The Christmas hack of the Texas based Stratfor Global Intelligence Service took the company by surprise; not that it was hacked on Christmas Day, but it was hacked at all. When it was said and done, the hactivism group known as Anonymous claimed they had Stratfor’s confidential client list as well as credit card details, passwords and home addresses for 4,000 clients; clients connected to the Bank of America, the Defense Department Lockheed Martin, and the United Nations.
They also claimed to have 14,000 passwords and details for 8,000 credit cards belonging to Special Forces’ customers. Anonymous also said they had 90,000 credit cards accounts.
The goal, says Anonymous, was to raise to money to give to charitable organizations. The media has come to call the Stratfor hack as Robin hood.
How did this :”band of merry men” do this? The group said Stratfor had failed to encrypt its data. A New York Times article by Nicole Perlroth goes into more detail, and questions the motives behind the attack, even if Anonymous did carry out the attack, as they claim.
The latest news suggests that the Stratfor was an inside job. Jeffrey Carr writing for Infosec island points out that a company is only as good as its employees.
Indeed, Carr suggests that security at Stratfor was not a priority and perhaps a disgruntled employee was in on the hack? Experts in the field are aware of how employees can be a company’s greatest asset, or worse nightmare.
It has produced some positive response. Robert Booth of the Guardian.com reported on December 27, “that thousands of customers of a leading US security company are due to be given specialized identity theft protection after computer hackers linked to the Anonymous group claimed to have diverted more
than $500,000 from their private bank accounts to charities including the Red Cross, CARE and Save the Children”.
After the attack, Stratfor took its website off line and wrote on its Facebook page “that it was cooperating with law enforcement.”
For more on the story, visit (http://www.latimes.com/news/nationworld/nation/la-na-cyber-theft-20120104,0,90925.story),
and the National Post (http://news.nationalpost.com/2011/12/27/anonymous-may-target-hacked-u-s-companys-clients-for-speaking-out-stratfor-warns/).
Stay tuned !!
I’m a government cleared cybersecurity expert (a Certified Ethical Hacker), and the Vice-President of Cyber at SIRCO, an investigations and protections firm in Montréal, Canada.
I’m also a frequent contributor to National & Global media reportage about cyber-crime, spying, security failures, internet scams, and the real social network dangers that families and individuals face every day.