Video: Anonymous goes on hacking spree

  1. Transcript of: Anonymous goes on hacking spree

    LESTER HOLT, anchor: Now to a massive security breach at a security firm whose laundry list of big-name clients includes Apple and the US military . The hacking group known as Anonymous says it's stolen thousands of credit card numbers and other personal information belonging to the firm's clients, but instead of going on a buying binge, you might be surprised by what they've apparently done. We get the details from our justice correspondent Pete Williams .

    PETE WILLIAMS reporting: The company called Stratfor based in Austin , Texas , helps clients shield themselves from risk. Tonight it's scrambling to protect itself. Its website now contains only a brief corporate understatement that it's, quote, undergoing maintenance. Hackers from the group Anonymous claim they stole thousands of credit card numbers and other personal information from the company and used it to make donations to charity. Some were corporate and government clients, but individual subscribers to Stratfor 's service were also among the victims, including this former employee of the Texas Department of Banking .

    Mr. ALLEN BARR (Hacking Victim): In this instance they're taking it from individuals who take -- you know, they could have ruined our Christmas . They could have ruined our lives.

    WILLIAMS: He says the hackers tried to steal $700 from his account, giving 200 of it as a donation to the Red Cross . In a widely circulated statement, the group says there's, quote, "plenty more havoc in store for the rest of the week" and calls for the release of Army Private Bradley Manning , accused of passing on thousands of classified government documents to WikiLeaks , the website that the hacker group Anonymous has sought to aid in the past.

    Mr. EVAN KOHLMANN (NBC Terrorism Analyst): I think the lesson here is for companies that do have this kind of sensitive information, now is the time to secure it. It's no longer enough to simply say, 'Well, it might not happen.'

    WILLIAMS: Tonight Stratfor says it's putting systems in place to prevent something like this from happening again. The hackers say the company should have stored the credit card numbers in encrypted files in the first place . Pete Williams , NBC News, Washington.

updated 12/27/2011 1:32:33 AM ET 2011-12-27T06:32:33

Victims of a data breach at the security analysis firm Stratfor apparently are being targeted a second time after speaking out about the hacking.

Stratfor said on its Facebook page that some individuals who offered public support for the company after it revealed it was hacked "may be being targeted for doing so."

The loose-knit hacking movement "Anonymous" claimed Sunday through Twitter that it had stolen thousands of credit card numbers and other personal information belonging to the company's clients. Anonymous members posted links to some of the information Sunday and more on Monday.

Stratfor, based in Austin, Texas, said its affected clients and its supporters "are at risk of having sensitive information repeatedly published on other websites." The company has resorted to communicating through Facebook while its website remains down and its email suspended.

Here's more from Stratfor's Facebook-posted warning:

It's come to our attention that our members who are speaking out in support of us on Facebook may be being targeted for doing so and are at risk of having sensitive information repeatedly published on other websites. So, in order to protect yourselves, we recommend taking security precautions when speaking out on Facebook or abstaining from it altogether.

A message posted online Monday by a group asserting it spoke for Anonymous mocked victims who spoke to The Associated Press about the experience of learning that their credit card information was stolen and used to make unauthorized charitable donations. The message also ridiculed someone who criticized the hacking on Facebook, saying "we went ahead and ran up your card a bit."

A Stratfor spokesman would not say whether the information was encrypted in its database or what the company has learned since the incident began.

Anonymous has said the data was not encrypted. If true, that would be a major embarrassment for a security-related company.

The spokesman, Kyle Rhodes, said the company could not discuss any details because several law enforcement agencies are investigating the incident.

The data was posted in a series of releases in links embedded in online messages that, in turn, were linked to from Twitter.

Some of the files appear to be alphabetical listings of Stratfor clients with related credit card information. The amount posted suggests that information about more than 100,000 individuals and thousands of companies was exposed. The posts also contain files of emails within Stratfor's information technology department, and what appears to be a list of passwords for Stratfor IT staff.

The posted data identifies thousands of major financial, defense and technology firms, media companies, government agencies and multiple units of the United Nations as Stratfor clients. The hackers said this was evidence that they had breached Straftor's "private clients," a claim the company denied.

"Contrary to this assertion, the disclosure was merely a list of some of the members that have purchased our publications and does not comprise a list of individuals or entities that have a relationship with Stratfor beyond their purchase of our subscription-based publications," Stratfor said in an email and on Facebook.

Stratfor clients around the world were trying to assess whether they were impacted by the hacking.

In New Zealand, the lead government agency, the Department of Prime Minister and Cabinet, is checking whether it has suffered any problems from the hacking. The department, New Zealand's police and fire services and national carrier Air New Zealand are among New Zealand agencies and companies using Stratfor for security purposes.

Department spokesman Ron Mackey said checks were under way to determine "whether its systems have been compromised," Radio New Zealand reported Tuesday.

Earlier, New Zealand technology commentator Colin Jackson said the hacking must be "really, really embarrassing for Stratfor."

"The government departments and (New Zealand) companies ... are going to have to go around and get those credit cards stopped, and decide whether to continue dealing with this outfit Stratfor," he said.

Stratfor "has made a press statement saying 'oh, this kind of thing happens to everybody and it's pretty hard to keep these guys out.' Yeah, right, well, you are supposed to be security experts," Jackson told Radio New Zealand.

The hackers initially claimed their goal was to use stolen the credit information to donate to charities at Christmas, and some victims confirmed unauthorized transactions were made from their credit accounts in recent days. The messages also said the hackers are targeting companies "that play fast and loose with their customers' private and sensitive information."

Stratfor provides political, economic and military analysis to help clients reduce cyber security risks, according to a description on its YouTube page. It charges subscribers for its reports and analysis, delivered through the web, emails and videos.

The company's home page carried a banner Monday that said its "website is currently undergoing maintenance."

Anonymous warned it plans more attacks this week. The movement has previously claimed responsibility for attacks on credit card processors Visa Inc. and MasterCard Inc., eBay Inc.'s PayPal, as well as banks, groups in the music industry and the Church of Scientology.

The Privacy Rights Clearinghouse, a watchdog that tracks data breaches, made the Stratfor hacking its 121st such incident of the year targeting credit cards.

Anonymous, reported to be a loose-knit group of hackers, became famous for attacking the companies and institutions that oppose anti-secrecy website WikiLeaks and its founder Julian Assange. The message Monday said the attacks could be averted. "Have you given our comrade Bradley Manning his holiday feast yet, at a fancy restaurant of his choosing?" Manning is the Army private facing court martial for allegedly sending hundreds of thousands of diplomatic documents and Iraq and Afghanistan war zone field reports to WikiLeaks. A seven-day hearing into the biggest national security leak in U.S. history ended Thursday.

Related: 'Anonymous' hackers target US security think tank

Copyright 2011 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

Discuss:

Discussion comments

,

Most active discussions

  1. votes comments
  2. votes comments
  3. votes comments
  4. votes comments