Categories: SecurityWorkspace

Anonymous Loots $1m From Clients’ Credit Cards In Stratfor Hack

US security firm Stratfor’s Website was compromised over Christmas by the Anonymous group of hackers as part of a “Robin Hood” rampage. Named LulzXmas, the campaign is aimed at robbing the rich “one percent” and giving to the poor “99 percent”.

The Stratfor site went offline on 24 December and the company’s clients whose names, addresses and payment card details were published online by Anonymous were notified of their exposure.

Charity Donations

Anonymous has claimed to have stolen $1m (£649,000) from the compromised accounts and to have deposited the money with charities. A faction of Anonymous has posted screenshots of money being transferred to the Red Cross, Save the Children, and Care.

Many of Stratfor’s customers are major companies and government agencies, including the US Department of Defense. The Bank of America, and Lockheed Martin – which was itself the victim of hackers earlier this year.

Other companies affected by the intrusion are said to include Google, Microsoft, Sony, Coca-Cola, Boeing and American Express, according to Anonymous’ postings. Although Stratfor’s Website remains offline, it has used its Facebook page to update its clients and denies that the companies mentioned by Anonymous are actual clients.

“Also publicly released was a list of our members which the unauthorised party claimed to be Stratfor’s ‘private clients’. Contrary to this assertion, the disclosure was merely a list of some of the members that have purchased our publications and does not comprise a list of individuals or entities that have a relationship with Stratfor beyond their purchase of our subscription-based publications,” the company wrote

Free ID protection offered

Stratfor has responded by providing compromised clients with a free year of  identity protection services provided by CSID. The Global ID Protector service monitors criminal Web pages, chat rooms, bulletin boards and other online forums for compromised personal information. When illegal activity is detected, such as the trading or selling of personal information online, the service notifies the affected subscriber and provides instructions on how to prevent further exposure and fraudulent actions.

In a letter to subscribers, Stratfor CEO George Friedman said, “We deeply regret that this event has occurred, and we are working to prevent it from happening again. Our highest concern is the impact that this has had on you, our loyal members and friends … Please take advantage of this service.”

Friedman added that the site will remain closed for the foreseeable future; “As part of our ongoing investigation, we have also decided to delay the launching of our Website until a thorough review and adjustment by outside experts can be completed.”

The embarrassment is not over for Stratfor if Anonymous makes good its threat to reveal emails stolen during the attack. These will expose more of Stratfor’s customers and show that Stratfor “is not the ‘harmless company’ it tries to paint itself as. You’ll see in those emails,” Anonymous warned.

According to a Pastebin statement posted yesterday: “It’s time to dump the full 75,000 names, addresses, CCs [credit cards] and md5 hashed passwords to every customer that has ever paid Stratfor. But that’s not all: we’re also dumping ~860,000 usernames, email addresses, and md5 hashed passwords for everyone who’s ever registered on Stratfor’s site.”

The hacker group is planning more exploits for New Year’s Eve: “On this date, we will be launching our contributions to project mayhem by attacking multiple law enforcement targets from coast to coast.”

Eric Doyle, ChannelBiz

Eric is a veteran British tech journalist, currently editing ChannelBiz for NetMediaEurope. With expertise in security, the channel, and Britain's startup culture, through his TechBritannia initiative

Recent Posts

Ericsson To Cut 1,200 Jobs in Sweden Amid ‘Challenging’ Market

Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…

17 hours ago

FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…

18 hours ago

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

19 hours ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

21 hours ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

24 hours ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

1 day ago