Anonymous Hack Stratfor Intelligence Company Leaking Sensitive Information From UK and US Defence

Tagged: , , , , , , , , , , , , , , , ,

Anonymous hack US and British intelligence and defence staff email accounts:

You may have already heard of Anonymous, Lulzsec and other online so called “hacktivists” that seemingly cause havoc on large organisation that they have moral issues with.

With a new mission called Operation AntiSec, all the above Hacktivist groups, and others, are engaged in trying to outdo others by taking down prominent online assets of organisations that they have issues with

Target of the Xmas period for Anonymous: Stratfor.

Strafor is a global intelligence provider based in Austin Texas who came to prominence in the late 90’s after covering the war in .

The lunatics have taken over the asylum:

So you would have thought that being secure online was second nature for such a company, you know, ensuring that credit card details of members was locked under high end encryption, and passwords were not created with such simple terms as the name of the company or other lazy choices?

Well no, it would appear that one of the globe’s most respected authorities on all things security, does not encrypt passwords, and apparently allows the most basic of hacking tools to enter their databases and retrieve information such as credit card details and password to email accounts.

So how is their website currently looking weeks after the attack:

“As you may know, an unauthorized party illegally obtained and disclosed personally identifiable information and related credit card data of some of our subscribers.

We are currently investigating this unfortunate event and are working diligently to prevent it from ever happening again. As a result, we have delayed restoring our website until we can perform a thorough security review. Stay tuned for our relaunch.

In the meantime, our main concern is the impact on our customers. As a result, we have provided paid subscribers with identity protection coverage from CSID, a leading provider of global identity protection, at our expense for 12 months.”

Robin Hood tactics may cost charities money:

Now I personally like the fact that a group such as Anonymous expose huge organisations as to how crap they actually are in many areas, but reports of taking money off client credit cards and placing this into charities sounds like a funny prank.

If time is money then it would seem that the charities affected will have to cough up, with very little chance of compensation, and this may end up being quite costly for the charities affected, in all honesty, I am unsure this is morally acceptable.

So who was affected in UK and US defence positions after this hacking expose:

It appears that from the US there were some 173 individuals who are serving in Afghanistan who had details published about their affiliations with Stratfor along with information about the vice-president Dan Quayle and former secretary of state Henry Kissinger.

The UK had some 221 people affected including military officials and 242 NATO staff, as well as advisor’s to Britain’s Joint Intelligence Organisation, who are a group who report on sensitive information directly to the Prime minister David Cameron.

So who was affected in total?

The data that was obtained also contained around 850,000 email addresses and passwords to people who had subscribed to the site, as well as 19,000 email addresses which belonged to US military personnel.

As ell as email and password data, 75,000 subscribers has their credit card numbers and addresses revealed.

All in all quite a bonanza of data easily scraped from an unsecured database run by a high end security agency, are you worried?

Recent work:

Anonymous have also been involved in other politically motivated attacks on companies and states that they feel need exposing as cruel or against their own perceived ideals of right and wrong.

So last Summer, we have had the widespread targeting of companies who have made Wikileaks’ life difficult, so Paypal received a DDoS attack last year in a targeted attack aimed at stopping the processing company from being able to run its website, after the blocked payments for donations from Wikileaks via tehir system.

And in recent times, Syria’s Ministry of Defence has been hit with a defacement of their website after the anonymous hackers took the side of protesters of the bloody crackdown imposed on them by government and military officials in the country

So what do you think of these “hacktivist” group(s)?

Useful highlighters of issues that need addressing?

Or, pesky nuisances that need to think more clearly about the way they do things for fear of causing more problems than they perhaps hope to highlight and solve?

Anthony Munns