Strategic Forecasting Inc. (Stratfor), a Texas-based intelligence firm that delivers paid briefings on a wide range of topics, suffered a pre-Christmas breach at the hands of those supporting the current incarnation of the AntiSec movement. The fallout has been devastating thus far, but according to comments from those familiar with the breach, this is only the beginning.
On Christmas Eve, Stratfor’s domain was defaced by supporters of the AntiSec movement. The defacement included quotes from an internal email on security written by Stratfor’s CTO, Frank Ginac. In addition, Ginac’s credit card details, and other personal information was published as part of the defacement’s message.
Moreover, AntiSec supporters released a listing of clients who subscribe to Stratfor’s intelligence briefings. The real damage however, was the plundering of the company’s databases, which included the record information (name, address, credit card data, and password) of some 90,000 people. To date, 34,000 records have been pushed to the public.
“Interestingly, one thing we noticed in the fallout of this catastrophic hack was that STRATFOR hired not one, but two outside consultants to try to bail their sorry asses out of the hellhole of a grave we dug them. Top identity theft protection? Professional security consultant? We’ll see how that works out for you, if you ever dare to put your servers back online again. Until then, we’ll be watching and waiting,” a note from AntiSec, published Monday, stated.
Hours after word of the attack spread, Stratfor’s CEO, George Friedman addressed the attacks.
“Stratfor and I take this incident very seriously. Stratfor’s relationship with its members and, in particular, the confidentiality of their subscriber information, are very important to Stratfor and me. We are working closely with law enforcement in their investigation and will assist them with the identification of the individual(s) who are responsible. Although we are still learning more and the law enforcement investigation is active and ongoing, we wanted to provide you with notice of this incident as quickly as possible. We will keep you updated regarding these matters,” his letter said.
To which, someone from Anonymous tweeted: “If Stratfor would give a s**t about their subscriber info they wouldn’t store CC/CCV numbers in cleartext, with corresponding addresses.”
In addition to the presently published data compromised during the Stratfor attack, AntiSec’s note said that 200GB of company email was captured as well. There is no word if this will be published, but it’s highly likely that it too will appear online before the year is over.
More from Steve Ragan
- Anonymous Claims Attack on IP Surveillance Firm Brickcom, Leaks Customer Data
- Workers Don’t Trust Employers with Personal Data: Survey
- Root SSH Key Compromised in Emergency Alerting Systems
- Morningstar Data Breach Impacted 184,000 Clients
- Microsoft to Patch Seven Flaws in July’s Patch Tuesday
- OpenX Addresses New Security Flaws with Latest Update
- Ubisoft Breached: Users Urged to Change Passwords
- Anonymous Targets Anti-Anonymity B2B Firm Relead.com
Latest News
- Critical Vulnerability Impacts Over 120 Lexmark Printers
- BIND Updates Patch High-Severity, Remotely Exploitable DoS Flaws
- Industry Reactions to Hive Ransomware Takedown: Feedback Friday
- Microsoft Urges Customers to Patch Exchange Servers
- Iranian APT Leaks Data From Saudi Arabia Government Under New Persona
- US Reiterates $10 Million Reward Offer After Disruption of Hive Ransomware
- Cyberattacks Target Websites of German Airports, Admin
- US Infiltrates Big Ransomware Gang: ‘We Hacked the Hackers’
