Los Angeles — Online hacker group Anonymous, on Sunday initiated its promised week of Christmas hacks, attacking a vast list of targets, claiming it had stolen a trove of emails and credit card information from US-based security firm Stratfor’s clients, an Austin-based think tank that focuses on security issues, and promises additional attacks, the Associated Press reported today.
The hackers maintained they were able to seize the information because the company, Stratfor, did not encrypt it. Hackers, also provided a link on Twitter to what they said was Stratfor’s private client list, which included the US Defense Department, Army, Air Force, law enforcement agencies, top security contractors and technology firms like Apple and Microsoft.
The Austin-based Stratfor mentioned that it has now postponed the operation on its servers and email and advised its members to notify authorities about any suspicious credit card activities.
Stratfor’s site is down for now. (Credit: Screenshot by CNET)
“We have reason to believe that the names of our corporate subscribers have been posted on other web sites,” said the e-mail, which was obtained by the Associated Press via subscribers. “We are diligently investigating the extent to which subscriber information may have been obtained.”
One suspected collaborator said the goal was to use that credit card data to steal a million dollars, and give the money away as Christmas donations, the AP reports. Online images, posted to Twitter, show receipts from the donations.
Twitter account @YourAnonNews, which is apparently linked to the group, tweeted Sunday that the reason it was able to steal the credit card data was because it had not been encrypted by Stratfor — an awkward mistake for a company specializing in security.
“Anonymous hacks and discredits @STRATFOR intelligence company,” Twitter user YourAnonNews wrote on the micro-blogging website. “Maybe they should learn what encryption is.”
A dubious Anonymous hacker who uses the Twitter handle anonymouSabu maintained that over 90,000 credit cards from law enforcement, journalists and the intelligence community had been leaked and used for “over a million dollars” in donations.
Besides, another widely published hacking message circulated online, however, stated that just 4,000 credit cards, passwords and home addresses. Anonymous also tweeted that it has “enough targets underwraps to extend the fun fun fun of LulzXmas through the entire next week.” Lulz is a reference to a related hacking group known as Lulz Security.
“If Stratfor would give a s— about their subscriber info they would not store CC/CCV numbers in cleartext, with corresponding addresses,” according to one tweet.
Moreover, Anonymous also published images depicting receipts of charitable donations made to nonprofit organizations. Alan Barr of Austin, the person who has been tricked, was not even aware that his credit card data had been stolen until an AP reporter called him for comment. It also said the disclosure was “merely a list of some of the members that have acquired our publications and does not comprise a list of individuals or entities that have a relationship with Stratfor”.
“It was all charities, the Red Cross, CARE, Save the Children. So when the credit card company called my wife she was not sure whether I was just donating,” Barr said.
Stratfor said it had appointed a ‘prominent identity theft protection and monitoring service’ and urged members to take their own precautions, including notifying banks about any suspicious credit card activity.
“We are on top of the situation and will continue to be attentive in our implementation of the latest, and most comprehensive, data security measures,” said the email, signed by chief executive George Friedman.
“We are working to restore access to our website and continuing to work closely with law enforcement,” Friedman wrote, adding his “sincerest apologies for this unfortunate incident.”
The company’s website was still down as of early Sunday evening.
@YourAnonNews wishing a “Merry LulzXmas” to all–in an apparent reference to Anonymous-affiliated group Lulz Security — Anonymous vowed to go after celebrities Justin Bieber, Lady Gaga, Kim Kardashian and Taylor Swift were among the next targets.