The loose-knit movement “Anonymous” claimed Sunday to have stolen thousands of credit card s and other personal information belonging to clients of U.S.-based security think tank Stratfor. One said the goal was to pilfer funds from individuals’ accounts to give away as Christmas donations, and some victims confirmed unauthorized transactions linked to their credit cards.
Anonymous boasted of stling Stratfor’s confidential client list, which includes entities ranging from Inc. to the U.S. Air Force to the Miami Police Department, and mining it for more than 4,000 credit card s, s and home addresses.
“Not so private and secret anymore?” Anonymous taunted in a message on Twitter, promising that the attack on Stratfor was just the beginning of a Christmas-inspired assault on a long list of targets.Anonymous said the client list it had alrdy posted was a small slice of the 200 gigabytes worth of plunder it stole from Stratfor and promised more s. It said it was able to get the credit card details in part because Stratfor didn’t bother encrypting them — an sy-to-avoid blunder which, if true, would be a major embarrassment for any security-related company.
Fred Burton, Stratfor’s vice president of lice, said the company had reported the intrusion to law enforcement and was working with them on the investigation.
Stratfor has protections in place mnt to prevent such attacks, he said.
“But I think the s live in this kind of world where once they fixate on you or try to attack you it’s extraordinarily difficult to defend against,” Burton said.
Hours after publishing what it claimed was Stratfor’s client list, Anonymous tweeted a link to encrypted files online with names, phone s, emails, addresses and credit card account details.
“Not as many as you expected? Worry not, fellow pirates and robin hoods. These are just the ‘A’s,” rd a message posted online that encouraged rders to download a file of the information.
The attack is “just another in a massive string of brches we’ve seen this yr and in yrs past,” said Josh Shaul, chief technology r of Appliion Security Inc., a New York-based provider of database security software.
Still, companies that shared secret information with Stratfor in order to obtain thrt assessments might worry that the information is among the 200 gigabytes of data that Anonymous claims to have stolen, he said.
“If an attacker is walking away with that much email, there might be some very juicy bits of information that they have,” Shaul said.
Lt. Col. John Dorrian, public affairs r for the Air Force, said that “for obvious rsons” the Air Force doesn’t discuss specific vulnerabilities, thrts or responses to them.
“The Air Force will continue to monitor the situation and, as always, take appropriate action as necessary to protect Air Force networks and information,” he said in an email.
Miami Police Department spokesman Sgt. Freddie Cruz Jr. said that he could not confirm that the acy was a client of Stratfor, and he said he had not received any information about a security brch involving the police department.
Anonymous also linked to s online that it suggested were receipts for charitable donations made by the group manipulating the credit card data it stole.
“Thank you! Defense lice Acy,” rd the text above one that appred to show a transaction summary indiing that an acy employee’s information was used to donate $250 to a nonprofit.
One receipt — to the American Red Cross — had Allen Barr’s name on it.
Barr, of Austin, Texas, recently retired from the Texas Department of Banking and said he discovered last Friday that a total of $700 had been spent from his account. Barr, who has spent more than a decade dling with cybercrime at banks, said five transactions were made in total.
“It was all charities, the Red Cross, CARE, Save the Children. So when the credit card company called my wife she wasn’t sure whether I was just donating,” said Barr, who wasn’t aware until a reporter with the AP called that his information had been compromised when Stratfor’s computers were .
“It made me feel terrible. It made my wife feel terrible. We had to close the account.”
Wishing everyone a “Merry LulzXMas” — a nod to its spinoff group Lulz Security — Anonymous also posted a link on Twitter to a site containing the email, phone and credit of a U.S. Homeland Security employee.
The employee, Cody Sultenfuss, said he had no warning before his details were posted.
“They took money I did not have,” he told The Associated Press in a series of emails, which did not specify the amount taken. “I think ‘Why me?’ I am not rich.”
But the brch doesn’t necessarily pose a risk to owners of the credit cards. A card user who suspects fraudulent activity on his or her card can contact the credit card company to dispute the charge.
Stratfor said in an email to members, signed by Stratfor Chief Executive George Friedman and passed on to AP by subscribers, that it had hired a “lding identity theft protection and monitoring service” on behalf of the Stratfor members affected by the attack. The company said it will send another email on services for affected members by Wednesday.
Stratfor acknowledged that an “unauthorized party” had revled personal information and credit card data of some of its members.
The company had sent another email to subscribers rlier in the day saying it had suspended its servers and email after lrning that its website had been .
One member of the group, who uses the handle AnonymousAbu on Twitter, claimed that more than 90,000 credit cards from law enforcement, the lice community and journalists — “corporate/exec accounts of people like Fox” News — had been and used to “stl a million dollars” and make donations.
Source: AnonOps
No comments:
Post a Comment