The lists, which were published on the Internet late on Thursday, included information on people including former US Vice President Dan Quayle, former Secretary of State Henry Kissinger and former CIA Director Jim Woolsey. They could not be reached for comment.
The lists included information on large numbers of people working for big corporations, the US military and major defense contractors - which attackers could potentially use to target them with virus-tainted emails in an approach known as "spear phishing."
The Antisec faction of Anonymous disclosed last weekend that it had hacked into the firm, which is widely known as Stratfor and is dubbed a "shadow CIA" because it gathers non-classified intelligence on international crises.
The hackers had promised that the release of the stolen data would cause "mayhem." A spokesperson for the group said via Twitter that yet-to-be-published emails from the firm would show "Stratfor is not the 'harmless company' it tries to paint itself as."
Antisec has not disclosed when it will release those emails, but security analysts said they could contain information that could be embarrassing for the US government.
"Those emails are going to be dynamite and may provide a lot of useful information to adversaries of the US government," said Jeffrey Carr, chief executive of Taia Global Inc and author of the book "Inside Cyber Warfare: Mapping the Cyber Underworld."
Stratfor issued a statement on Friday confirming that the published email addresses had been stolen from the company's database, saying it was helping law enforcement probe the matter and conducting its own investigation.
"At Stratfor, we try to foster a culture of scrutiny and analysis, and we want to assure our customers and friends that we will apply the same rigorous standards in carrying out our internal review," the statement said.
"There are thousands of email addresses here that could be used for very targeted spear phishing attacks that could compromise national security," said John Bumgarner, chief technology officer of the US Cyber Consequences Unit, a non-profit group that studies cyber threats.
No comments:
Post a Comment