Confidential client list safe from Anonymous, Stratfor says
The magnitude of a Christmas Eve attack on Stratfor appears exaggerated by the data bandits
PC World - The damage from a weekend data breach at a think tank on international security issues appears to have been inflated by the assault's perpetrators, the hacker collective known as Anonymous.
After Anonymous ransacked think tank Stratfor's computers and stole away thousands of credit card numbers and other personal information, it claimed to have also clipped the company's confidential client list. That list contains sensitive information about Stratfor's high- profile clients, such as Apple, the U.S. Air Force, and the Miami Police Department.
However, Stratfor denies that Anonymous got the think tank's family jewels. "Contrary to this assertion the disclosure was merely a list of some of the members that have purchased our publications and does not comprise a list of individuals or entities that have a relationship with Stratfor beyond their purchase of our subscription-based publications," the firm says in an e-mail to its members dated December 25.
Stratfor adds that it had hired an identity theft and monitoring service to assist its members affected by the data breach. Further details on those services will be released to affected members later this week, it says.
On Monday morning, Stratfor's website was offline. Visitors to the location are being greeted to an "undergoing maintenance" screen.
So far, two lists of credit card details have been published to the Internet by Anonymous members, one containing 3956 items, the other with 13,191 items. Some of those numbers have apparently been used to donate large sums of money to charitable organizations such as the American Red Cross and CARE.
While to some it may appear that Anonymous is acting as an Information Age Robin Hood, it may not be doing anyone any favors by ringing up unauthorized charges on other people's credit cards. "These donations will never reach the ones in need," writes security guru Mikko Hypponen at F-Secure. "In fact, these actions will just end up hurting the charities, not helping them."
"When credit card owners see unauthorized charges on their cards, they will report them to their bank or credit card company," he explains. "Credit card companies will do a chargeback to the charities, which will have to return the money. In some cases, charities could be hit with penalties. At the very least, they will lose time and money in handling chargebacks."
The Anonymous attack on Stratfor was made murkier by a disclaimer posted on the Internet saying the group isn't responsible for the action. In an "Emergency Christmas Anonymous Press Release" the Stratfor foray was rapped by parties claiming to represent the collective. They assert that Stratfor is being falsely characterized as another HBGary Federal, a contractor accused of developing dirty tricks schemes for the military. A cyber assault on HBGary Federal earlier this year resulted in its CEO, Aaron Barr, resigning.
"Sabu and his crew are nothing more than opportunistic attention whores who are possibly agent provocateurs," they declare, referring to a well-known Anonymous member.
"As a media source, Stratfor's work is protected by the freedom of press, a principle which Anonymous values greatly," they add.
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- 5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Advanced Threat Defense: A Comprehensive Approach In this interview, Peter George, president, General Dynamics Fidelis Cybersecurity Solutions, explains why we need more than anti-malware, and what constitutes a comprehensive...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to... All Cybercrime and Hacking White Papers | Webcasts