News

Identity Theft Threat Looms Large After Recent Anonymous Stratfor Hack

Members of the Army Knowledge Online portal are being warned that their personal information may be at risk due to the recent hack of intelligence analysis company Strategic Forecasting by the online group Anonymous.

The hack over Christmas weekend netted information on hundreds of thousands of accounts, including e-mail addresses and thousands of credit card numbers that Anonymous later posted online.

AKO is warning users about the possibility of identify theft as a result of the hack and is asking anyone who had registered with Stratfor to monitor their credit card statements, change online passwords and report any evidence of fraud to the Army's Criminal Investigative Command, Stars and Stripes reported.

Stratfor, which gathers and supplies security-related intelligence reports to a variety of clients, including the Defense Department and contractor Lockheed Martin, has been known for its secrecy and its confidential client list, according to an entry on Wikipedia.

However, Anonymous has said the hack was relatively easy because the credit card data it took was not encrypted, the Wall Street Journal reported.

Cameron Camp of the ESET Threat Blog also noted that hackers used a dictionary attack to crack passwords, finding passwords such as "password" and "password1."

Among the data published on the Web was information on former Vice President Dan Quayle, former Secretary of State Henry Kissinger and former CIA Director Jim Woolsey. As many as 860,000 accounts may have been exposed, including information on individuals who are no longer active clients of the company. Organizations on Anonymous' list include the Army and Air Force; the Energy, Justice and Treasury departments; the Miami Police Department; Apple; and several other defense contractors.

Stratfor has taken its Web site offline, except for a notice on its homepage referring to the attack and saying the company was performing a security review before restoring its site. Meanwhile, it is issuing updates via its Facebook page and Twitter feed.

An Anonymous posting has said the attack was a response to the pending court-martial of Army Pfc. Bradley Manning, who is accused of giving classified information to the WikiLeaks Web site. The hacker group has threatened to release more information from the breach and on its Twitter feed has suggested that more hacks are forthcoming.

Another goal of the Stratfor attack, according to one hacker, was to use the stolen credit card data to make holiday donations to charities, and several clients have reported those kinds of transactions, the Journal reported.

Allen Barr, who had dealt with bank-related cyber crime for the Texas Department of Banking before retiring recently, told the Journal that $700 had been charged to his credit card account in donations to charities such as the Red Cross and CARE.

Card holders who suspect fraud can challenge the charges and contact one of the three main credit bureaus to submit a fraud alert, the Army's warning notes. 

About the Author

Kevin McCaney is the managing editor of Government Computer News.

Featured

  • Microsoft Starting To Roll Out New Excel Connected Data Types

    Microsoft on Thursday announced some Excel and Power BI enhancements that add "connected data types" on top of the standard strings and numbers options.

  • Windows 10 Users Getting New Process for Finding Optional Driver Updates

    Accessing Windows 10 drivers classified as "optional updates" will be more of a manual seek-and-install type of experience, starting on Nov. 5, 2020, Microsoft explained in a Wednesday announcement.

  • Microsoft Changes Privacy Platform Name to SmartNoise

    Microsoft Research has changed the name of its "differential privacy" platform from "WhiteNoise" to "SmartNoise," according to a Wednesday announcement.

  • Why Restarting a Failed SCVMM Job Might Be a Bad Idea

    Occasionally, restarting a failed System Center Virtual Machine Manager job can leave your virtualization infrastructure in an unknown state. Here's how to avoid that.

comments powered by Disqus