Hackers posted what they claimed to be personal details of the company's clients on the information-sharing site Pastebin.
The loosely-associated band
of hackers known as Anonymous claims to have targeted the global intelligence
think tank Strategic Forecasting, known as Stratfor, boasting on the microblogging
site Twitter that personal information, including credit card numbers,
belonging to Stratfor clients had been stolen. As of Monday morning, Stratfor's
Website was down, with a placeholder page saying
the site was undergoing maintenance and asking visitors to "check back soon."
Following the breach,
hackers posted the details of the information on the information-sharing site
Pastebin. In an email obtained
by Reuters Sunday, Stratfor acknowledged an unauthorized breach. "As a
result of this incident, the operation of Stratfor's servers and email have
been suspended," the company wrote. Stratfor also issued an email to its
members, which was obtained
by the Associated Press, warning that some names and personal information would
wind up on other sites.
"We are diligently
investigating the extent to which subscriber information may have been
obtained," read the letter, signed by company CEO George Friedman.
"Stratfor's relationship with its members and, in particular, the
confidentiality of their subscriber information, are very important to Stratfor
Anonymous has defaced and
shut down Websites belonging to the music industry, companies that severed ties
with WikiLeaks and various government agencies. The FBI and international
law-enforcement agencies have been investigating the attacks and making arrests
for the past few months. The Department of Homeland Security has begun to take
Anonymous and other non-professional cyber-attackers more seriously as it
issued warnings about potential attacks earlier this year.
In September, Obama
administration officials spoke about the need for increased penalties for
computer crimes in light of increased data breaches and hacking activity. The
increase in computer crime, including Anonymous-led distributed
denial-of-service attacks, Website attacks where data is stolen and general
online mayhem, has led the White House to call for an increase in criminal
penalties for computer crimes.
Online attacks have become
more serious as attackers target sensitive personal data and corporate secrets
and undermine infrastructure security. However, the penalties under the
Computer Fraud and Abuse Act don't match the seriousness or complexity of
cyber-crime, Associate Deputy Attorney General James Baker and Secret Service
Deputy Special Agent in Charge, Criminal Investigative Division, Pablo Martinez
said Sept. 7 in a hearing before the Senate Judiciary Committee. The proposal
was based on the White House's cyber-security plan unveiled in May.
Nathan Eddy is Associate Editor, Midmarket, at eWEEK.com. Before joining eWEEK.com, Nate was a writer with ChannelWeb and he served as an editor at FierceMarkets. He is a graduate of the Medill School of Journalism at Northwestern University.