Anonymous/AntiSec Attack STRATFOR

Posted on 24 December 2011 by

14


On 24 December, the illegal computer hacking group AntiSec/Anonymous launched attacks against commercial intelligence provider STRATFOR. STRATFOR provides intelligence to a range of commercial and government customers, and has been beefing up its coverage of cyber, and specifically of Anonymous.

The site was unreachable about an hour after the original defacement, which poked fun at STRATFOR cyber operational security. So far, the group has released details on the firm’s customer list, which it made public. We understand that there is more to come from this hack.

PLI is far more concerned about the state of the classified information provided by STRATFOR to the US Government.

STRATFOR maintains separate classified and unclassified networks and information, and PLI understands that none of the STRATFOR data has been spared the attention of the hacking group. Of course, had STRATFOR placed any classified data on the server which we know has been hacked, they’d be in blatant violation of the laws of the US and of common sense, but it’s against the law why? Because it’s happened before.

If classified data has been compromised in the hack, it will create a larger impact – and response – than if it is unclassified commercial intel. Again, it’s supposed to be totally separately stored, and I’ve spoken at length about the misconception by folks who conflate “classified” with “important,” but if there were errors, this could be bad.

In addition, Sabu, a leading member of the group, boasted on Twitter that

Over 90,000 Credit cards from LEA, journalists, intelligence community and whitehats leaked and used for over a million dollars in donations

The AntiSec/LulzSec crowd, on the AnonymousIRC Twitter channel, has promised that this is the first of many attacks.

We will update as information becomes available.

Update: At 20:01 ET we received this:

Dear Stratfor Member,

We have learned that Stratfor’s web site was hacked by an unauthorized party. As a result of this incident the operation of Stratfor’s servers and email have been suspended.

We have reason to believe that the names of our corporate subscribers have been posted on other web sites. We are diligently investigating the extent to which subscriber information may have been obtained.

Stratfor and I take this incident very seriously. Stratfor’s relationship with its members and, in particular, the confidentiality of their subscriber information, are very important to Stratfor and me. We are working closely with law enforcement in their investigation and will assist them with the identification of the individual(s) who are responsible.

Although we are still learning more and the law enforcement investigation is active and ongoing, we wanted to provide you with notice of this incident as quickly as possible. We will keep you updated regarding these matters.

Sincerely,

George Friedman

UPDATE 25 DEC: We have heard tell in social media that the trove of credit cards referred to above we’re placed, unencrypted, on the breached server. If true, this is at the least a PCI violation (also, it’s stupid), and may wreak havoc among STRATFOR customers. More as we get it.

UPDATE 25 DEC [2]: a new email from STRATFOR implies identity theft services shall be provided to subscribers; commits to updating security by engaging incident response consulting firm. See related analysis here.

UPDATE 25 DEC [3]: From the unintentional irony department, a press release purporting to be from Anonymous disavows any involvement with the hack. We’ve said before that when you’re as groovy as Anonymous, and you’re everyone and you’re no-one, this kind of thing can happen.