Stratfor hacking leaves Philippine clients vulnerable
MANILA, Philippines - How many and which companies, organizations, and individuals in Philippines have been left vulnerable by the hacking of the website of a private intelligence company?
The question remains unanswered as hackers claiming affiliation with the Anonymous group have published the 860,000 email addresses of Strategic Forecasting Inc. (Stratfor) subscribers.
The list is available for download on a number of popular filesharing sites.
Another US-based website that specializes on information about freedom of speech, cryptography, spying, and surveillance has also set up a page that provides links to Stratfor subscribers' company names and personal information including their addresses, telephone numbers, credit card numbers and passwords.
A document published on another information-sharing website frequented by hackers shows what the uploader claims as a list of Stratfor's "private clients."
The document listed the name of at least one Philippine company, a media firm.
A separate search database on the leaked email addresses identified the compromised email account of the local media company.
Links to the websites are being withheld by abs-cbnNEWS.com, because hackers obtained and disclosed the information illegally.
Stratfor, which specializes in analysis of international affairs and security threats, has not revealed how many Philippine companies have been affected by the hacking.
Some Philippine government officials and agencies, as well as businessmen and journalists who subscribe to advisories of the private intelligence company could also be on the list.
Stratfor has admitted the security breach.
"An unauthorized party illegally obtained and disclosed personally identifiable information and related credit card data of some of our members," the company said in latest advisory.
“We deeply regret that this event has occurred, and we are working to prevent it from happening again," Stratfor CEO George Friedman said in a letter to subscribers.
"Stratfor and I take this incident very seriously. Stratfor's relationship with its members and, in particular, the confidentiality of their subscriber information, are very important to Stratfor and me. We are working closely with law enforcement in their investigation and will assist them with the identification of the individual(s) who are responsible," he added.
"As a result and at our expense, we have taken measures to provide our members whose personally identifiable information may have been compromised with access to CSID, a leading provider of global identity protection and fraud detection solutions and technologies," the company said.
"We have arranged to provide one year of CSID’s coverage to you at no cost. Members, please take advantage of this service," Stratfor added.
In other statements issued on its Facebook page, Stratfor advised its subscribers to contact their banks and financial institutions to inform them that their credit cards may be used illegally.
"Checking your credit reports can help you spot problems and address them quickly," the intelligence advisory company said.
According to Reuters, compromised email addresses of Stratfor subscribers may also be targeted with virus-tainted emails in separate attacks through what is known as "spear phishing."
The Antisec faction of Anonymous is claiming responsibility for the hacking, accusing Stratfor of being a "shadow Central Intelligence Agency" because it gathers non-classified intelligence on international crises.
It also claimed that hacked Stratfor documents show that the intelligence firm "is not the 'harmless company' it tries to paint itself as."
Another faction, meanwhile, denied that the main Anonymous organization was behind the hacking.
"Stratfor is an open source intelligence agency, publishing daily reports on data collected from the open internet. Hackers claiming to be Anonymous have distorted this truth in order to further their hidden agenda, and some Anons have taken the bait," a statement posted online said.
"The leaked client list represents subscribers to a daily publication which is the primary service of Stratfor. Stratfor analysts are widely considered to be extremely unbiased. Anonymous does not attack media sources," it added. "As a media source, Stratfor's work is protected by the freedom of press, a principle which Anonymous values greatly."
Antisec has released the email list but did not say when it will publish the content of hacked emails.
Security analysts said the emails could contain information that could embarrass US government.
"Those emails are going to be dynamite and may provide a lot of useful information to adversaries of the U.S. government," said Jeffrey Carr, chief executive of Taia Global Inc and author of the book "Inside Cyber Warfare: Mapping the Cyber Underworld."
The Pentagon said it saw no threat so far.
"We are not aware of any compromise to the DOD information grid," said Lieutenant Colonel Jim Gregory, a spokesman for the US Department of Defense. - with a report from Reuters