Hactivist groups Anonymous and LulzSec continue their holiday hacking routine called LulzXmas after stealing sensitive data from SpecialForces.com and Stratfor, a global intelligence firm, and then posting the breached information online. Stratfor’s systems were attacked over the Christmas weekend effectively shutting down the website for more than one week. Anonymous claims to have taken 200 gigabytes of data from the global intelligence company and has already posted over 50,000 credit card numbers, 47,000 email addresses, 44,000 passwords and 25,000 phone numbers along with what Anonymous says is Stratfor’s client list. Anonymous also tweeted that the credit card information was not encrypted and was stored with the corresponding address information, however the intent of the attack was to obtain the 2.7 million emails stored on Stratfor’s servers and the credit card data was an added bonus.
A few days later Anonymous posted user passwords and credit card numbers stolen from the law enforcement equipment retailer SpecialForces.com, allegedly 8,000 credit card numbers were compromised. Although the data was posted in late December Anonymous claims the breach occurred several months prior and also posted a screenshot of an email from SpecialForces.com, dated December 15, acknowledging the data breach had occurred.
Anonymous and LulzSec formed a hactivist collective called AntiSec in the summer of 2011 with the purpose of leaking classified information hacked from financial institutions, government agencies and other high-profile targets. According to Barret Brown, Anonymous spokesman and passive leader with an upcoming book, their February, 2011 breach of security firm HBGary revealed “a widespread conspiracy by the Justice Department, Bank of America, and other parties to attack and discredit Wikileaks and other activist groups.” Since then there have been hacks targeted against law enforcement and government agencies, the United Nations, NATO, Booz Allen Hamilton, Unveillance and others, likely with the intent of uncovering information that proves the suspected corruption.
UPDATE: Midday December 30th an AntiSec member posted the full data set of 75,000 records including names, addresses, credit card numbers and encrypted passwords. They also posted the list of 860,000 Stratfor users including their usernames, email addresses and hashed passwords.
For More Information: