The loose-knit hacking movement Anonymous said Sunday it has stolen thousands of credit card numbers and other personal information belonging to clients of Texas security think tank Stratfor.
One hacker said the goal was to pilfer funds from individuals' accounts to give away as Christmas donations, and some victims confirmed unauthorized transactions linked to their credit cards.
Anonymous boasted of stealing Stratfor's confidential client list, which includes entities ranging from Apple to the U.S. Air Force to the Miami Police Department, and mining it for more than 4,000 credit card numbers, passwords and home addresses.
"Not so private and secret anymore?" the group taunted in a message on Twitter, promising that the attack on Stratfor was just the beginning of a Christmas-inspired assault on a long list of targets.
Lack of encryptionAnonymous said the client list it posted was a small slice of the 200 gigabytes worth of plunder it stole from Stratfor and promised more leaks. It said it was able to get the credit details in part because Stratfor didn't bother encrypting them - an easy-to-avoid blunder which, if true, would be a major embarrassment for any security-related company.
Stratfor provides political, economic and military analysis to help clients reduce risk, according to a description on its YouTube page. It charges subscribers for its reports and analysis, delivered through the Web, e-mail and videos.
Anonymous linked to images online that it suggested were receipts for charitable donations made by the group manipulating the credit card data it stole.
"Thank you! Defense Intelligence Agency," read the text above one image that appeared to show a transaction summary indicating that an agency employee's information was used to donate $250 to a nonprofit.
Apparent victimOne receipt - to the American Red Cross - had Allen Barr's name on it.
Barr of Austin, Texas, recently retired from the Texas Department of Banking and said he discovered Friday that a total of $700 had been spent from his account. Barr, who has spent more than a decade dealing with computer crime at banks, said five transactions were made.
"It was all charities, the Red Cross, Care, Save the Children. So when the credit card company called, my wife she wasn't sure whether I was just donating," said Barr, who wasn't aware until a reporter called that his information had been compromised when Stratfor's computers were hacked.
Stratfor said in an e-mail to members that it had suspended its servers and e-mail after learning that its website had been hacked.
"We have reason to believe that the names of our corporate subscribers have been posted on other web sites," the e-mail said. "We are diligently investigating the extent to which subscriber information may have been obtained."
One member of the hacking group, who uses the handle AnonymousAbu on Twitter, said more than 90,000 credit cards from law enforcement, the intelligence community and journalists - "corporate/exec accounts of people like Fox" news - had been hacked and used to "steal a million dollars" and make donations.
It was impossible to verify where credit card details were used. Fox News was not on the excerpted list of Stratfor members posted online, but other media organizations, including MSNBC and Al Jazeera English, appeared in the file.
(SFgate)