A hactivist group has claimed it was behind a Christmas Eve attack targeting security intelligence consultancy Stratfor, penetrating the firm’s website and stealing thousands of credit card numbers.
The Austin, Texas-based company, which says it provides non-ideological intelligence data on international affairs and security threats to a wide array of major corporations and local, state and federal agencies, took its website offline following the attack, while investigators determined the extent of the hacktivist attack. A person claiming to be part of the Anonymous hactivist group said it stole thousands of credit card numbers as well as information about the organization’s private client list.
In a message to its clients, Stratfor confirmed its website had been breached and attackers made off with data associated with organizations that purchased its publications. The company said its most sensitive data remains secure.
“The disclosure was merely a list of some of the members that have purchased our publications and does not comprise a list of individuals or entities that have a relationship with Stratfor beyond their purchase of our subscription-based publications,” wrote Stratfor CEO George Friedman via the company’s Facebook page.
Friedman said the company is working to restore its website and has retained an outside security consultancy to improve its data security measures. In addition, the company retained an identity theft protection and monitoring service for victims of the breach. Notification letters will be delivered by Dec. 28, Friedman said.
Various people claiming to be members of Anonymous have posted screenshots showing the credit cards being used to make sizable donations to various charities, according to Mikko Hypponen, chief research officer at F-Secure. Hypponen said the actions only end up hurting the charities. Credit card companies ultimately will chargeback the erroneous charges.
“In some cases, charities could be hit with penalties. At the very least, they will lose time and money in handling the charge-backs,” Hypponen said.
Anonymous group denies responsibility
In a statement posted Dec. 25 at Pastebin.com, a group calling itself Anonymous said it was not behind the Stratfor breach. The group said the attack was perpetrated by opportunistic attention seekers.
“Stratfor has been purposefully misrepresented by these so-called Anons and portrayed in false light as a company that engages in activity similar to HBGary,” according to the group’s posting on Pastebin. “As a media source, Stratfor's work is protected by the freedom of press, a principle which Anonymous values greatly.”