Global Market Data
Tales from the Trail
Lucy P. Marcus
David Cay Johnston
The Great Debate
Macro & Markets
Personal Finance Video
Life & Culture
Verizon to add $2 bill-pay charge
Clean-cut Romney sons on the stump in New Hampshire
29 Dec 2011
Sears lists 79 closings, gets Fitch downgrade
New details rekindle HP-Hurd flap
North Korea's new leaders lash out at South Korea and allies
Obama to ask for debt limit hike: Treasury official
Gingrich questions Ron Paul on racist newsletters
Iran navy chief says shutting off Gulf ”very easy”
Freed Cuban tells of release joy
Thu, Dec 29 2011
Man and dog saved from LA cliff
Thu, Dec 29 2011
Cyclone Thane pounds India’s coast
Thu, Dec 29 2011
Stratfor hackers publish email, password data
China urges tighter Internet security after series of data leaks
Hackers say to publish emails stolen from Stratfor
Tue, Dec 27 2011
Siemens fixing cyber bugs in industrial control systems
Thu, Dec 22 2011
Insight: Did Conficker help sabotage Iran program
Thu, Dec 8 2011
Analysis & Opinion
Small business defense against cybercrime
Crash winners, the litigation world series, and Defense budget boondoggles
Cyber Crime »
By Jim Finkle
Fri Dec 30, 2011 2:20pm EST
Boston (Reuters) - Hackers affiliated with the Anonymous group published hundreds of thousands of email addresses they claimed belong to subscribers of private intelligence analysis firm Strategic Forecasting Inc.
The list, published late on Thursday, includes email addresses appearing to belong to people working for large corporations, the U.S. military and major defense contractors - information that hackers could potentially use to target them with virus-tainted emails in an approach known as "spear phishing."
The Antisec faction of Anonymous last weekend disclosed that it had hacked into the firm, which is widely known as Stratfor and is also dubbed a "shadow CIA" because it gathers open-source intelligence on international crises.
The hackers had promised to cause "mayhem" by releasing stolen data from the private group.
Stratfor issued a statement confirming that the published email addresses had been stolen from the company's database, saying it was helping law enforcement probe the matter and conducting its own investigation.
"At Stratfor, we try to foster a culture of scrutiny and analysis, and we want to assure our customers and friends that we will apply the same rigorous standards in carrying out our internal review," the statement said.
"There are thousands of email addresses here that could be used for very targeted spear phishing attacks that could compromise national security," said John Bumgarner, chief technology officer of the U.S. Cyber Consequences Unit, a non-profit group that studies cyber threats.
The Pentagon said it saw no threat so far.
"We are not aware of any compromise to the DOD information grid," said Lieutenant Colonel Jim Gregory, a spokesman for the Department of Defense, or DOD.
In a posting on the data-sharing website pastebin.com, the hackers said the list included some information from about 75,000 customers of Stratfor and approximately 860,000 people who had registered to use its site. It said that included some 50,000 email addresses belonging to the U.S. government's .gov and .mil domains.
The list also included addresses at contractors including BAE Systems Plc, Boeing Co, Lockheed Martin Corp and several U.S. government-funded labs that conduct classified research in Oak Ridge, Tennessee; Idaho Falls, Idaho; and Sandia and Los Alamos, New Mexico.
Corporations on the list include Bank of America, Exxon Mobil Corp, Goldman Sachs & Co and Thomson Reuters.
The entries included scrambled versions of passwords. Some of them can be unscrambled using databases known as rainbow tables that are available for download over the Internet, according to Bumgarner.
He said he randomly picked six people on the list affiliated with U.S. military and intelligence agencies to see if he could crack their passwords.
He said he was able to break four of them, each in about a second, using one rainbow table.
(Additional reporting by Tabassum Zakaria in Washington; Editing by Vicki Allen)
Related Quotes and News
We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/
Be the first to comment on reuters.com.
Add yours using the box above.
Back to top
New York Legal
Support & Contact
Advertise With Us
Connect with Reuters
Our Flagship financial information platform incorporating Reuters Insider
An ultra-low latency infrastructure for electronic trading and data distribution
A connected approach to governance, risk and compliance
Our next generation legal research platform
Our global tax workstation
About Thomson Reuters
Thomson Reuters is the world's largest international multimedia news agency, providing investing news, world news, business news, technology news, headline news, small business news, news alerts, personal finance, stock market, and mutual funds information available on Reuters.com, video, mobile, and interactive television platforms. Thomson Reuters journalists are subject to an Editorial Handbook which requires fair presentation and disclosure of relevant interests.
NYSE and AMEX quotes delayed by at least 20 minutes. Nasdaq delayed by at least 15 minutes. For a complete list of exchanges and delays, please click here.