Anonymous' Operation Antisec has claimed another victim. Strategic Forecasting's operations are offline and its customer details have been leaked. However, sources claiming to represent Anonymous are distancing themselves from the STRATFOR hack. In IT Blogwatch, bloggers uncover the details.
Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: The 30 Most Important Cats Of 2011...
John P. Mello Jr. reports:
So far, two lists of credit card details have been published to the Internet by Anonymous. ... Some of those numbers have apparently been used to donate large sums of money to charit[y].
...The Anonymous attack on Stratfor was made murkier by a disclaimer...saying the group isn't responsible. ... They assert that Stratfor is being falsely characterized as...a contractor accused of developing dirty tricks schemes for the military.
Aunty Beeb adds:
The hackers claim they were able to obtain the information because...Stratfor did not encrypt it. ... The Austin-based company says it has now suspended the operation on its servers and email...[and] later announced that it would keep its email and servers suspended for some time.
...Anonymous has previously claimed responsibility for cyber attacks on...institutions seen as enemies of...Wikileaks.
Here's Mikko H. Hypponen, riding through the glen:
At first glance, actions like this look a bit like...steal[ing] from the rich [to] give to the poor. But...in this case the poor won't get a dime.
...[T]hese actions will just end up hurting the charities, not helping them. When credit card owners see unauthorized charges on their cards, they...will do a chargeback to the charities. ... In some cases, charities could be hit with with penalties.
When is Anonymous not Anonymous? This anonymous writer knows:
Anonymous fancies itself as some sort of hacktivist organization fighting for the greater good. ... In reality it is nothing more than a name that different groups can hide behind...and attach itself to the Anonymous "brand" or rather, it's PR infrastructure.
These groups realized that by using the Anonymous name they could...use other Anonymous members as a "human" shield. ... [A]nyone can hack/leak/and delete corporate or government secrets and make it look like it was the "hacktivists".
...Was the Stratfor hack the work of a competitor? Foreign Intelligence Service?
Meanwhile, Quinn Norton tells us how the hack happened:
According to Antisec, Stratfor was using the e-commerce suite Ubercart...[which] has built-in encryption, but Stratfor apparently...stored customer data in cleartext. Additionally Stratfor appears to have stored the card security code of its customers...prohibited by credit card companies.
...Stratfor was targeted because of its client list...but also because it was terribly insecure. ... Antisec says that future Lulxmas targets will include law enforcement...and the companies that supply them.
The 30 Most Important Cats Of 2011
Don't miss out on IT Blogwatch:
- Follow @richi, your humble blogwatcher, on Twitter
- Subscribe to the Computerworld Blogs newsletter
- Catch up with posts from the previous few days
Richi Jennings is an independent analyst/consultant, specializing in blogging, email, and security. He's the creator and main author of Computerworld's IT Blogwatch -- for which he has won American Society of Business Publication Editors and Jesse H. Neal awards on behalf of Computerworld. He also writes The Long View for IDG Enterprise. A cross-functional IT geek since 1985, you can follow him as @richi on Twitter, pretend to be richij's friend on Facebook, or just use good old email: firstname.lastname@example.org. You can also read Richi's full profile and disclosure of his industry affiliations.