Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

STRATFOR Attack by AntiSec Delivers Painful Christmas Present

Strategic Forecasting Inc. (Stratfor), a Texas-based intelligence firm that delivers paid briefings on a wide range of topics, suffered a pre-Christmas breach at the hands of those supporting the current incarnation of the AntiSec movement. The fallout has been devastating thus far, but according to comments from those familiar with the breach, this is only the beginning.

Strategic Forecasting Inc. (Stratfor), a Texas-based intelligence firm that delivers paid briefings on a wide range of topics, suffered a pre-Christmas breach at the hands of those supporting the current incarnation of the AntiSec movement. The fallout has been devastating thus far, but according to comments from those familiar with the breach, this is only the beginning.

Stratfor Cyber AttackOn Christmas Eve, Stratfor’s domain was defaced by supporters of the AntiSec movement. The defacement included quotes from an internal email on security written by Stratfor’s CTO, Frank Ginac. In addition, Ginac’s credit card details, and other personal information was published as part of the defacement’s message.

Moreover, AntiSec supporters released a listing of clients who subscribe to Stratfor’s intelligence briefings. The real damage however, was the plundering of the company’s databases, which included the record information (name, address, credit card data, and password) of some 90,000 people. To date, 34,000 records have been pushed to the public.

“Interestingly, one thing we noticed in the fallout of this catastrophic hack was that STRATFOR hired not one, but two outside consultants to try to bail their sorry asses out of the hellhole of a grave we dug them. Top identity theft protection? Professional security consultant? We’ll see how that works out for you, if you ever dare to put your servers back online again. Until then, we’ll be watching and waiting,” a note from AntiSec, published Monday, stated.

Hours after word of the attack spread, Stratfor’s CEO, George Friedman addressed the attacks.

AntiSec Hacks Stratfor“Stratfor and I take this incident very seriously. Stratfor’s relationship with its members and, in particular, the confidentiality of their subscriber information, are very important to Stratfor and me. We are working closely with law enforcement in their investigation and will assist them with the identification of the individual(s) who are responsible. Although we are still learning more and the law enforcement investigation is active and ongoing, we wanted to provide you with notice of this incident as quickly as possible. We will keep you updated regarding these matters,” his letter said.

To which, someone from Anonymous tweeted: “If Stratfor would give a s**t about their subscriber info they wouldn’t store CC/CCV numbers in cleartext, with corresponding addresses.”

In addition to the presently published data compromised during the Stratfor attack, AntiSec’s note said that 200GB of company email was captured as well. There is no word if this will be published, but it’s highly likely that it too will appear online before the year is over.

Written By

Click to comment

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Cybercrime

Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.

Cybercrime

A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.

Cybercrime

Cybercriminals earned significantly less from ransomware attacks in 2022 compared to 2021 as victims are increasingly refusing to pay ransom demands.