Hacking group Anonymous has posted information on 2,500 Monsanto employees and associates, and claimed credit for "crippling all three of their mail servers as well as taking down their main websites world-wide."
Monsanto, a U.S.-based global biotech seed company, Wednesday acknowledged the breach, saying it happened last month.
"Monsanto experienced a disruption to our websites which appeared to be organized by a cyber-group," said Tom Helscher, the company's director of corporate affairs, in an email to msnbc.com. "In addition, this group also recently published publicly available information on approximately 2,500 individuals involved in the broader global agriculture industry."
But, Helscher said contrary to initial reports, "only 10 percent of this publicly available information (was) related to Monsanto’s current and former employees. The list also included contact details for media outlets as well as other agricultural companies.
"Information on these attacks has been turned over to the appropriate authorities. We remain vigilant in protecting our information systems," he said.
Earlier this week, Anonymous posted online 90,000 military email addresses and passwords obtained from military consulting firm Booz Allen Hamilton, which Tuesday acknowledged the breach. The company said it is "conducting a full review of the nature and extent of the attack. At this time, we do not believe that the attack extended beyond data pertaining to a learning management system for a government agency."
Anonymous cited Monsanto's business practices as "corrupt, unethical and downright evil." The hacking group also said in a press release it plans to go after companies Exxon Mobil, ConocoPhillips, Canadian Oil Sands, Imperial Oil, the Royal Bank of Scotland "and many others" involved in development of Alberta's oil sands.
"We will, over the course of the next few days, use the powers we posses to spread news about this scenario and the corporations involved. We are actively seeking leaks to expose the corruption that we all KNOW is beneath this," Anonymous said in the statement.
Chester Wisniewski, Sophos Canada's senior security advisor, said on the Sophos blog that in the Monsanto case, Anonymous "mentioned port 6666 being open on a Monsanto server, implying that they might set up an IRC channel on the compromised host. Anonymous also stated they intend to create a wiki for sharing and organizing their stolen information."
"Computer networks have services that listen on certain numbered ports," Wisniewski said in an e-mail to msnbc.com "Port 80 is used by websites, port 25 is used to send email. When they referenced port 6666, that port is most commonly used for IRC chat servers, which is largely how Anonymous organizes and communicates."
Anonymous gained notoriety for its denial-of-service attacks on Visa and MasterCard late last year. Those attacks were retribution, Anonymous said, because the companies halted online donations during the WikiLeaks controversy, blocking contributions to Bradley Manning, the accused document leaker now in custody.
- Booz Allen confirms data breach
- Anonymous shares 90,000 military email addresses
- Anonymous claims hack on FBI partner site, shares databases
- Hacker group vows 'cyberwar' on US government, business