Hackers Target US Security Think Tank

Topics:

LONDON (AP) — Hackers on Sunday claimed to have stolen a raft of e-mails and credit card data from U.S.-based security think tank Stratfor, promising it was just the start of a weeklong Christmas-inspired assault on a long list of targets.

One alleged hacker said the goal was to use the credit data to steal a million dollars and give it away as Christmas donations, and images posted online claimed to show the receipts.

Members of the loose-knit hacking movement known as “Anonymous” posted a link on Twitter to what they said was Stratfor’s tightly-guarded, confidential client list. Among those on the list: The U.S. Army, the U.S. Air Force and the Miami Police Department.

The rest of the list, which Anonymous said was a small slice of its 200 gigabytes worth of plunder, included banks, law enforcement agencies, defense contractors and technology firms such as Apple and Microsoft.

“Not so private and secret anymore?” the group taunted in a message on the microblogging site.

Lt. Col. John Dorrian, public affairs officer for the Air Force, said that “for obvious reasons” the Air Force doesn’t discuss specific vulnerabilities, threats or responses to them.

“The Air Force will continue to monitor the situation and, as always, take apporpriate action as necessary to protect Air Force networks and information,” he said in an email.

Miami Police Department spokesman Sgt. Freddie Cruz Jr. said that he could not confirm that the agency was a client of Stratfor, and he said he had not received any information about any security breach involving the police department.

Anonymous said it was able to get the credit details in part because Stratfor didn’t bother encrypting them — an easy-to-avoid blunder which, if true, would be a major embarrassment for any security-related company.

Hours after publishing what it claimed was Stratfor’s client list, Anonymous posted images online that it suggested were receipts for charitable donations made by the group manipulating the credit card data it stole.

“Thank you! Defense Intelligence Agency,” read the text above one image that appeared to show a transaction summary indicating that an agency employee’s information was used to donate $250 to a non-profit.

Stratfor said in an email to members that it had suspended its servers and email after learning that its website had been hacked.



“We have reason to believe that the names of our corporate subscribers have been posted on other web sites,” said the email, passed on to The Associated Press by subscribers. “We are diligently investigating the extent to which subscriber information may have been obtained.”

The email, signed by Stratfor Chief Executive George Friedman, said the company is “working closely with law enforcement to identify who is behind the breach.”

“Stratfor’s relationship with its members and, in particular, the confidentiality of their subscriber information, are very important to Stratfor and me,” Friedman wrote.

Stratfor’s website was down midday Sunday, with a banner saying “site is currently undergoing maintenance.”

Wishing everyone a “Merry LulzXMas” — a nod to its spinoff hacking group Lulz Security — Anonymous also posted a link on Twitter to a site containing the email, phone number and credit number of a U.S. Homeland Security employee.

The employee, Cody Sultenfuss, said he had no warning before his details were posted.

“They took money I did not have,” he told The Associated Press in a series of emails, which did not specify the amount taken. “I think why me? I am not rich.”

One member of the hacking group, who uses the handle AnonymousAbu on Twitter, claimed that more than 90,000 credit cards from law enforcement, the intelligence community and journalists — “corporate/exec accounts of people like Fox” news — had been hacked and used to “steal a million dollars” and make donations.

It was impossible to verify where credit card details were used. Fox News was not on the excerpted list of Stratfor members posted online, but other media organizations including MSNBC and Al Jazeera English appeared in the file.

Anonymous warned it has “enough targets lined up to extend the fun fun fun of LulzXmas through the entire next week.”

The group has previously claimed responsibility for attacks on companies such as Visa, MasterCard and PayPal, as well as others in the music industry and the Church of Scientology.

____________

Associated Press writer Jennifer Kway in Miami contributed to this report.

_____________

Cassandra Vinograd can be reached at http://twitter.com/CassVinograd

Featured Slide Shows

  • Share on Twitter
  • Share on Facebook
  • 1 of 11
  • Close
  • Fullscreen
  • Thumbnails
    Burger King Japan

    2014's fast food atrocities

    Burger King's black cheeseburger: Made with squid ink and bamboo charcoal, arguably a symbol of meat's destructive effect on the planet. Only available in Japan.

    Elite Daily/Twitter

    2014's fast food atrocities

    McDonald's Black Burger: Because the laws of competition say that once Burger King introduces a black cheeseburger, it's only a matter of time before McDonald's follows suit. You still don't have to eat it.

    Domino's

    2014's fast food atrocities

    Domino's Specialty Chicken: It's like regular pizza, except instead of a crust, there's fried chicken. The company's marketing officer calls it "one of the most creative, innovative menu items we have ever had” -- brain power put to good use.

    Arby's/Facebook

    2014's fast food atrocities

    Arby's Meat Mountain: The viral off-menu product containing eight different types of meat that, on second read, was probably engineered by Arby's all along. Horrific, regardless.

    KFC

    2014's fast food atrocities

    KFC'S ZINGER DOUBLE DOWN KING: A sandwich made by adding a burger patty to the infamous chicken-instead-of-buns creation can only be described using all caps. NO BUN ALL MEAT. Only available in South Korea.

    Taco Bell

    2014's fast food atrocities

    Taco Bell's Waffle Taco: It took two years for Taco Bell to develop this waffle folded in the shape of a taco, the stand-out star of its new breakfast menu.

    Michele Parente/Twitter

    2014's fast food atrocities

    Krispy Kreme Triple Cheeseburger: Only attendees at the San Diego County Fair were given the opportunity to taste the official version of this donut-hamburger-heart attack combo. The rest of America has reasonable odds of not dropping dead tomorrow.

    Taco Bell

    2014's fast food atrocities

    Taco Bell's Quesarito: A burrito wrapped in a quesadilla inside an enigma. Quarantined to one store in Oklahoma City.

    Pizzagamechangers.com

    2014's fast food atrocities

    Boston Pizza's Pizza Cake: The people's choice winner of a Canadian pizza chain's contest whose real aim, we'd imagine, is to prove that there's no such thing as "too far." Currently in development.

    7-Eleven

    2014's fast food atrocities

    7-Eleven's Doritos Loaded: "For something decadent and artificial by design," wrote one impassioned reviewer, "it only tasted of the latter."

  • Recent Slide Shows

Comments are not enabled for this story.