Anonymous published over 860,000 email addresses and passwords of Stratfor clients
The loose-knit Anonymous movement, who stole thousands of credit card numbers from U.S. security firm Stratfor, has now published the email addresses of more than 860,000 of its clients.
Hackers released the data – which included information on former U.S. Vice President Dan Quayle and former Secretary of State Henry Kissinger – online.
The lists of emails included scrambled details of their passwords – which experts said could be cracked within a matter of seconds by using software downloaded for free.
People working for big corporations, the U.S. military and major defense contractors were all contained on lists stolen from the intelligence company often dubbed the Shadow CIA.
The Antisec faction of Anonymous said last weekend it had hacked into the firm and promised that the release of the stolen data would cause “mayhem”.
A spokesperson for Anonymous said via Twitter that yet-to-be-published emails from the firm would show Stratfor, which gathers non-classified intelligence on international crises, “is not the <<harmless company>> it tries to paint itself as”.
Antisec has not disclosed when it will release those emails, but security analysts said they could contain information that could be embarrassing for the U.S. government.
Jeffrey Carr, chief executive of Taia Global Inc, said: “Those emails are going to be dynamite and may provide a lot of useful information to adversaries of the U.S. government.”
Stratfor issued a statement on Friday confirming that the published email addresses had been stolen from the company’s database.
The statement said it was helping law enforcement probe the matter and conducting its own investigation.
It said: “At Stratfor, we try to foster a culture of scrutiny and analysis, and we want to assure our customers and friends that we will apply the same rigorous standards in carrying out our internal review.”
John Bumgarner, chief technology officer of the U.S. Cyber Consequences Unit, said: “There are thousands of email addresses here that could be used for very targeted spear phishing attacks that could compromise national security.”
The Pentagon said it saw no threat so far.
In a posting on the data-sharing website pastebin.com, Anonymous said the list included information from about 75,000 customers of Stratfor and about 860,000 people who had registered to use its site.
The hackers also said that the list included some 50,000 email addresses belonging to the U.S. government’s .gov and .mil domains.
The list also included addresses at contractors including BAE Systems Plc, Boeing Co, Lockheed Martin Corp and several U.S. government-funded labs that conduct classified research in Oak Ridge, Tennessee; Idaho Falls, Idaho; and Sandia and Los Alamos, New Mexico.
Corporations on the list included Bank of America, Exxon Mobil Corp, Goldman Sachs & Co and Thomson Reuters.
The entries included scrambled versions of passwords. Some of them can be unscrambled using databases known as rainbow tables that are available for download over the Internet, according to John Bumgarner.
He said he randomly picked six people on the list affiliated with U.S. military and intelligence agencies to see if he could crack their passwords.
John Bumgarner said he was able to break four of them, each in about a second, using one rainbow table.