Strategic Forecasting Inc. (Stratfor), a Texas-based intelligence firm that delivers paid briefings on a wide range of topics, suffered a pre-Christmas breach at the hands of those supporting the current incarnation of the AntiSec movement. The fallout has been devastating thus far, but according to comments from those familiar with the breach, this is only the beginning.
On Christmas Eve, Stratfor’s domain was defaced by supporters of the AntiSec movement. The defacement included quotes from an internal email on security written by Stratfor’s CTO, Frank Ginac. In addition, Ginac’s credit card details, and other personal information was published as part of the defacement’s message.
Moreover, AntiSec supporters released a listing of clients who subscribe to Stratfor’s intelligence briefings. The real damage however, was the plundering of the company’s databases, which included the record information (name, address, credit card data, and password) of some 90,000 people. To date, 34,000 records have been pushed to the public.
“Interestingly, one thing we noticed in the fallout of this catastrophic hack was that STRATFOR hired not one, but two outside consultants to try to bail their sorry asses out of the hellhole of a grave we dug them. Top identity theft protection? Professional security consultant? We’ll see how that works out for you, if you ever dare to put your servers back online again. Until then, we’ll be watching and waiting,” a note from AntiSec, published Monday, stated.
Hours after word of the attack spread, Stratfor’s CEO, George Friedman addressed the attacks.
“Stratfor and I take this incident very seriously. Stratfor’s relationship with its members and, in particular, the confidentiality of their subscriber information, are very important to Stratfor and me. We are working closely with law enforcement in their investigation and will assist them with the identification of the individual(s) who are responsible. Although we are still learning more and the law enforcement investigation is active and ongoing, we wanted to provide you with notice of this incident as quickly as possible. We will keep you updated regarding these matters,” his letter said.
To which, someone from Anonymous tweeted: “If Stratfor would give a s**t about their subscriber info they wouldn’t store CC/CCV numbers in cleartext, with corresponding addresses.”
In addition to the presently published data compromised during the Stratfor attack, AntiSec’s note said that 200GB of company email was captured as well. There is no word if this will be published, but it’s highly likely that it too will appear online before the year is over.
More from Steve Ragan
- Anonymous Claims Attack on IP Surveillance Firm Brickcom, Leaks Customer Data
- Workers Don’t Trust Employers with Personal Data: Survey
- Root SSH Key Compromised in Emergency Alerting Systems
- Morningstar Data Breach Impacted 184,000 Clients
- Microsoft to Patch Seven Flaws in July’s Patch Tuesday
- OpenX Addresses New Security Flaws with Latest Update
- Ubisoft Breached: Users Urged to Change Passwords
- Anonymous Targets Anti-Anonymity B2B Firm Relead.com
Latest News
- Ferrari Says Ransomware Attack Exposed Customer Data
- Aembit Scores $16.6M Seed Funding for Workload IAM Technology
- Millions Stolen in Hack at Cryptocurrency ATM Manufacturer General Bytes
- Waterfall Security, TXOne Networks Launch New OT Security Appliances
- Hitachi Energy Blames Data Breach on Zero-Day as Ransomware Gang Threatens Firm
- NBA Notifying Individuals of Data Breach at Mailing Services Provider
- Adobe Acrobat Sign Abused to Distribute Malware
- New York Man Arrested for Running BreachForums Cybercrime Website
