Hackers target security think tank
The loose-knit hacking movement Anonymous claimed it has stolen thousands of credit-card numbers and other personal information belonging to clients of US-based security think tank Stratfor.
One hacker said the goal was to pilfer funds from individuals' accounts to give away as Christmas donations and some victims confirmed unauthorised transactions linked to their credit cards.
Anonymous boasted of stealing Stratfor's confidential client list, which includes a range of entities from banks to Apple, the US Air Force to the Miami Police Department, and mining it for more than 4,000 credit card numbers, passwords and home addresses.
"Not so private and secret anymore?" the group taunted in a message on Twitter, promising that the attack on Stratfor was just the beginning of a Christmas-inspired assault on a long list of targets.
Anonymous said the client list it posted was a small slice of its 200 gigabytes worth of plunder it stole from Stratfor and promised more leaks. It said it was able to get the credit details in part because Stratfor did not bother to encrypt them - an easy-to-avoid blunder which, if true, would be a major embarrassment for any security-related company.
Austin, Texas-based Stratfor provides political, economic and military analysis to help clients reduce risk, according to a description on its YouTube page. It charges subscribers for its reports and analysis, delivered through the web, emails and videos.
Lieutenant Colonel John Dorrian, public affairs officer for the US Air Force, said that "for obvious reasons" the Air Force does not discuss specific vulnerabilities, threats or responses to them.
"The Air Force will continue to monitor the situation and, as always, take apporpriate action as necessary to protect Air Force networks and information," he said.
Stratfor said in an email to members that it had suspended its servers and email after learning that its website had been hacked.
The email stated: "We have reason to believe that the names of our corporate subscribers have been posted on other web sites. We are diligently investigating the extent to which subscriber information may have been obtained."