security — Anonymous vowed to go after celebrities Justin Bieber, Lady Gaga, Kim Kardashian and Taylor Swift.
Anonymous has been involved in scores of hacking exploits, including the recent defacing of a Web site of the Syrian Ministry of Defense to protest a bloody crackdown on anti-government protesters.
Last year, the shadowy group launched retaliatory attacks on companies perceived to be enemies of the anti-secrecy Web site WikiLeaks.