Hackers Reveal Personal Data of 860,000 Stratfor Subscribers
A computer hacking group has revealed email addresses and other personal data from former Vice President Dan Quayle, former Secretary of State Henry A. Kissinger, and hundreds of U.S. intelligence, law enforcement and military officials in a high-profile case of cyber-theft.
Security Not So Secure
The unauthorized release of account information for 860,000 subscribers to Stratfor, a Texas-based company that provides analysis of national and international affairs, makes it possible to identify some subscribers and, in theory, impersonate them in cyberspace, analysts warned.
The data were released in two batches last month by the AntiSec faction of Anonymous, a self-described hacker collective. It also disclosed about 75,000 names, addresses and credit card numbers associated with Stratfor customers, including Kissinger and Quayle. They did not respond to requests for comment Tuesday.
“The exposure is huge,” said John Bumgarner, who analyzed the release for the U.S. Cyber Consequences Unit, an independent, nonprofit research institute. “We can assume that a foreign intelligence service has already taken advantage of this information.”
Anonymous engages in what it calls civil disobedience to expose secrets, but others have called it Internet terrorism. Group members have hacked into corporate and government databases around the world since 2008, and authorities have arrested alleged members in the Netherlands, Britain, Spain, Turkey and elsewhere.
Bumgarner said the Stratfor data included 19,000 email addresses from the “.mil” domain, meaning members of the military. He also found 212 email addresses from the FBI; 71 from the Defense Intelligence Agency, the Pentagon‘s spying arm; 29 from the National Security Agency, which conducts global eavesdropping and cyber espionage; and 24 from the CIA.
Bumgarner said he used off-the-shelf software to crack many of the Stratfor passwords. One intelligence officer used “intel” as a password, and a Navy SEAL officer used “frogman1,” he said.
After the attack, Stratfor took its website off line and wrote on its Facebook page that it was cooperating with law enforcement. AntiSec said it targeted the company in part because it had poor network security. Φ
Ken Dilanian is a columnist for the LA Times