Stratfor: Oh how the mighty are hacked

David Heath
Friday, 30 December 2011 00:05

Business IT - Security

The security consultancy Stratfor has suffered an embarrassing hack.  If Anonymous is correct, the embarrassment may last some time to come.

Some weeks ago, it seems the Antisec wing of hacking group Anonymous breached the servers of the security consultancy Stratfor.  There is however a strenuous denial from Anonymous and another strenuous denial that the previous denial was fake.

Readers should be aware that Stratfor is in the business of physical and political security consultancy and commentary - they write assessments of the drug war in Mexico or the long term future of Poland (for instance).

Wired reported "Four servers were rooted and wiped," said one participant in the attack, "Charred like ashes, just like what we plan on doing with their old crumbling world."

It also appears that as much as 200 GB of information was taken from these servers, which Anonymous is planning to make public in the next few days.  The information is reputed to include as many as 860,000 usernames, (with emails and MD5-hashed passwords) and credit card details in the many tens of thousands - many of which include CVV codes (which, according to PCI-DSS rules, should never be stored).

The website is currently off-the-air and is currently displaying a simple "undergoing maintenance" message and no more.

Stratfor first announced the breach via their Facebook page on December 24th by stating, "On December 24th an unauthorized party disclosed personally identifiable information and related credit card data of some of our members. We have reason to believe that your personal and credit card data could have been included in the information that was illegally obtained and disclosed."

This same message was also communicated to all mailing list members (including this writer).

Stratfor wrote again to subscribers a few hours ago.