Posts: 5,506
Threads: 1,443
Likes Received: 0 in 0 posts
Likes Given: 0
Joined: May 2009
Stratfor Hacked, 200GB Of Emails, Credit Cards Stolen, Client List Released, Includes MF Global, Rockefeller Foundation
Submitted by Tyler Durden on 12/24/2011 21:10 -0500
This Christmas will not be a happy one for George Friedman (who incidentally was the focus of John Mauldin's latest book promotion email blast) and his Stratfor Global Intelligence service, because as of a few hours ago, hacking collective Anonymous disclosed that not only has it hacked the Stratfor website (since confirmed by Friedman himself), but has also obtained the full client list of over 4000 individuals and corporations, including their credit cards (which supposedly have been used to make $1 million in "donations"), as well as over 200 GB of email correspondence. And since the leaked client list is the who is who of intelligence, and capital management, including such names as Goldman Sachs, the Rockefeller Foundation and, yep, MF Global, we are certain that not only Stratfor and its clients will be waiting with bated breath to see just what additional troves of information are unleashed, but virtually everyone else, in this very sensitive time from a geopolitical point of view. And incidentally, we can't help but notice that Anonymous may have finally ventured into the foreign relations arena. We can only assume, for now, that this is not a formal (or informal) statement of allegiance with any specific ideology as otherwise the wargames in the Straits of Hormuz may soon be very inappropriately named (or halfway so).
Chronology of releases from AnonymousIRC starting early this afternoon:
And the kicker:
Anon promises that much more is coming: - #Antisec has enough targets lined up to extend the fun fun fun of [url=http://search.twitter.com/search?q=%23LulzXmas]#LulzXmas throught the entire next week.
How the Stratfor site looked minutes after the hack:
Full letter from George Friemdan to clients as of an hour ago:
The full client list as released in a pastebin by Anonymous of all the alleged clients sorted by company name, can be found here. As this is merely an extracted column from a far larger database, we are confident much more very sensitive information, as the bulk of the companies are either in the intelligence or money management business, will be released shortly.
"Where is the intersection between the world's deep hunger and your deep gladness?"
Posts: 17,304
Threads: 3,464
Likes Received: 0 in 0 posts
Likes Given: 2
Joined: Sep 2008
What a terrible shame......:rocker::dancingman::pointlaugh:
"The philosophers have only interpreted the world, in various ways. The point, however, is to change it." Karl Marx
"He would, wouldn't he?" Mandy Rice-Davies. When asked in court whether she knew that Lord Astor had denied having sex with her.
“I think it would be a good idea” Ghandi, when asked about Western Civilisation.
Posts: 5,506
Threads: 1,443
Likes Received: 0 in 0 posts
Likes Given: 0
Joined: May 2009
And, found at http://cryptome.org/0005/stratfor-hack.htm :
25 December 2011. A message allegedly to subscribers from George Friedman, Stratfor, was posted to Facebook and Pastebin ( below).
25 December 2011. Another paste today with firm names and "B-By" through "C-Cz" client first names and personal information (including credit cards and passwords):
25 December 2011. A paste today denying Anonymous role:
Also today, a file, "stratfor_full_a.txt.gz." And five images of credit card donations:
The "stratfor_full_a.txt.gz" file contains firm names and personal information (including credit card) for first names beginning with "A" through "Az." Paste quote: Attached are ~4000 credit cards, md5 passwords, and home addresses to just a few of Stratfor's "private client list". Not as many as you expected? Worry not, fellow pirates and robin hoods. These are just the "A"s. And, Stratfor's A client list of passwords:
24 December 2011
STRATFOR Hacked
Related: [/url]
A sends:
Subject: Important Announcement from STRATFOR
Date: Sat, 24 Dec 2011 19:49:58 -0500
From: STRATFOR <mail[at]response.stratfor.com>
Dear Stratfor Member,
We have learned that Stratfor's web site was hacked by an unauthorized party. As a result of this incident the operation of Stratfor's servers and email have been suspended.
We have reason to believe that the names of our corporate subscribers have been posed [sic] on other web sites. We are diligently investigating the extent to which subscriber information may have been obtained.
Stratfor and I take this incident very seriously. Stratfor's relationship with its members and, in particular, the confidentiality of their subscriber information, are very important to Stratfor and me. We are working closely with law enforcement in their investigation and will assist them with the identification of the individual(s) who are responsible.
Although we are still learning more and the law enforcement investigation is active and ongoing, we wanted to provide you with notice of this incident as quickly as possible. We will keep you updated regarding these matters.
Sincerely,
George Friedman
STRATFOR
221 W. 6th Street, Suite 400
Austin, TX 78701 US
[url=http://www.stratfor.com/]www.stratfor.com
http://www.facebook.com/stratfor
http://pastebin.com/6a86QSMM
Dec 25th, 2011
On December 24th an unauthorized party disclosed personally identifiable information and related credit card data of some of our members. We have reason to believe that your personal and credit card data could have been included in the information that was illegally obtained and disclosed.
Also publicly released was a list of our members which the unauthorized party claimed to be Stratfor's "private clients." Contrary to this assertion the disclosure was merely a list of some of the members that have purchased our publications and does not comprise a list of individuals or entities that have a relationship with Stratfor beyond their purchase of our subscription-based publications.
We have also retained the services of a leading identity theft protection and monitoring service on behalf of the Stratfor members that have been impacted by these events. Details regarding the services to be provided will be forwarded in a subsequent email that is to be delivered to the impacted members no later than Wednesday, December 28th.
In the interim, precautions that can be taken by you to minimize and prevent the misuse of information which may have been disclosed include the following:
- contact your financial institution and inform them of this incident;
- if you see any unauthorized activity on your accounts promptly notify your financial institution;
- submit a complaint with the Federal Trade Commission ("FTC") by calling 1-877-ID-THEFT (1-877- 438-4338) or online at https://www.ftccomplaintassistant.gov/; and
- contact the three U.S. credit reporting agencies: Equifax ( http://www.equifax.com/ or (800) 685-1111), Experian ( http://www.experian.com/or (888) 397-3742), and TransUnion ( http://www.transunion.com/ or (800) 888-4213), to obtain a free credit report from each.
Even if you do not find any suspicious activity on your initial credit reports, the FTC recommends that you check your credit reports periodically. Checking your credit reports can help you spot problems and address them quickly.
To ease any concerns you may have about your personal information going forward, we have also retained an experienced outside consultant that specializes in such security matters to bolster our existing efforts on these issues as we work to better serve you. We are on top of the situation and will continue to be vigilant in our implementation of the latest, and most comprehensive, data security measures.
We are also working to restore access to our website and continuing to work closely with law enforcement regarding these matters. We will continue to update you regarding the status of these matters.
Again, my sincerest apologies for this unfortunate incident.
Sincerely,
George Friedman
"Where is the intersection between the world's deep hunger and your deep gladness?"
Posts: 17,304
Threads: 3,464
Likes Received: 0 in 0 posts
Likes Given: 2
Joined: Sep 2008
I know that who ever did this will use the credit cards to make donations to worthy causes. That is, organisations which normal people think worthy, helping the poor and orphaned, homeless, the hungry, freedon of speech, healthcare and education, animal shelters.....
What I wonder is how many of the clients of Statfor will cancel these donations....?
"The philosophers have only interpreted the world, in various ways. The point, however, is to change it." Karl Marx
"He would, wouldn't he?" Mandy Rice-Davies. When asked in court whether she knew that Lord Astor had denied having sex with her.
“I think it would be a good idea” Ghandi, when asked about Western Civilisation.
Posts: 16,120
Threads: 1,776
Likes Received: 1 in 1 posts
Likes Given: 0
Joined: Sep 2008
Magda Hassan Wrote:I know that who ever did this will use the credit cards to make donations to worthy causes. That is, organisations which normal people think worthy, helping the poor and orphaned, homeless, the hungry, freedon of speech, healthcare and education, animal shelters.....
What I wonder is how many of the clients of Statfor will cancel these donations....?
Scrooges all, I'd say all who notice in time will cancel them. They only give money to things that kill, can be used in killing or repression, denial of rights, etc. - or would benefit themselves alone in lucre.
From Wiki:
Stratfor has published a daily intelligence briefing since its inception in 1996. Its rise to prominence occurred with the release of its Kosovo Crisis Center during the 1999 NATO air-strikes over Kosovo, which led to publicity in Time magazine, Texas Monthly, and other major publications.[1] Before the end of 1999, however, Stratfor had introduced a subscription service through which it offered the majority of its analyses. At the time of the September 11, 2001 attacks, Stratfor made its "breaking news" paragraphs, as well as some notable analyses predicting likely actions to be taken by al-Qaeda and the Bush administration, available freely to the public.
Stratfor has some products available to the public including private briefings, corporate memberships, a publishing business that includes written and multimedia analysis and an iPhone application.[2]
[edit]
Clients
Stratfor's client list was confidential, and the company's publicity list includes Fortune 500 companies and international government agencies.[3] The hacker group Operation AntiSec made it public on December 24, 2011.[4]
Currently Stratfor's products are oriented around individual subscriptions, of which the "Premium" product is the most comprehensive in content offered. Other packages, such as "Global Vantage", are tailored to appeal to commercial or governmental customers. They feature regional and customizable intelligence whereby users are able to partake in monthly teleconferences with Stratfor's founder, Dr. George Friedman, and have the option of emailing Stratfor's analysts with a "guaranteed response within 24 hours MondayFriday".[5] Some of Stratfor's work remains available free to the public.[6]
[edit]
Media coverage
Stratfor has been cited by media such as CNN, Bloomberg, the Associated Press, Reuters, The New York Times and the BBC as an authority on strategic and tactical intelligence issues.[7] Barron's once referred to it as "The Shadow CIA".[8]
It was reported in December 2011 that members of Anonymous had stolen of emails and credit-card data from Stratfor's web site. [9] According to the one page that was still up but without any links the "Site is currently undergoing maintenance[:] Please check back soon".[10]
"Let me issue and control a nation's money and I care not who writes the laws. - Mayer Rothschild
"Civil disobedience is not our problem. Our problem is civil obedience! People are obedient in the face of poverty, starvation, stupidity, war, and cruelty. Our problem is that grand thieves are running the country. That's our problem!" - Howard Zinn
"If there is no struggle there is no progress. Power concedes nothing without a demand. It never did and never will" - Frederick Douglass
Posts: 5,506
Threads: 1,443
Likes Received: 0 in 0 posts
Likes Given: 0
Joined: May 2009
28 December 2011
Prepping for the Stratfor 5M Email Release
http://pastebin.com/Qsqpsr6t
http://piratenpad.de/Stratfor
http://cryptome.org/0006/stratfor-5m.htm
***
Summary of releases of STRATFOR documents, subscribers' firm names and personal information (including addresses, telephone numbers, credit card numbers and passwords), latest release at top:
STRATFOR Hacked Update 6
30 December 2011. A writes that five Pastebin posts of recovered STRATFOR passwords have been removed as indicated below. In addition, four files from sources have been removed from Rapid Share (1) and Wikisend (3).
29 December 2011.
Lulzxmas Dumps 860,000 STRATFOR Accounts:
28 December 2011.
Prepping for the Stratfor 5M Email Release
27 December 2011.
http://pastebin.com/78MUAaeZ [Now removed]
26 December 2011. Firms and personal first names beginning with "D" through "My" (~ 30,000).
26 December 2011. Sample Stratfor.com email:
26 December 2011. STRATFOR leaked accounts (10257 passwords recovered)
25 December 2011. Firms and personal miscellaneous names not in alphabetical order (~13,000):
25 December 2011. Firms and personal first names beginning with "B-By" through "C-Cz" (~4,000) :
25 December 2011. Firms and personal first names beginning with "A" through "Az" (~ 4,000).
25 December 2011. A message allegedly to subscribers from George Friedman, Stratfor, was posted to Facebook and Pastebin ( below).
25 December 2011. A paste today denying Anonymous role:
And, Stratfor's A client list of passwords:
http://cryptome.org/0005/stratfor-hack.htm
"Where is the intersection between the world's deep hunger and your deep gladness?"
Posts: 16,120
Threads: 1,776
Likes Received: 1 in 1 posts
Likes Given: 0
Joined: Sep 2008
Would be interesting to know who posted and who removed them. Seems as if only one remains.
"Let me issue and control a nation's money and I care not who writes the laws. - Mayer Rothschild
"Civil disobedience is not our problem. Our problem is civil obedience! People are obedient in the face of poverty, starvation, stupidity, war, and cruelty. Our problem is that grand thieves are running the country. That's our problem!" - Howard Zinn
"If there is no struggle there is no progress. Power concedes nothing without a demand. It never did and never will" - Frederick Douglass
Posts: 5,506
Threads: 1,443
Likes Received: 0 in 0 posts
Likes Given: 0
Joined: May 2009
Analysis of Stratfor Site Breach Reveals Weak Passwords, Poor Enforcement
eWeek (4 Jan 12)
Stratfor "Provides strategic intelligence on global business, economic, security and geopolitical affairs."
From Wikipedia, the free encyclopedia
[TABLE="class: infobox vcard, width: 1"]
STRATFOR[TR]
Type[TD="class: category"]Private[/TD]
[/TR]
[TR]
Industry[TD="class: category"]intelligence[/TD]
[/TR]
[TR]
Founded[TD]1996[/TD]
[/TR]
[TR]
Headquarters[TD="class: label"]Austin, Texas, USA[/TD]
[/TR]
[TR]
Key people[TD="class: agent"]George Friedman (founder, chairman and Chief Intelligence Officer)[/TD]
[/TR]
[TR]
Products[TD]strategic intelligence, tactical intelligence, custom intelligence, written and multimedia analysis, corporate security analysis, geopolitics[/TD]
[/TR]
[TR]
Employees[TD]70 (2004)[/TD]
[/TR]
[TR]
Website[TD]http://www.stratfor.com/[/TD]
[/TR]
[/TABLE]
Strategic Forecasting, Inc., more commonly known as STRATFOR, is a global intelligencecompany founded in 1996 in Austin, Texas by George Friedman who is the founder, chief intelligence officer, and CEO of the company. Fred Burton is STRATFOR's Vice President for Counterterrorism and Corporate Security.
The company's primary focus is to help clients with security. It also publishes security newsletters that are available to the general public. Stratfor is known for its secrecy, especially its confidential client list.[SUP][citation needed][/SUP]
"Where is the intersection between the world's deep hunger and your deep gladness?"
Posts: 16,120
Threads: 1,776
Likes Received: 1 in 1 posts
Likes Given: 0
Joined: Sep 2008
How poetic - a security company with poor security!...and charging astronomical fees for their services to the rich and powerful. I'm at the brink of tears.
"Let me issue and control a nation's money and I care not who writes the laws. - Mayer Rothschild
"Civil disobedience is not our problem. Our problem is civil obedience! People are obedient in the face of poverty, starvation, stupidity, war, and cruelty. Our problem is that grand thieves are running the country. That's our problem!" - Howard Zinn
"If there is no struggle there is no progress. Power concedes nothing without a demand. It never did and never will" - Frederick Douglass
Posts: 5,506
Threads: 1,443
Likes Received: 0 in 0 posts
Likes Given: 0
Joined: May 2009
Why we all lost in the Stratfor hackBy Michael Lee, ZDNet.com.au on January 3rd, 2012 (4 days ago)
commentary I like hearing when companies pay the price for lax security, but in the case of Stratfor, proving that someone's security is weak by spilling everyone's details is like peeing your pants to prove your parents aren't supervising you. It might feel good and warm at first, but you ultimately end up being the loser.
Stratfor is one of the latest companies allegedly targeted by Anonymous. The breach, which began to make headlines on Christmas day in the US, resulted in the loss of 200GB worth of data and ultimately the publication of its customers' emails, credit card numbers, and corresponding verification numbers and addresses.
The hackers wanted to release the credit card details because they belonged to "rich and powerful oppressors". But even the author behind the release stated that of the 860,000, just 50,000 email accounts were from military or government domains. How many of those 50,000 were even responsible for oppressing anyone? And even if all 50,000 were, was it really worth ruining the privacy of 810,000 other likely innocent bystanders?
Sure, Shadow Communications Minister Malcolm Turnbull and Generation Investments founder David Smorgon, who were two Australians that had their private details published, might have a lot of money, but are they rich and powerful oppressors?
Some may argue their opinion that Turnbull is oppressive given his stance on the NBN, but the fact of the matter is that government requires the constant checks and balances, which an opposing politician provides. We are, as a whole, less oppressed through any role that keeps government in check.
What about Smorgon? Well, for a guy who has been awarded the Medal of the Order of Australia for his contributions to health, education and social welfare organisations, surely he's not oppressive, right?
Both men have money, but consider US Homeland Security employee Cody Sultenfuss, which the Associated Press learned did not have the money that was stolen from his account. He said he wasn't rich, and I seriously doubt he could have had much of a hand in oppressing people. It's not just the rich that are the victims.
What about Stratfor itself? The company is an intelligence firm, not a security company. While that doesn't exclude it from attack, most would have thought it would be of little interest to Anonymous. It even provided Anonymous with a warning once. During Anonymous' Operation Cartel, a plan to release the names of those involved in the Mexican Zetas drug cartel in response to the kidnapping of an Anonymous member, the company wrote in a report: "we have seen evidence of cartels employing their own computer scientists to engage in cybercrime, it is logical to conclude that the cartels likely have individuals working to track anti-cartel bloggers and hackers" such as Anonymous' members.
There also appears to be division within Anonymous itself.
Shortly after Stratfor customer information was leaked, a post defending the company was released claiming that Anonymous is not and should not be held responsible for the attack.
"Stratfor analysts are widely considered to be extremely unbiased. Anonymous does not attack media sources," the post read.
You might be interested in:
"This hack is most definitely not the work of Anonymous."
While Stratfor shouldn't be let off the hook for its lax security practices, there are better ways to prove a point and still stay classy about it.
Partial card numbers, or hashes of the same information provide ways for the rightful owners to confirm their details had been stolen. The information could also have been provided anonymously to multiple government, or independent, privacy institutions.
What experienced hacker wouldn't know about the concept of only providing a hash of sensitive information or covering their tracks to submit information anonymously?
In the absence of data breach laws and the refusal or ignorance by organisations to assess their security, Anonymous and spin-offs like LulzSec certainly do have a role to play in raising awareness of information security, but it's only when the average citizen Joe is protected that we get both the satisfaction of (renegade) justice and the lulz.
"Where is the intersection between the world's deep hunger and your deep gladness?"
|