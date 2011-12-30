* List includes about 860,000 people
By Jim Finkle
Boston, Dec 30 Hackers affiliated with the
Anonymous group published hundreds of thousands of email
addresses they claimed belong to subscribers of private
intelligence analysis firm Strategic Forecasting Inc.
The list, published late on Thursday, includes
email addresses appearing to belong to people working for large
corporations, the U.S. military and major defense contractors -
information that hackers could potentially use to target them
with virus-tainted emails in an approach known as "spear
phishing."
The Antisec faction of Anonymous last weekend disclosed that
it had hacked into the firm, which is widely known as Stratfor
and is also dubbed a "shadow CIA" because it gathers open-source
intelligence on international crises.
The hackers had promised to cause "mayhem" by releasing
stolen data from the private group.
Stratfor issued a statement confirming that the published
email addresses had been stolen from the company's database,
saying it was helping law enforcement probe the matter and
conducting its own investigation.
“At Stratfor, we try to foster a culture of scrutiny and
analysis, and we want to assure our customers and friends that
we will apply the same rigorous standards in carrying out our
internal review,” the statement said.
"There are thousands of email addresses here that could be
used for very targeted spear phishing attacks that could
compromise national security," said John Bumgarner, chief
technology officer of the U.S. Cyber Consequences Unit, a
non-profit group that studies cyber threats.
The Pentagon said it saw no threat so far.
“We are not aware of any compromise to the DOD information
grid,” said Lieutenant Colonel Jim Gregory, a spokesman for the
Department of Defense, or DOD.
In a posting on the data-sharing website pastebin.com, the
hackers said the list included some information from about
75,000 customers of Stratfor and approximately 860,000 people
who had registered to use its site. It said that included some
50,000 email addresses belonging to the U.S. government's .gov
and .mil domains.
The list also included addresses at contractors including
BAE Systems Plc (BAES.L), Boeing Co (BA.N), Lockheed Martin Corp
(LMT.N) and several U.S. government-funded labs that conduct
classified research in Oak Ridge, Tennessee; Idaho Falls, Idaho;
and Sandia and Los Alamos, New Mexico.
Corporations on the list include Bank of America (BAC.N),
Exxon Mobil Corp (XOM.N), Goldman Sachs & Co (GS.N) and Thomson
Reuters (TRI.TO).
The entries included scrambled versions of passwords. Some
of them can be unscrambled using databases known as rainbow
tables that are available for download over the Internet,
according to Bumgarner.
He said he randomly picked six people on the list affiliated
with U.S. military and intelligence agencies to see if he could
crack their passwords.
He said he was able to break four of them, each in about a
second, using one rainbow table.
