• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Qilin ransomware claimed responsibility for the attack on the beer giant Asahi

 | 

DragonForce, LockBit, and Qilin, a new triad aims to dominate the ransomware landscape

 | 

DraftKings thwarts credential stuffing attack, but urges password reset and MFA

 | 

Redis patches 13-Year-Old Lua flaw enabling Remote Code Execution

 | 

U.S. CISA adds Synacor Zimbra Collaboration Suite (ZCS) flaw to its Known Exploited Vulnerabilities catalog

 | 

GoAnywhere MFT zero-day used by Storm-1175 in Medusa ransomware campaigns

 | 

CrowdStrike ties Oracle EBS RCE (CVE-2025-61882) to Cl0p attacks began Aug 9, 2025

 | 

Discord discloses third-party breach affecting customer support data

 | 

Oracle patches critical E-Business Suite flaw exploited by Cl0p hackers

 | 

LinkedIn sues ProAPIs for $15K/Month LinkedIn data scraping scheme

 | 

Zimbra users targeted in zero-day exploit using iCalendar attachments

 | 

Reading the ENISA Threat Landscape 2025 report

 | 

Ghost in the Cloud: Weaponizing AWS X-Ray for Command & Control

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 65

 | 

Security Affairs newsletter Round 544 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

GreyNoise detects 500% surge in scans targeting Palo Alto Networks portals

 | 

U.S. CISA adds Smartbedded Meteobridge, Samsung, Juniper ScreenOS, Jenkins, and GNU Bash flaws to its Known Exploited Vulnerabilities catalog

 | 

ShinyHunters Launches Data Leak Site: Trinity of Chaos Announces New Ransomware Victims

 | 

ProSpy, ToSpy malware pose as Signal and ToTok to steal data in UAE

 | 

Google warns of Cl0p extortion campaign against Oracle E-Business users

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Hacking
  • Intelligence
  • Security
  • Stratfor hack, “not so private and secret anymore”?

Stratfor hack, “not so private and secret anymore”?

Pierluigi Paganini December 26, 2011

This Christmas will be reminded also for the hack of the Stratfor Global Intelligence service made by collective Anonymous who disclosed company website and also a the full client list of over 4000 individuals and corporations. They gained access to a subscriber list stored on stratfor.com, and that list contained unencrypted credit card data.

The full client list as released in a pastebin by Anonymous of all the alleged clients sorted by company name, can be found here.

But who is STRATFOR? It is an organization that gathers open source intelligence which markets publications for forecasting purposes.
Anonymous has now published two lists of credit card details belonging to people who have subscribed to STRATFOR reports. The first one contained 3956 card details and the second one 13191 card details. These card details belong to subscribers all over the world.


For all this clients have been exposed sensible information including credit cards (which supposedly have been used to make $1 million in “donations”), as well as over 200 GB of email correspondence. As a result of this incident the operation of Stratfor’s servers and email have been suspended.

Anonymous has now exposed two lists of credit card details belonging to people who have subscribed to STRATFOR services, the first one containing 3956 card details and the second one 13191 card details according F-Secure web site. These card details belong to subscribers all over the world.

The latest dump related to over 13,000 further credit card details has announced by YourAnonNews.

Included in this list important names like Goldman Sachs, the Rockefeller Foundation and, MF Global.
The concern is high and the company and its clients are waiting for the revelations made by the group of hacktivists that are arriving in this hours. Once stolen credit card numbers, what’s happened?

Members of Anonymous have used them to do sizable donations to various charities (Red Cross, CARE, Save The Children and theAfrican Child Foundation) publishing screenshots where these credit cards have been used.

Let me add that, “unfortunately”, these donations never reach the intended organizations. I hope you do not get my words wrong, what I mean by “unfortunately” is that in an increasingly greedy and cynical world, we must put more emphasis on charity and donations, of course, spontaneous and legal. Do not forget it!

All unauthorized charges on the stolen cards will be suspended by banks or credit card company. Credit card companies will do a chargeback to the charities, which will have to return the money. In some cases, charities could be hit with with penalties. At the very least, they will lose time and money in handling chargebacks.

As always, I try not to limit myself to an exposition of the facts but I would like to share with you some thoughts about what happened and the weight they attach to each other.

First, the importance of building massive collection of data and service to process it oriented to specific topic analysis. On several occasions the same company Stratfor had supported government agencies and Governments for the processing of reports and forecasts.
Once again I reiterate the importance of Open Source Intelligence processes which revolve around the business millionaires.

Second reflection concerns the security mechanisms to protect sensitive information. On this occasion it is clear that too many aspects have not been taken into account. Information stored in the clear, too simple to find and without any basis in security matter. What happened is inconceivable considering that to benefit from the services are the major companies or governments on the world.

Finally, once again in 2011, we are facing with the phenomenon of hacktivism, an ideology, a current of thought that can not be defeated with a few stops. Before you lash out against those who disseminate news for reasons more or less agree, let us ask what is the truth behind the data that we are hiding.
Greeting

Pierluigi Paganini

Update

22 January 2012: From PasteBin Strarfor emails

First real Stratfor mail from AntiSec http://pastebin.com/YwazdGRZ

Teaser 2 Stratfor Calls Anon and Wikileaks hippie arseholes http://pastebin.com/EFVXcq0f

Teaser 3 OCCUPY MOVEMENT first part: http://pastebin.com/67P3vMJB

11 January 2012: Stratfor back online: http://cryptome.org/2012/01/0029.htm

10 January 2012. A sends:

Hello, in January the 3rd my bank alerted me about a (non requested) payment of 155.90 euro made with my credit card, to a company called marlahealth.comI inmmediately blocked the card. And to my amazement today arrives a parcel from marlahealth.com containing 4 boxes of a nutritional supplement for men and a DVD about penis enlargement therapies.

It’s nice to have my money back in the guise of such goods. Anyway, I thought that the thiefs where using the credit cards to make donations, not playing practical jokes.

Best regards.

PS If you want a photo of the goods (as a proof) just ask.

09 January 2012. A sends:

For what it’s worth:$ md5sum stratfor_full.tar.gz

50dbafed23e6e75d3f6313bf5480810a  stratfor_full.tar.gz

I am pretty confident that this is the original and that it doesn’t contain any malware, but ask someone else for corroboration.

Cryptome: There are prowlers searching for possession and distribution. Best to get rid of copies and disk wipe.

08 January 2012. From Cryptome.org

Initial sources for 860,000 Stratfor accounts appear to have been removed. Fakes have started to appear on Pastebin and Torrents using variations on the file name “stratfor_full.tar.gz.”

At 08:23 PM 1/7/2012 -0800, A wrote:I have not been able to find it anywhere—only a thousand or so references to the .gz file but all links are dead. Know several people who were compromised, though thankfully not me. Have you seen the actual list?

Cryptome: The list was available at the published URLs but now gone it seems, gone undercover to be forged, tampered with, lied about, used as bait. Be careful about anything you find, it is likely carrying a call home feature. This is not to discount that such a feature was in the original put there as entrapment, left available to be hacked. Standard secuity measures for these amazingly easy to penetrate sites. Using one of the CCs is a surefire way to call the cops to come arrest an idiot.

As a noted authority on authentication warns about unauthorized leaks:

http://www.newscientist.com/article/dn20869-assange-why-wikileaks-was-right-to-release-raw-cables.html

“By the time we published the cables, the material was already on dozens of websites, including Cryptome, and were being tweeted everywhere. And even a searchable public interface had been put up on one of them.”

Another motive for publishing the tranche, Assange claims, was the provision of a reliable source for the leaks. In the field of leak publishing, he says, WikiLeaks has become a trusted brand. Although versions of the cable tranche were appearing online, “there was not an authorised version of the cables that the public could rely on”.

What does he mean by an “authorised” version of cables, when they were US government property?

“By ‘authorised’ I mean a version that is known to be true – it doesn’t have another agenda. The unauthorised versions that were being tweeted everywhere – although as far as we can determine they were accurate, the public and journalists couldn’t know they were accurate.”

He points to stories published in Tajikistan and Pakistan that have been based on fake cables. “WikiLeaks is a way for journalists and the public to check whether a claimed story based on a cable is actually true. They can come to our site to check. We have a 100 per cent accuracy record.”

 

01 January 2012

Email on line
http://pastebin.com/f7jYf5Wd
http://pastebin.com/p0iAuVsb

31 December 2011

Stratfor Hackers Publish Email, Password Data Online

29 December 2011

Lulzxmas Dumps 860,000 STRATFOR Accounts:

http://pastebin.com/f7jYf5Wd

http://www.megaupload.com/?d=O5P03RXK

STRATFOR Provide one year of CSID’s coverage to Anonymous Hack Victims

28 December 2011

Prepping for the Stratfor 5M Email Release

http://pastebin.com/Qsqpsr6t

http://piratenpad.de/Stratfor

27 December 2011

#14000 passwords AND CREDITCARDS hacked fromhttp://SpecialForces.com. http://pastebin.com/vuMypejL #lulzxmas follow up!

http://pastebin.com/78MUAaeZ

These are 28517 of 53281 (54%) passwords from the list of STRATFOR customer accounts cracked.Part 1/3: http://pastebin.com/CdD92fJG

Part 2/3: http://pastebin.com/AcwQgHmF

Part 3/3: http://pastebin.com/78MUAaeZ

26 December 2011. Firms and personal first names beginning with “D” through “My” (~ 30,000).

http://pastebin.com/q5kXd7Fdhttps://rapidshare.com/#!download|44tl6|2444489251|STRATFOR_full_d_m.txt.gz|3255|

R~7B8842ED6343CEAE67A23C094E131679|0|0

And 25,000 IT work tickets:

http://www.verzend.be/s8v8ccig12hp/it.tar.gz.html

26 December 2011. Sample Stratfor.com email:

http://pastebin.com/HmDs0EM4“just a small preview of the mayhem to come. 1 out of 2.7 million”

26 December 2011. STRATFOR leaked accounts (10257 passwords recovered)

http://pastebin.com/CdD92fJG

25 December 2011. Firms and personal miscellaneous names not in alphabetical order (~13,000):

http://pastebin.com/8v3768Bwhttp://wikisend.com/download/132838/stratfor_full_misc.txt.gz

25 December 2011. Firms and personal first names beginning with “B-By” through “C-Cz” (~4,000) :

http://pastebin.com/bUqkb9mqhttp://wikisend.com/download/597646/stratfor_full_b.txt.gz

Firms and personal first names beginning with “A” through “Az” (~ 4,000).

http://pastebin.com/bQ2YHDdwhttp://wikisend.com/download/601776/stratfor_full_a.txt.gz

 A message allegedly to subscribers from George Friedman, Stratfor, was posted to Facebook and Pastebin (below).

A paste today denying Anonymous role:

http://pastebin.com/8yrwyNkt

And, Stratfor’s A client list of passwords:

http://pastebin.com/5H33nPEK

24 December 2011

STRATFOR Hacked

Related:

http://pastebin.com/8MtFze0shttp://pastebin.com/CAWDEW8G

 

References

http://cryptome.org/0005/stratfor-hack.htm

If you are interested to more datails on the attack let’s take a look at its timeline, the chronology of bullettins from AnonymousIRC starting the afternoon of Dicember 24th:

Chronology of releases from AnonymousIRC starting early this afternoon:

  • #AnonSanta just told us: “Currently rm -rf’n targets and shredding logs” #LulzXmas #Antisec
  • We just hear that #AnonSanta battle-sleigh plundered 200gb of emails and other booty before he started to deliver his presents. #LulzXmas
  • From IRC: “** Are you all ready to witness the rm -rf /* of a major intelligence corporation, live on IRC and twitter?” #LulzXmas
  • 5 minutes and counting. #AnonSanta won’t disappoint you. Get on IRC now for the whole spirit of#LulzXmas.
  • FUCK IT, HE’LL DO IT LIVE! FUCKING THING SUCKS, HE’LL DO IT LIVE! | http://mibbit.com/?channel=%23anonops&server=irc.anonops.li | #LulzXmas
  • A wild rm -rf /* appears: http://www.stratfor.com/ | #LulzXmas from #AnonSanta | #AntiSec plundered 200gb of their mails and more booty.
  • #Stratfor #LulzXmas takedown mirrored forever: zone-h.org/mirror/id/1641…
  • “You do realize how preposterous it is to suggest that #stratfor simply
    shutdown completely for 2 days, right?” ~ Frank Ginac (IT manager)
  • Merry #LulzXmas to everyone http://imagebin.org/190224 Stratfor rooted. All your base are belong to us. <3 #Anonymous
  • http://bit.ly/ulWECe | #Anonymous/#AntiSec Attack #STRATFOR | #LulzXmas #AntiSec

And the kicker:

  • The private (and secret) client list of #Stratfor: http://pastebin.com/8MtFze0s | Not so private and secret anymore. #Antisec #LulzXmas

Anon promises that much more is coming:

  • #Antisec has enough targets lined up to extend the fun fun fun of #LulzXmas throught the entire next week.

 


facebook linkedin twitter

Anonymous Espionage hack Hackers Hacking Hacktivism hacktivist Incident Intelligence Investigation Large scale infiltration OSINT secret Stratfor

you might also like

Pierluigi Paganini October 08, 2025
Qilin ransomware claimed responsibility for the attack on the beer giant Asahi
Read more
Pierluigi Paganini October 08, 2025
DragonForce, LockBit, and Qilin, a new triad aims to dominate the ransomware landscape
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Qilin ransomware claimed responsibility for the attack on the beer giant Asahi

    Cyber Crime / October 08, 2025

    DragonForce, LockBit, and Qilin, a new triad aims to dominate the ransomware landscape

    Cyber Crime / October 08, 2025

    DraftKings thwarts credential stuffing attack, but urges password reset and MFA

    Security / October 08, 2025

    Redis patches 13-Year-Old Lua flaw enabling Remote Code Execution

    Security / October 08, 2025

    U.S. CISA adds Synacor Zimbra Collaboration Suite (ZCS) flaw to its Known Exploited Vulnerabilities catalog

    Hacking / October 07, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT