Summary of releases of STRATFOR documents, subscribers’ firm names and personal information (including addresses, telephone numbers, credit card numbers and passwords), latest release at top:
STRATFOR Hacked Update 9
10 January 2012. A sends:
Hello, in January the 3rd my bank alerted me about a (non requested) payment of 155.90 euro made with my credit card, to a company called marlahealth.comI inmmediately blocked the card. And to my amazement today arrives a parcel from marlahealth.com containing 4 boxes of a nutritional supplement for men and a DVD about penis enlargement therapies.
It’s nice to have my money back in the guise of such goods. Anyway, I thought that the thiefs where using the credit cards to make donations, not playing practical jokes.
Best regards.
PS If you want a photo of the goods (as a proof) just ask.
9 January 2012. A sends:
For what it’s worth:$ md5sum stratfor_full.tar.gz
50dbafed23e6e75d3f6313bf5480810a stratfor_full.tar.gz
I am pretty confident that this is the original and that it doesn’t contain any malware, but ask someone else for corroboration.
Cryptome: There are prowlers searching for possession and distribution. Best to get rid of copies and disk wipe.
8 January 2011. Initial sources for 860,000 Stratfor accounts appear to have been removed. Fakes have started to appear on Pastebin and Torrents using variations on the file name “stratfor_full.tar.gz.”
At 08:23 PM 1/7/2012 -0800, A wrote:I have not been able to find it anywhere—only a thousand or so references to the .gz file but all links are dead. Know several people who were compromised, though thankfully not me. Have you seen the actual list?
Cryptome: The list was available at the published URLs but now gone it seems, gone undercover to be forged, tampered with, lied about, used as bait. Be careful about anything you find, it is likely carrying a call home feature. This is not to discount that such a feature was in the original put there as entrapment, left available to be hacked. Standard secuity measures for these amazingly easy to penetrate sites. Using one of the CCs is a surefire way to call the cops to come arrest an idiot.
As a noted authority on authentication warns about unauthorized leaks:
“By the time we published the cables, the material was already on dozens of websites, including Cryptome, and were being tweeted everywhere. And even a searchable public interface had been put up on one of them.”
Another motive for publishing the tranche, Assange claims, was the provision of a reliable source for the leaks. In the field of leak publishing, he says, WikiLeaks has become a trusted brand. Although versions of the cable tranche were appearing online, “there was not an authorised version of the cables that the public could rely on”.
What does he mean by an “authorised” version of cables, when they were US government property?
“By ‘authorised’ I mean a version that is known to be true – it doesn’t have another agenda. The unauthorised versions that were being tweeted everywhere – although as far as we can determine they were accurate, the public and journalists couldn’t know they were accurate.”
He points to stories published in Tajikistan and Pakistan that have been based on fake cables. “WikiLeaks is a way for journalists and the public to check whether a claimed story based on a cable is actually true. They can come to our site to check. We have a 100 per cent accuracy record.”
30 December 2011. A writes that five Pastebin posts of recovered STRATFOR passwords have been removed as indicated below. In addition, four files from sources have been removed from Rapid Share (1) and Wikisend (3).
29 December 2011.
Lulzxmas Dumps 860,000 STRATFOR Accounts:
http://pastebin.com/f7jYf5Wdhttp://www.megaupload.com/?d=O5P03RXK [Now removed]
28 December 2011.
Prepping for the Stratfor 5M Email Release
27 December 2011.
http://pastebin.com/78MUAaeZ [Now removed]
These are 28517 of 53281 (54%) passwords from the list of STRATFOR customer accounts cracked.Part 1/3: http://pastebin.com/CdD92fJG [Now removed]
Part 2/3: http://pastebin.com/AcwQgHmF [Now removed]
Part 3/3: http://pastebin.com/78MUAaeZ [Now removed]
26 December 2011. Firms and personal first names beginning with “D” through “My” (~ 30,000).
http://pastebin.com/q5kXd7Fdhttps://rapidshare.com/#!download|44tl6|2444489251|STRATFOR_full_d_m.txt.gz|3255|
R~7B8842ED6343CEAE67A23C094E131679|0|0 [Now removed]And 25,000 IT work tickets:
26 December 2011. Sample Stratfor.com email:
http://pastebin.com/HmDs0EM4“just a small preview of the mayhem to come. 1 out of 2.7 million”
26 December 2011. STRATFOR leaked accounts (10257 passwords recovered)
http://pastebin.com/CdD92fJG [Now removed]
25 December 2011. Firms and personal miscellaneous names not in alphabetical order (~13,000):
http://pastebin.com/8v3768Bw[Now removed]http://wikisend.com/download/132838/stratfor_full_misc.txt.gz [Now removed]
25 December 2011. Firms and personal first names beginning with “B-By” through “C-Cz” (~4,000) :
http://pastebin.com/bUqkb9mqhttp://wikisend.com/download/597646/stratfor_full_b.txt.gz [Now removed]
25 December 2011. Firms and personal first names beginning with “A” through “Az” (~ 4,000).
http://pastebin.com/bQ2YHDdwhttp://wikisend.com/download/601776/stratfor_full_a.txt.gz [Now removed]
25 December 2011. A message allegedly to subscribers from George Friedman, Stratfor, was posted to Facebook and Pastebin (below).
25 December 2011. A paste today denying Anonymous role:
And, Stratfor’s A client list of passwords:
24 December 2011
STRATFOR Hacked
Related:
A sends:
Subject: Important Announcement from STRATFOR
Date: Sat, 24 Dec 2011 19:49:58 -0500
From: STRATFOR <mail[at]response.stratfor.com>
Dear Stratfor Member,
We have learned that Stratfor’s web site was hacked by an unauthorized party. As a result of this incident the operation of Stratfor’s servers and email have been suspended.
We have reason to believe that the names of our corporate subscribers have been posed [sic] on other web sites. We are diligently investigating the extent to which subscriber information may have been obtained.
Stratfor and I take this incident very seriously. Stratfor’s relationship with its members and, in particular, the confidentiality of their subscriber information, are very important to Stratfor and me. We are working closely with law enforcement in their investigation and will assist them with the identification of the individual(s) who are responsible.
Although we are still learning more and the law enforcement investigation is active and ongoing, we wanted to provide you with notice of this incident as quickly as possible. We will keep you updated regarding these matters.
Sincerely,
George Friedman
STRATFOR
221 W. 6th Street, Suite 400
Austin, TX 78701 US
www.stratfor.com
http://www.facebook.com/stratfor
Dec 25th, 2011
On December 24th an unauthorized party disclosed personally identifiable information and related credit card data of some of our members. We have reason to believe that your personal and credit card data could have been included in the information that was illegally obtained and disclosed.
Also publicly released was a list of our members which the unauthorized party claimed to be Stratfor’s “private clients.” Contrary to this assertion the disclosure was merely a list of some of the members that have purchased our publications and does not comprise a list of individuals or entities that have a relationship with Stratfor beyond their purchase of our subscription-based publications.
We have also retained the services of a leading identity theft protection and monitoring service on behalf of the Stratfor members that have been impacted by these events. Details regarding the services to be provided will be forwarded in a subsequent email that is to be delivered to the impacted members no later than Wednesday, December 28th.
In the interim, precautions that can be taken by you to minimize and prevent the misuse of information which may have been disclosed include the following:
– contact your financial institution and inform them of this incident;
– if you see any unauthorized activity on your accounts promptly notify your financial institution;
– submit a complaint with the Federal Trade Commission (“FTC”) by calling 1-877-ID-THEFT (1-877- 438-4338) or online at https://www.ftccomplaintassistant.gov/; and
– contact the three U.S. credit reporting agencies: Equifax (http://www.equifax.com/ or (800) 685-1111), Experian (http://www.experian.com/ or (888) 397-3742), and TransUnion (http://www.transunion.com/ or (800) 888-4213), to obtain a free credit report from each.
Even if you do not find any suspicious activity on your initial credit reports, the FTC recommends that you check your credit reports periodically. Checking your credit reports can help you spot problems and address them quickly.
To ease any concerns you may have about your personal information going forward, we have also retained an experienced outside consultant that specializes in such security matters to bolster our existing efforts on these issues as we work to better serve you. We are on top of the situation and will continue to be vigilant in our implementation of the latest, and most comprehensive, data security measures.
We are also working to restore access to our website and continuing to work closely with law enforcement regarding these matters. We will continue to update you regarding the status of these matters.
Again, my sincerest apologies for this unfortunate incident.
Sincerely,
George Friedman
Bernd Pulch 