The Two-Way
3:29 pm
Tue December 27, 2011

Extent Of 'Anonymous' Hacker Attack On Security Is Detailed

A company that provides identity protection services is sifting through the data released by hackers over the holiday weekend and and they're detailing what hackers were able to steal from Stratfor, a security think tank.

If you haven't heard, hackers who claim an affiliation with the group Anonymous broke into the servers of Stratfor, made public some data and used some of the stolen credit card numbers to, in some cases, make charitable donations.

Today, the extent of the hacking is becoming more apparent. Here's what Identity Finder says it found as it sifted through the stolen data:

-- "50,277 Unique Credit Card Numbers, of which 9,651 are NOT expired."

-- "86,594 Email addresses, of which 47,680 are unique."

-- "27,537 Phone Numbers, of which 25,680 are unique."

-- "44,188 Encrypted Passwords, of which roughly 50% could be easily cracked. 73.7% of decrypted passwords were weak"

-- "13,973 of the addresses belonged to United States victims; the remainder belonged to individuals from around the world."

The firm points out that this was data for Stratfor customers whose names started with the letters A through M. The rest of data is expected to be released in the future.

As All Things D details, Stratfor has promised to inform customers whose data has been compromised by tomorrow and Anonymous is at once "seeking to justify its actions" and distance themselves from it.

But the question it leaves behind is the same one that arose when Anonymous hacked HBGary Federal, another company specializing in security:

"Wired reported that someone who participated in the attack said that a total of four servers were breached, and the data on them wiped. The question that then logically arises is this: What was a firm that's ostensibly in the business of advising business and government clients on security doing about its own?"

For record, in a statement on its Facebook page, Stratfor said yesterday that Anonymous was not able to break into servers with its client information.

"The disclosure was merely a list of some of the members that have purchased our publications and does not comprise a list of individuals or entities that have a relationship with Stratfor beyond their purchase of our subscription-based publications," the statement said.

Stratfor also advised its clients to keep quiet to avoid retaliation from the hackers.

Copyright 2011 National Public Radio. To see more, visit http://www.npr.org/.