On Thursday, AntiSec supporters published nearly a million records, including usernames, email addresses, home addresses, phone numbers, credit card details, and hashed passwords - taken during the Christmas Eve attack against the open source intelligence firm, Stratfor.
Strategic Forecasting Inc., better known as Stratfor, is an intelligence gathering firm located in Austin, Texas. On Christmas Eve, AntiSec attacked, leaving a defaced page in their wake, which lasted for a little over an hour before Stratfor was forced to pull it offline.
However, before the domain was taken down, AntiSec walked off with all of the personal and financial data given to the firm by their customers. In addition, it was reported that they copied nearly 200GBs worth of the Stratfor’s email, roughly 2.7 messages in all.
To date, including Thursday’s release, all of the stolen credit card information has been published, as well as a customer subscription list, and website registration information. The hijacked emails are set to be released soon, according to various statements made by AntiSec supporters online.
“It's time to dump the full 75,000 names, addresses, CCs and md5 hashed passwords to every customer that has ever paid Stratfor. But that's not all: we're also dumping ~860,000 usernames, email addresses, and md5 hashed passwords for everyone who's ever registered on Stratfor's site,” Thursday’s notice from AntiSec exclaimed.
A 193MB CSV file released on Thursday contains 860,163 records. Included in the list are names, email addresses, and hashed passwords. In addition, a separate list, roughly 30MB in size, contains a printout of Stratfor customers who have made purchases.
The list contains credit card details, which are presented in an easily sorted format, complete with all the information needed to commit fraudulent activities. Combined with the user registration list, Thursday’s release is a crime spree in the making.
“...use and abuse these password lists and credit card information to wreak unholy havok upon the systems and personal email accounts of these rich and powerful oppressors. Kill, kitties, kill and burn them down...,” the AntiSec statement added.
The aftermath of the breach has caused some issues for Stratfor, as they continue to take heat for their data storage methods. In a blog post on the subject, Databreaches.net, pondered the level of data protection that Stratfor was required to offer customers by law. As it turns out, the level of protection required is far more than what actually existed, so this breach may cost Stratfor millions of dollars in fines.
For those impacted by the AntiSec attack, Stratfor is offering identity protection from CSID.
Stratfor customers eligible for the CSID services have been sent an email with instructions on securing a personal identification number and how to enroll for 12 months of free coverage. Following the 12-month period, users can renew their subscription at a discounted rate.
In related news, AntiSec also released data taken from SpecialForces.com this week. Unlike the Stratfor, the records taken from SpecialForces.com were stolen back in August.
Still, according to Thursday’s message, there’s more to come.
“On New Years Eve, there will be 'noise demonstrations' in front of jails and prisons all over the world to show solidarity with those incarcerated. On this date, we will be launching our contributions to project mayhem by attacking multiple law enforcement targets from coast to coast. That's right: once again we bout to ride on the po po. Problem, officer? umad?”