Antisec & Anonymous attack security firm Stratfor, leak private info, expropriate $1M

from vanzetti’s ghost:

Just when you think they couldn’t surprise and delight, Anonymous & Antisec deliver… On the eve of Christmas LulzXmas News broke today of a massive hack by Antisec forces of whitehat security firm stratfor. As of this post, the stratfor.com site is unavailable but those interested can view a mirror of the deface. Anonymous hackers posted this youtube video at the top of the defaced page:

And here’s a note from Antisec to Stratfor:

“// OH STRATFOR. IF YOU ONLY KNEW WHAT ALL IS ABOUT TO GO DOWN.
// ‘BUT WAIT’, YOU ASK. ‘IS THIS IT?’ 0H N0, WE GOT MORE IN STORE…
// BUT FOR NOW, SOME INSPIRING WORDS OF WISDOM FROM IT MANAGER FRANK GINAC:

“You do realize how preposterous it is to suggest that stratfor simply
shutdown completely for 2 days, right? The plan that you’ve attached paints a
gloom and doom picture claiming no chance that such a move will succeed. Does
that really seem a rationale conclusion?”

// YOU DONT EVEN KNOW THE EXTENT OF THE GLOOM AND DOOM WE HAVE PLANNED, FRANK

“Attended the TakeDownCon security conference. Focus of the conference was on
wireless and mobile security. No vendors pushing product or service at this
conference. Instead, great presentations by renowned white hat hackers (good
hackers) and security experts. Bottom line is that no mobile platform is
secure, including the Blackberry, but there are best practices that minimize
the risk of their use within the enterprise. We will be incorporating these
best practices in our operation over the coming months.”

// INCORPORATING PRACTICES FROM “GOOD WHITE HAT HACKERS”? HOW’D THAT WORK OUT?

“It blew my mind to discover that our email server backups are being stored on
the same physical server. I’m affectionately referring to these little
discoveries as ‘Mooney turds’.”

// SO SAD WE RM’D YOUR MAIL SERVER AND ALL BACKUPS, FRANK

“Most if not all of us use professional and social networking sites like
LinkedIn and Facebook. All offer levels of privacy ranging from wide open
where everyone can see your profile, activities, and posts to closed allowing
only your immediate connections (or friends) access. As a private intelligence
company we must all take extra care to protect our personal information from
those who would use that information to exploit us personally or
professionally. Although we don’t have hard and fast rules on how to set your
privacy settings nor do we restrict use of such sites, I suggest that you
temper your need to share with prudence and consider the business that we are
in. It’s also important to check your privacy settings regularly to ensure
that the sites you use haven’t changed the meaning or scope of privacy
settings — we’ve all heard or read the news regarding this practice at
Facebook. I suggest that you never include any information in your profile –
regardless of privacy setting — that could be used to compromise your
identity. Specifically, never include: your birth date, your exact street
address (although this information can usually be found on the web quite
easily), your cell phone number, SSN or other government issued ID number
(that should be obvious), or any other information that someone could use to
compromise your identity if your account were compromised.”

// EVEN WITH ALL THE BEST SECURITY PRACTICES LEARNED FROM THE “RENOWNED WHITE
// HAT HACKERS” WE STILL MANAGED TO STEAL ALL YOUR PERSONAL INFORMATION. UMAD?
//
// Frank Ginac CC Number: 376792323491009 Expiration: 5/2014 CVV: 9385
// Pass (md5): 6c0e721556401ce239ad454e83f0dc60
// Phone: 512-788-3882 Address: 7901 Bee Caves Road #23 Austin, Texas, 78746″

And then the hackers added to the deface with this video of the Oakland General strike of November 2nd:

They topped it all off with posting the full text of ‘The Coming Insurrection‘ on the deface Stratfor site… You might be tempted to sit back and light up a cigar, maybe sit some brandy while listening to the lulzboat theme song, but I’d say wait, that’s not all Anonymous has in store for us on LulzXmas. Via Sabu’s twitter…

So that’s over a million dollars in wealth redistribution/expropriation. And here is the client list of Stratfor, mirrored here= stratfor_private_client_list But the coup de grace is the database/leaked emails yet to be combed through for the enlightening info they surely contain:

I agree Barret Brown… Well, that’s it for now. I figured I just had to do a post memorializing the pure EPIC WIN of this hack. A Merry LulzXmas to all, and to all a good night!

“In the subway, there’s no longer any trace of the screen of embarrassment that normally impedes the gestures of the passengers. Strangers make conversation without making passes. A band of comrades conferring on a street corner. Much larger assemblies on the boulevards, absorbed in discussions. Surprise attacks mounted in city after city, day after day. A new military barracks has been sacked and burned to the ground. The evicted residents of a building have stopped negotiating with the mayor’s office; they settle in. A company manager is inspired to blow away a handful of his colleagues in the middle of a meeting. There’s been a leak of files containing the personal addresses of all the cops, together with those of prison officials, causing an unprecedented wave of sudden relocations. We carry our surplus goods into the old village bar and grocery store, and take what we lack. Some of us stay long enough to discuss the general situation and figure out the hardware we need for the machine shop. The radio keeps the insurgents informed of the retreat of the government forces. A rocket has just breached a wall of the Clairvaux prison. Impossible to say if it has been months or years since the “events” began. And the prime minister seems very alone in his appeals for calm.” – The Coming Insurrection

Vanzetti’s Ghost