Geopolitical intelligence firm yields 90,000 credit card accounts

While the rest of the world engaged in merriment and good cheer, hackers used the holidays to attack a United States research group that puts out a daily newsletter on security issues.

On Saturday, hackers who say they are members of the collective known as Anonymous claimed responsibility for crashing the Web site of the group, Stratfor Global Intelligence Service, and pilfering its client list, e-mails and credit card information in an operation they say is intended to steal $1 million for donations to charity. The hackers posted a list online that they say contains Stratfor’s confidential client list as well as credit card details, passwords and home addresses for some 4,000 Stratfor clients. The hackers also said they had details for more than 90,000 credit card accounts. Among the organizations listed as Stratfor clients: Bank of America, the Defense Department, Doctors Without Borders, Lockheed Martin, Los Alamos National Laboratory and the United Nations.

The group also posted five receipts online that it said were of donations made with pilfered credit card details. One receipt showed a $180 donation from a United States Homeland Security employee, Edmund H. Tupay, to the American Red Cross. Another showed a $200 donation to the Red Cross from Allen Barr, a recently retired employee from the Texas Department of Banking. Neither responded to requests for comment.

Mr. Barr told The Associated Press that on Friday he discovered that $700 had been transferred from his account to charities including the Red Cross, Save the Children and CARE, but that he had not been aware that the transfer was tied to a breach of Stratfor’s site.

Stratfor executives did not return calls for comment on Sunday. In an e-mail to subscribers Sunday morning, Stratfor’s chief executive, George Friedman, confirmed that the company’s site had been hacked and said his company was working with law enforcement to track down the parties responsible.

“We have reason to believe that the names of our corporate subscribers have been posted on other Web sites,” Mr. Friedman wrote in the e-mail. “We are diligently investigating the extent to which subscriber information may have been obtained.”

The hackers took responsibility for the Stratfor attack on Twitter and said the attack would be the beginning of a weeklong holiday hacking spree. The breach was the latest in the online group’s ongoing campaign of computer attacks which, to date, has been aimed at MasterCard, Visa and PayPal as well as groups as diverse as the Church of Scientology, the Motion Picture Association of America and the Zetas, a Mexican crime syndicate.

The breach first surfaced on Saturday when hackers defaced Stratfor’s Web site with their own message. “Merry Lulzxmas!” the group wrote in a reference to Lulz Security, a hacking group loosely affiliated with Anonymous. “Are you ready for a week of mayhem?” By Sunday afternoon, the message had been replaced with a banner message that said: “Site is currently undergoing maintenance. Please check back soon.”

According to the hackers’ online postings, the group voted on what charities to contribute to. Among their choices were cancer and AIDS research, the American Red Cross, WikiLeaks and the Tor Project, a software that enables online anonymity.

Also according to their postings, the breach appears to have been conducted in retaliation for the arrest and imprisonment of Pfc. Bradley Manning, the Army intelligence analyst on trial on charges of leaking classified intelligence information and more than 250,000 diplomatic cables to WikiLeaks last year.

The attack was also likely intended to embarrass Stratfor, which specializes in intelligence and security. The hackers said they were able to obtain the credit card details because, they said, Stratfor had failed to encrypt them.

“The scary thing is that no matter what you do, every system has some level of vulnerability,” says Jerry Irvine, a member of the National Cyber Security Task Force. “The more you do from an advanced technical standpoint, the more common things go unnoticed. Getting into a system is really not that difficult.”

Source: The New York Times (