Anonymous has struck again. The loose confederation of hackers, known worldwide for its politically-oriented attacks and Guy Fawkes masks, said it has hit Strategic Forecasting, a security think tank also known as Stratfor.
The Stratfor site was down on Monday morning, having first been attacked on Saturday, and Anonymous said that credit card and other confidential information from Stratfor's corporate clients have been stolen from the site. In an email statement on Sunday, the Austin, Texas-based company that that "the operation of Stratfor's servers and email have been suspended" because of the incident.
'No So Private?'
A tweet on Twitter from Anonymous asked, "Not so private and secret anymore?" The group indicated that the attack was in retaliation for the treatment of Pfc. Bradley Manning, an Army intelligence analyst who is charged with having leaked more than a quarter million U.S. diplomatic cables to the WikiLeaks Web site, which has posted many of them.
Those claiming credit said they obtained about 4,000 passwords, home addresses, and credit card information on the company's private client list, and have posted the data on the information sharing site, Pastebin, where Anonymous often posts its communications.
The hacker group claims to have obtained about 200 gigabytes of data, and said that the credit card information was unencrypted. If so, the lack of security around client information would be an added blow to Stratfor, which provides global risk and security assessments for its corporate client base. Clients include the U.S. Department of Defense, Lockheed Martin, Los Alamos National Laboratory, Doctors Without Borders, and Bank of America. Stratfor has said it is currently working with law enforcement in response to the incident.
One of the purported, unnamed hackers has posted that the objective is to give away Christmas donations from those credit card accounts, and, according to news reports, some unauthorized transactions have been made. One posted image of an alleged receipt for a charitable donation had the title, "Thank you! Defense Intelligence Agency."
'Money I Did Not Have'
Another shown receipt, to the American Red Cross, bore the full name of Allen B., a retired employee of the Texas Department of Banking. He has told news media that $700 in fraudulent charges have been made to his credit card, all of which were donations -- to the Red Cross, CARE, and Save the Children. Communications have indicated that the group intends to make $1 million in donations.
One employee of the U.S. Homeland Security department told The Associated Press that the hackers "took money I did not have." The employee, whose first name is Cody, had his email, phone number, and credit card information posted. "I think 'Why me? I am not rich," he said. Credit card companies typically limit the liability to card owners for fraudulent charges to $50.
Anonymous' previous targets have included companies that the group felt had backed the campaign against WikiLeaks, as well as music industry sites, a Mexican drug cartel called the Zetas, the Egyptian government's servers during that country's revolution, and the Church of Scientology.
In September, the Obama administration began calling for increased penalties and vigilance concerning computer crimes. In testimony before Congress, administration officials said that the current Computer Fraud and Abuse Act has not caught up with the seriousness of today's computer-based offenses.