Father Noel Delivers His Second Lump of "LulzXmas" to Stratfor

Tuesday, December 27, 2011

Kevin McAleavey

Ba829a6cb97f554ffb0272cd3d6c18a7

They're ... back!

Just when you thought Gilligan, the Skipper too, the millionaire and his wife, the movie star and the rest were left behind on that OTHER island, there's an oil slick washing up on the shore of Infosec Island that requires that you might want to extinguish all smoking materials immediately.

While lost on that other tropical island, the Lulzboat was repainted and rechristened as the "Louise boat" but the unwashed lederhosen flying on its mast were a dead giveaway.

If only father Christmas had brought us some cannonballs ...

While many of us were nestled in our beds and enjoying Christmas day with family and friends, opening our gifts and downing the holiday grog, a nasty lump of coal was left once again under the tree for Stratfor, described as a large private intelligence corporation having fortune 500 companies and numerous intelligence agencies as their clients.

One year ago, "Antisec" (a/k/a "Anonymous") pilfered their servers and released numerous sensitive details and made off with purloined data in a "hack attack" on their Linux-based servers. This time, over 200GB of emails, credit card data and all of their information was looted before a very public "rm -rf *" was performed on their servers which knocked Stratfor off the internet.

And once the removals were complete, the defacements appeared (http://imagebin.org/190224) and in a video on the site:

If the video becomes unavailable, a mirror of the defacement can be found on Zone-H (thanks to http://theelitist.net/tag/hack for the link and source on this) And as has often been the case in 2011, nothing was apparently learned from the attack last year. One would THINK after so many lulz all this past year, that there would be adults in the glass room by now.

Once again, one year later, they've been attacked and "pwned" once again. A list of customers whose information was downloaded by "Anonymous" was uploaded to http://pastebin.com/8MtFze0s. Given that only one "cell" of the database is listed there, one can only imagine what the other "cells" not published contain, especially given that none of the extremely confidential data was encrypted according to the penetrators.

"AnonymousSabu" of Lulzboat fame reported "Over 90,000 Credit cards from LEA, journalists, intelligence community and whitehats leaked and used for over a million dollars in donations."

For those interested in the continuing soap opera side of this, other members of "Anonymous" disavow this attack vehemently in another pastebin post: http://pastebin.com/8yrwyNkt

The attackers also went out of their way in a long-winded tome to rub Frank Ginac's (IT manager) nose in the security issues at Stratfor publicly that is worth the read for any other admins who could leave their servers open to attack a second time: http://pastebin.com/CAWDEW8G

Business Insider also went into some specifics as to the attack of interest: http://www.businessinsider.com/stratfor-hacked-anonymous-2011-12 Apparently, the attacker who wrote this is located in France and that brings us back to our holiday theme. In French Christmas tradition, Père Noël has an assistant known as Père Fouettard.

Père Fouettard is kind of a ruffian whose task was to punish the children who have been naughty just like our malcontent here. French children were told that Fouettard would punish children who had been bad with a spanking while Père Noël would reward those who had been good with candy or other small gift.

Now I'm with TimeWarner's "road runner" in Albany, NY and apparently the coyote has actually caught and eaten the "dirty bird" here. My internet "service" here is absolutely abysmal, and I've begged Père Noël for 56k dialup which would be a vast improvement.

So could Lulz please have Père Fouettard stop by and administer a spanking? I would be grateful. kthxbye :) The "nouveau lulzers" promise many MORE attacks in the coming holiday week.

Are YOU on the gift list for the (Comment ce "Maurice Chevalier?") "Louise Boat?" You can follow them on http://twitter.com/#!/search?q=%23LulzXmas. --- Some update whilst waiting for this to post, even more drama emerges from the poopdeck of the good ship Lulzipop where the kaotic kidz are now arguing: http://pastebin.com/q5kXd7Fd http://pastebin.com/q5kXd7Fd (hint: there's no such thing as a "gold account" at 4chan, and "anonymous" left 4chan behind a long time ago)

And so, shore leave has been canceled as the "nouveau lulzers" are flinging bilge in every direction. The anonops feed isn't giving much valid information, and AnonymousIRC as well as YourAnonNews make this alleged mutiny all the more like McHale's Navy, with Sponge Bob apparently prepared to post the next pastebin. Meanwhile, they threaten to unleash more evidence of their cruise later today.

A three hour tour, indeed.

--- About the author: Kevin McAleavey is the architect of the KNOS secure operating system ( http://www.knosproject.com ) and has been in antimalware research and security product development since 1996.

Possibly Related Articles:
12312
Infosec Island Breaches Privacy
Information Security
Hacks breaches Anonymous Lulzsec
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.