Over the past few years that I have been working on SC Magazine, the Christmas and New Year holiday period has been traditionally quiet.
However, 2011 proved to be the exception. After an incredibly busy year in information security news, the holiday period saw some major technology stories break. In terms of impact, the one that created the most significance was when the Anonymous group posted 200GB of information on the customers of US security think tank Stratfor. The data was harvested from a hack earlier in the week from the company's website.
In a statement posted on Pastebin, the group posted the 75,000 names, addresses and passwords of every customer that has ever paid Stratfor for services, as well as the personal information of 860,000 people who registered with the company that specialises in "strategic intelligence on global business, economic, security and geopolitical affairs".
According to the statement, the goal was to pilfer funds from individuals' accounts to give away as Christmas donations, an operation that had been hinted at in a previous statement. It also claimed that 50,000 of these email addresses were .mil and .gov.
Anonymous said: “We call upon all allied battleships, all armies from darkness, to use and abuse these password lists and credit card information to wreak unholy havoc upon the systems and personal email accounts of these rich and powerful oppressors. Kill, kitties, kill and burn them down... peacefully.”
It also claimed that there would be "noise demonstrations" on New Year's Eve in front of jails and prisons all over the world to show solidarity with those incarcerated. “On this date, we will be launching our contributions to project mayhem by attacking multiple law enforcement targets from coast to coast,” it said.
However, a day later, on 25 December, another statement appeared on Pastebin denying any Anonymous involvement with the Stratfor attack. This said: “Stratfor has been purposefully misrepresented by these so-called Anons and portrayed in false light as a company which engages in activity similar to HBGary.
“Sabu and his crew are nothing more than opportunistic attention whores who are possibly agent provocateurs. As a media source, Stratfor's work is protected by the freedom of press, a principle which Anonymous values greatly. This hack is most definitely not the work of Anonymous.”
Yet just to aid confusion, a statement released on 26 December addressed the ‘denial' message, calling it "ridiculous" and saying that it "undermined our work while also making baseless accusations that we frequently see perpetrated by agent provocateurs".
It said: “Whether this is the work of malicious counter-intelligence, some butthurt pacifists or Stratfor employees themselves is unknown. Unfortunately, some main stream news agencies have picked up on this statement, looking for any reason to highlight and exploit any potential ‘inner divisions' within Anonymous.
“However, there has been no such squabble or infighting regarding the Stratfor target, or any other LulzXmas target for that matter. Anyone can claim to be Anonymous, but because of the inherent decentralised nature of Anonymous, without central top-down leadership, no individual is in a place to speak to the legitimacy of another individual or group's operation.
“Furthermore, our history of owning high profile targets as Anonymous has been well documented at the antisec embassy and is well known and respected within all Anon communities. Case closed.”
Fred Burton, Stratfor's vice-president of intelligence, said the company had reported the intrusion to law enforcement and was working with them on the investigation. He also said Stratfor has protections in place to prevent such attacks.
On the Stratfor Facebook page, the company said: “An unauthorised party disclosed personally identifiable information and related credit card data of some of our members. We have reason to believe that your personal and credit card data could have been included in the information that was illegally obtained and disclosed.
“We have also retained the services of a leading identity theft protection and monitoring service on behalf of the Stratfor members that have been impacted by these events.”
Anonymous poked fun at Stratfor hiring two outside consultants to resolve the situation. “Top identity theft protection? Professional security consultant? We'll see how that works out for you, if you ever dare to put your servers back online again. Until then, we'll be watching and waiting. And laughing, of course,” it said.
Another statement claimed that the next target would be SpecialForces.com, whose customer base is comprised primarily of military- and law-enforcement-affiliated individuals. The statement said the customers "have for too long enjoyed purchasing tactical combat equipment from their slick and professional looking website".
It said: “To be fair, at least SpecialForces.com did store their customers' credit card information using blowfish encryption (unlike the global intelligence and security industry ‘professionals' at Stratfor, who apparently remain confused as to whether their customers' information was even encrypted or not).
“Nevertheless, our voodoo prevailed and we were quickly able to break back into the military supplier's server and steal their encryption keys. We then wrote a few simple functions to recover the cleartext passwords, credit card numbers and expiration dates to all their customers' cards. That's how we roll.
“In reality, for the past few months, we have been in possession of approximately 14,000 passwords and 8000 credit cards from SpecialForces.com. Unfortunately a former comrade leaked the password list early, and the full story on this owning will be told in our upcoming zine. Until then, feast upon one hell of a juicy text file.”
It concluded this statement with a demand that US soldier Bradley Manning be released immediately. He was also referenced in other statements over the holiday period.
While nobody expected Anonymous, or any other hacktivist group for that matter, to be quiet over the Christmas period, the size of this data dump achieved many headlines for the operation.
The comments relating the actions to Bradley Manning, whose trial was also a major news story in the days leading up to Christmas, also demonstrated how serious this should be taken, but whether the unlikely release of the soldier would have prevented the actions is anyone's guess.
Either way, Anonymous has proved that its actions are not ending any time soon, and I suspect they will continue into and throughout 2012.