Stratfor hack, “not so private and secret anymore”?

Pierluigi Paganini December 26, 2011

This Christmas will be reminded also for the hack of the Stratfor Global Intelligence service made by collective Anonymous who disclosed company website and also a the full client list of over 4000 individuals and corporations. They gained access to a subscriber list stored on, and that list contained unencrypted credit card data.

The full client list as released in a pastebin by Anonymous of all the alleged clients sorted by company name, can be found here.

But who is STRATFOR? It is an organization that gathers open source intelligence which markets publications for forecasting purposes.
Anonymous has now published two lists of credit card details belonging to people who have subscribed to STRATFOR reports. The first one contained 3956 card details and the second one 13191 card details. These card details belong to subscribers all over the world.

For all this clients have been exposed sensible information including credit cards (which supposedly have been used to make $1 million in “donations”), as well as over 200 GB of email correspondence. As a result of this incident the operation of Stratfor’s servers and email have been suspended.

Anonymous has now exposed two lists of credit card details belonging to people who have subscribed to STRATFOR services, the first one containing 3956 card details and the second one 13191 card details according F-Secure web site. These card details belong to subscribers all over the world.

The latest dump related to over 13,000 further credit card details has announced by YourAnonNews.

Included in this list important names like Goldman Sachs, the Rockefeller Foundation and, MF Global.
The concern is high and the company and its clients are waiting for the revelations made by the group of hacktivists that are arriving in this hours. Once stolen credit card numbers, what’s happened?

Members of Anonymous have used them to do sizable donations to various charities (Red Cross, CARE, Save The Children and theAfrican Child Foundation) publishing screenshots where these credit cards have been used.

Let me add that, “unfortunately”, these donations never reach the intended organizations. I hope you do not get my words wrong, what I mean by “unfortunately” is that in an increasingly greedy and cynical world, we must put more emphasis on charity and donations, of course, spontaneous and legal. Do not forget it!

All unauthorized charges on the stolen cards will be suspended by banks or credit card company. Credit card companies will do a chargeback to the charities, which will have to return the money. In some cases, charities could be hit with with penalties. At the very least, they will lose time and money in handling chargebacks.

As always, I try not to limit myself to an exposition of the facts but I would like to share with you some thoughts about what happened and the weight they attach to each other.

First, the importance of building massive collection of data and service to process it oriented to specific topic analysis. On several occasions the same company Stratfor had supported government agencies and Governments for the processing of reports and forecasts.
Once again I reiterate the importance of Open Source Intelligence processes which revolve around the business millionaires.

Second reflection concerns the security mechanisms to protect sensitive information. On this occasion it is clear that too many aspects have not been taken into account. Information stored in the clear, too simple to find and without any basis in security matter. What happened is inconceivable considering that to benefit from the services are the major companies or governments on the world.

Finally, once again in 2011, we are facing with the phenomenon of hacktivism, an ideology, a current of thought that can not be defeated with a few stops. Before you lash out against those who disseminate news for reasons more or less agree, let us ask what is the truth behind the data that we are hiding.

Pierluigi Paganini


22 January 2012: From PasteBin Strarfor emails

First real Stratfor mail from AntiSec

Teaser 2 Stratfor Calls Anon and Wikileaks hippie arseholes

Teaser 3 OCCUPY MOVEMENT first part:

11 January 2012: Stratfor back online:

10 January 2012. A sends:

Hello, in January the 3rd my bank alerted me about a (non requested) payment of 155.90 euro made with my credit card, to a company called marlahealth.comI inmmediately blocked the card. And to my amazement today arrives a parcel from containing 4 boxes of a nutritional supplement for men and a DVD about penis enlargement therapies.

It’s nice to have my money back in the guise of such goods. Anyway, I thought that the thiefs where using the credit cards to make donations, not playing practical jokes.

Best regards.

PS If you want a photo of the goods (as a proof) just ask.

09 January 2012. A sends:

For what it’s worth:$ md5sum stratfor_full.tar.gz

50dbafed23e6e75d3f6313bf5480810a  stratfor_full.tar.gz

I am pretty confident that this is the original and that it doesn’t contain any malware, but ask someone else for corroboration.

Cryptome: There are prowlers searching for possession and distribution. Best to get rid of copies and disk wipe.

08 January 2012. From

Initial sources for 860,000 Stratfor accounts appear to have been removed. Fakes have started to appear on Pastebin and Torrents using variations on the file name “stratfor_full.tar.gz.”

At 08:23 PM 1/7/2012 -0800, A wrote:I have not been able to find it anywhere—only a thousand or so references to the .gz file but all links are dead. Know several people who were compromised, though thankfully not me. Have you seen the actual list?

Cryptome: The list was available at the published URLs but now gone it seems, gone undercover to be forged, tampered with, lied about, used as bait. Be careful about anything you find, it is likely carrying a call home feature. This is not to discount that such a feature was in the original put there as entrapment, left available to be hacked. Standard secuity measures for these amazingly easy to penetrate sites. Using one of the CCs is a surefire way to call the cops to come arrest an idiot.

As a noted authority on authentication warns about unauthorized leaks:

“By the time we published the cables, the material was already on dozens of websites, including Cryptome, and were being tweeted everywhere. And even a searchable public interface had been put up on one of them.”

Another motive for publishing the tranche, Assange claims, was the provision of a reliable source for the leaks. In the field of leak publishing, he says, WikiLeaks has become a trusted brand. Although versions of the cable tranche were appearing online, “there was not an authorised version of the cables that the public could rely on”.

What does he mean by an “authorised” version of cables, when they were US government property?

“By ‘authorised’ I mean a version that is known to be true – it doesn’t have another agenda. The unauthorised versions that were being tweeted everywhere – although as far as we can determine they were accurate, the public and journalists couldn’t know they were accurate.”

He points to stories published in Tajikistan and Pakistan that have been based on fake cables. “WikiLeaks is a way for journalists and the public to check whether a claimed story based on a cable is actually true. They can come to our site to check. We have a 100 per cent accuracy record.”


01 January 2012

Email on line

31 December 2011

Stratfor Hackers Publish Email, Password Data Online

29 December 2011

Lulzxmas Dumps 860,000 STRATFOR Accounts:

STRATFOR Provide one year of CSID’s coverage to Anonymous Hack Victims

28 December 2011

Prepping for the Stratfor 5M Email Release

27 December 2011

#14000 passwords AND CREDITCARDS hacked fromhttp://SpecialForces.com #lulzxmas follow up!

These are 28517 of 53281 (54%) passwords from the list of STRATFOR customer accounts cracked.Part 1/3:

Part 2/3:

Part 3/3:

26 December 2011. Firms and personal first names beginning with “D” through “My” (~ 30,000).!download|44tl6|2444489251|STRATFOR_full_d_m.txt.gz|3255|


And 25,000 IT work tickets:

26 December 2011. Sample email:“just a small preview of the mayhem to come. 1 out of 2.7 million”

26 December 2011. STRATFOR leaked accounts (10257 passwords recovered)

25 December 2011. Firms and personal miscellaneous names not in alphabetical order (~13,000):

25 December 2011. Firms and personal first names beginning with “B-By” through “C-Cz” (~4,000) :

Firms and personal first names beginning with “A” through “Az” (~ 4,000).

 A message allegedly to subscribers from George Friedman, Stratfor, was posted to Facebook and Pastebin (below).

A paste today denying Anonymous role:

And, Stratfor’s A client list of passwords:

24 December 2011





If you are interested to more datails on the attack let’s take a look at its timeline, the chronology of bullettins from AnonymousIRC starting the afternoon of Dicember 24th:

Chronology of releases from AnonymousIRC starting early this afternoon:

And the kicker:

Anon promises that much more is coming:

  • #Antisec has enough targets lined up to extend the fun fun fun of #LulzXmas throught the entire next week.


you might also like

leave a comment