Confidential client list safe from Anonymous, Stratfor says
The magnitude of a Christmas Eve attack on Stratfor appears exaggerated by the data bandits
PC World - The damage from a weekend data breach at a think tank on international security issues appears to have been inflated by the assault's perpetrators, the hacker collective known as Anonymous.
After Anonymous ransacked think tank Stratfor's computers and stole away thousands of credit card numbers and other personal information, it claimed to have also clipped the company's confidential client list. That list contains sensitive information about Stratfor's high- profile clients, such as Apple, the U.S. Air Force, and the Miami Police Department.
However, Stratfor denies that Anonymous got the think tank's family jewels. "Contrary to this assertion the disclosure was merely a list of some of the members that have purchased our publications and does not comprise a list of individuals or entities that have a relationship with Stratfor beyond their purchase of our subscription-based publications," the firm says in an e-mail to its members dated December 25.
Stratfor adds that it had hired an identity theft and monitoring service to assist its members affected by the data breach. Further details on those services will be released to affected members later this week, it says.
On Monday morning, Stratfor's website was offline. Visitors to the location are being greeted to an "undergoing maintenance" screen.
So far, two lists of credit card details have been published to the Internet by Anonymous members, one containing 3956 items, the other with 13,191 items. Some of those numbers have apparently been used to donate large sums of money to charitable organizations such as the American Red Cross and CARE.
While to some it may appear that Anonymous is acting as an Information Age Robin Hood, it may not be doing anyone any favors by ringing up unauthorized charges on other people's credit cards. "These donations will never reach the ones in need," writes security guru Mikko Hypponen at F-Secure. "In fact, these actions will just end up hurting the charities, not helping them."
"When credit card owners see unauthorized charges on their cards, they will report them to their bank or credit card company," he explains. "Credit card companies will do a chargeback to the charities, which will have to return the money. In some cases, charities could be hit with penalties. At the very least, they will lose time and money in handling chargebacks."
The Anonymous attack on Stratfor was made murkier by a disclaimer posted on the Internet saying the group isn't responsible for the action. In an "Emergency Christmas Anonymous Press Release" the Stratfor foray was rapped by parties claiming to represent the collective. They assert that Stratfor is being falsely characterized as another HBGary Federal, a contractor accused of developing dirty tricks schemes for the military. A cyber assault on HBGary Federal earlier this year resulted in its CEO, Aaron Barr, resigning.
"Sabu and his crew are nothing more than opportunistic attention whores who are possibly agent provocateurs," they declare, referring to a well-known Anonymous member.
"As a media source, Stratfor's work is protected by the freedom of press, a principle which Anonymous values greatly," they add.
- Transforming Information Security: Future-Proofing Processes This report provides a valuable set of recommendations from 19 of the world'd leading security officers to help organizations build security strategies for...
- The Evolution of Corporate Cyberthreats Cybercriminals are creating and deploying new threats every day that are more destructive than ever before. While you may have more people devoted...
- 3 Questions to Ask Your DNS Host about Lowering DDoS Risks Neustar has had wide-ranging conversations with clients wanting to know how they can optimize protection as DDoS attacks increase in frequency and size.
- The Danger Deepens: 2014 Neustar Annual DDoS Attacks and Impact Report This report compares DDoS findings from 2013 to 2012, based on a survey of 440 North American companies, including 139 businesses delivering technology...
- Establish Cyber Resiliency: Developing a Continuous Response Architecture Many enterprises fail to proactively prepare the battlefield for a data breach by only leveraging outdated techniques that focus on the perimeter or...
- An Incident Response Playbook: From Monitoring to Operations As cyber-attacks grow more sophisticated, many organizations are investing more into incident detection and response capabilities. In this webcast, learn how to develop... All Cybercrime and Hacking White Papers | Webcasts