Stratfor hack exposes UK, US and NATO officials to danger, phishing
Posted on 09 January 2012.
During the last days of 2011, Anonymous attacked Stratfor, a US-based research group that gathers intelligence and produces political, economic and military reports that help government organizations and major corporations asses risk.


Among the data they have managed to steal from its servers were names, home addresses, credit card details and passwords of Stratfor clients, 17,000 of which they have immediately shared with the public in order to prove the veracity of their claims. All in all, the hackers said that they have managed to put their hands on around 860,000 usernames, emails, and hashed passwords; internal emails and documents exchanged and worked on by the organization's employees; and around 75,000 credit card details complete with security codes required for no card present transactions.

The Guardian has hired cyber-security expert John Bumgarner to rifle through the information already leaked by the hacker group, and he has ascertained that thousand of emails and passwords belonging to UK, US and NATO officials were thusly made public.

19,000 email addresses and passwords and other personal data belonging to US military personnel were revealed, as well as those of seven officials of the UK's Cabinet Office, 45 of the Foreign Office, 14 of the Home Office, 67 police officers of the London Metropolitan Police and other officials, two employees with the royal household, 23 workers/members of the Houses of Parliament, and a number of intelligence officers. 242 Nato staffers have also had their emails revealed.

British officials and the government are still not worried about the revealed information posing any threat to national security. To be sure, the revealed (easily decryptable) passwords are those used by Stratford customers to access the content offered by the think-tank and not their email accounts, but given the fact that many users - even those who should definitely know better - recycle passwords, I wouldn't be as complacent as they seem to be.

In the meantime, another threat targeting those very individuals is imminent: they are currently being targeted with spear-phishing emails purportedly being sent by Stratfor CEO George Friedman, asking them to fill out an attached document with personal information.

"I want to assure everyone that this is not my email address and that any communication from this address is not from me," Friedman stated on the company Facebook page, and warned users that the company would never ask customers to provide personal information through the type of attachment that was part of the aforementioned email.






Spotlight

The evolution of backup and disaster recovery

Posted on 25 July 2014.  |  Amanda Strassle, IT Senior Director of Data Center Service Delivery at Seagate Technology, talks about enterprise backup issues, illustrates how the cloud shaping an IT department's approach to backup and disaster recovery, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Jul 28th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //