The hacking group "Anonymous" on Sunday Christmas claimed it has stolen thousands of credit card numbers and personal information of clients of the U.S. based security think-tank Stratfor and pilfered funds it gave away as Christmas donations to charity.
Anonymous said it stole information from organizations and individuals that were clients of Stratfor, including Apple Inc., the U.S. Air Force and the Miami Police Department. They said they obtained more than 4,000 credit card numbers, passwords and home addresses.
Huffington Post reports that some clients of Stratfor have confirmed unauthorized transactions linked to their credit cards.
Stratfor is a company providing services to help clients manage risk. The company charges subscribers for reports and analysis it issues. Huffington Post reports that the company's main website was down in Sunday with the message: "site is currently undergoing maintenance."
Most of the victims, according to Huffington Post, were individual subscribers and not companies and government agencies. Anonymous in a Twitter message taunted Stratfor, saying: "Not so private and secret anymore?" The group promised that Stratfor was only the beginning of attacks to come.
Anonymous claims that it was able to steal as much as 200 gigabytes of information from Stratfor because Stratfor did not bother to encrypt them. This revelation, if true, is a serious indictment of a security services-related company. The hackers published a list of what they claimed was Stratfor's client list and tweeted a link to encrypted files with stolen names, phone numbers, emails addresses, credit card and account details. The hackers claimed that the information they have published so far is only a small part of what they stole from Stratfor.
Many of Stratfor's clients are already worrying that the hackers may have accessed other sensitive information. Lt. Col John Dorrian, public affairs officer of the Air Force said, "The Air Force will continue to monitor the situation and, as always, take appropriate action as necessary to protect Air Force networks and information." Freddi Cruz Jr., spokesman for the Miami Police Department, did not confirm that the police department was a client of Stratfor.
Straftor's vice president of intelligence Fred Burton, said the company has reported the incident to law enforcement and was cooperating with them in the investigation. Burton said that Stratfor has security measures to ward off cyber attacks but he said: "But I think the hackers live in this kind of world where once they fixate on you or try to attack you it's extraordinarily difficult to defend against."
One of the victims of the attack, Allen Barr, who only recently retired from the Texas Department of Banking, said he lost $700 in five unauthorized transactions. According to Barr, the transactions were, "all charities, the Red Cross, CARE, Save the Children. So when the credit card company called my wife she wasn't sure whether I was just donating." Barr said he was not aware he had been hacked until an AP reporter called him and told him that his personal information had been compromised. He said: "It made me feel terrible. It made my wife feel terrible. We had to close the account."
AFP reports Anonymous posted images online they claimed were receipts from donations they made. YourAnonNews, twitted: "Anonymous hacks and discredits @STRATFOR intelligence company. Maybe they should learn what encryption is."
Other donations, according to AFP, included $494 on behalf of the Department of Defense for "textbooks, a school uniform and food crisis education provided by charity CARE for impoverished girls and women." A $180 payment to American Red Cross on behalf of a Department of Homeland Security official that was signed, "Thank you! Department of Homeland Security."
PC Magazine reports that, besides using the stolen funds for donations to charity, the attackers said they were also hoping to use the incident to draw attention to the case of Pfc. Bradley Manning of the U.S. Army who is on trial over alleged involvement in leak of hundred of thousands of confidential military documents. A statement that claimed to be from the hackers said: "We hereby ask that Bradley Manning be given a delicious meal this Lulzxmas, and no, not the 'holiday special' in the prison chow hall. We want him out on the streets at a fancy restaurant of his choosing, and we want this to happen in less than five hours."
"LulzXmas" refers to an anti-Christmas-themed video horror short released on YouTube by the group on December 21.
But another group claiming also to represent Anonymous has denied that the Stratfor hackers were members of Anonymous. A group that claims to be the "official faction" of Anonymous released a statement on Pastebin that said: "Stratfor has been purposefully misrepresented by these so-called Anons and portrayed in false light as a company which engages in activity similar to HBGary. Sabu and his crew are nothing more than opportunistic attention whores who are possibly agent provocateurs. As a media source, Stratfor's work is protected by the freedom of [the] press, a principle which Anonymous values greatly. This hack is most definitely not the work of Anonymous."
HDGary is a threat intelligence and defense corporation based in Sacramento, California. Sabu refers to a person or group which is called "The Real Sabu" on Twitter (with the handle @anonymousSabu).
Huffington Post said that credit card owners whose cards have been hacked may contact the credit card company to dispute the charge.
A member of Anonymous said on Twitter that 90,000 credit cards from law enforcement, the intelligence community and journalists have been hacked and used "steal a million dollars" for charity donations. The statement mentioned "corporate/exec accounts of people like Fox" News. But Huffington Post reports it was not possible to verify the claims.