Anonymous Denies Hacking Stratfor
Second Update: Stratfor has sent out this updated message. It may be too little too late. If they didn't encrypt the card data and left full credit card numbers and pins on their servers, it sure doesn't seem like they would be in compliance with PCI Data Security Standards. There will undoubtedly be lawsuits over this. Stratfor can hire the best security firm on the planet now, but its poor judgment is going to cost it subscribers and business and its reputation is going to take a serious hit.
We did the hack under #antisec which is an operation within anonymous. Unsure who made you a leader, but we are decentralized
Anonymous has hacked Stratfor, the intelligence think thank, stealing its database of subscribers, email accounts and credit cards.
The group says it will steal $1 million from subscribers (many of whom are U.S. Government and law enforcement agencies, media outlets and big corporations) and redistribute it to the poor.
They say Stratfor is just the first in its week-long Christmas plan. From Twitter:
#Anonymous would like to remind you that no force on earth can stop 100 santas. santarchy.com We are legion. #LulzXmas
Amazingly, Stratfor did not encrypt the credit card data. It confirmed the data breach in an email to subscribers today. [More...]
Anonymous writes on pastebin:
Attached are ~4000 credit cards, md5 passwords, and home addresses to just a few of Stratfor's "private client list". Not as many as you expected? Worry not, fellow pirates and robin hoods. These are just the "A"s.
While the rich and powerful are enjoying themselves with all their bourgeois gifts and lavish meals, our comrade Bradley Manning is not having that great of a time in federal custody. Instead of being heralded as a fighter for free information and government transparency, he is criminalized, marginalized, and incarcerated, threatened with life imprisonment.
We hereby ask that Bradley Manning be given a delicious meal this Lulzxmas, and no, not the "holiday special" in the prison chow hall. We want him out on the streets at a fancy restaurant of his choosing, and we want this to happen in less than five hours.
Here's the e-mail Stratfor sent out:
Dear Stratfor Member,
We have learned that Stratfor's web site was hacked by an unauthorized party. As a result of this incident the operation of Stratfor's servers and email have been suspended.
We have reason to believe that the names of our corporate subscribers have been posed on other web sites. We are diligently investigating the extent to which subscriber information may have been obtained.
Stratfor and I take this incident very seriously. Stratfor's relationship with its members and, in particular, the confidentiality of their subscriber information, are very important to Stratfor and me. We are working closely with law enforcement in their investigation and will assist them with the identification of the individual(s) who are responsible.
Although we are still learning more and the law enforcement investigation is active and ongoing, we wanted to provide you with notice of this incident as quickly as possible. We will keep you updated regarding these matters.
This is pretty serious stuff.
|< Christmas Eve Open Thread | Will Stratfor Be Liable for the Security Breach? >|