Stratfor Hack: Anonymous-Affiliated Hackers Publish Thousands Of Credit Card Numbers

* List includes about 860,000 people

* Lists have data on former VP Dan Quayle, former CIA chief

(Adds details on credit card data, analyst comments)

By Jim Finkle

Boston, Dec 30 (Reuters) - Hackers affiliated with the
Anonymous group published hundreds of thousands of email
addresses belonging to subscribers of private intelligence
analysis firm Strategic Forecasting Inc along with thousands of
customer credit card numbers.

The lists, which were published on the Internet late on
Thursday, included information on people including former U.S.
Vice President Dan Quayle, former Secretary of State Henry
Kissinger and former CIA Director Jim Woolsey. They could not be
reached for comment.

The lists included information on large numbers of people
working for big corporations, the U.S. military and major
defense contractors - which attackers could potentially use to
target them with virus-tainted emails in an approach known as
"spear phishing."

The Antisec faction of Anonymous disclosed last weekend that
it had hacked into the firm, which is widely known as Stratfor
and is dubbed a "shadow CIA" because it gathers non-classified
intelligence on international crises.

The hackers had promised that the release of the stolen data
would cause "mayhem." A spokesperson for the group said via
Twitter that yet-to-be-published emails from the firm would show
"Stratfor is not the 'harmless company' it tries to paint itself

Antisec has not disclosed when it will release those emails,
but security analysts said they could contain information that
could be embarrassing for the U.S. government.

"Those emails are going to be dynamite and may provide a lot
of useful information to adversaries of the U.S. government,"
said Jeffrey Carr, chief executive of Taia Global Inc and author
of the book "Inside Cyber Warfare: Mapping the Cyber

Stratfor issued a statement on Friday confirming that the
published email addresses had been stolen from the company's
database, saying it was helping law enforcement probe the matter
and conducting its own investigation.

"At Stratfor, we try to foster a culture of scrutiny and
analysis, and we want to assure our customers and friends that
we will apply the same rigorous standards in carrying out our
internal review," the statement said.

"There are thousands of email addresses here that could be used for very targeted spear phishing attacks that could compromise national security," said John Bumgarner, chief technology officer of the U.S. Cyber Consequences Unit, a non-profit group that studies cyber threats.


The Pentagon said it saw no threat so far.

"We are not aware of any compromise to the DOD information
grid," said Lieutenant Colonel Jim Gregory, a spokesman for the
Department of Defense.

In a posting on the data-sharing website, the
hackers said the list included information from about 75,000
customers of Stratfor and about 860,000 people who had
registered to use its site. It said that included some 50,000
email addresses belonging to the U.S. government's .gov and .mil

The list also included addresses at contractors including
BAE Systems Plc, Boeing Co, Lockheed Martin Corp
and several U.S. government-funded labs that conduct
classified research in Oak Ridge, Tennessee; Idaho Falls, Idaho;
and Sandia and Los Alamos, New Mexico.

Corporations on the list included Bank of America,
Exxon Mobil Corp, Goldman Sachs & Co and Thomson

The entries included scrambled versions of passwords. Some
of them can be unscrambled using databases known as rainbow
tables that are available for download over the Internet,
according to Bumgarner.

He said he randomly picked six people on the list affiliated
with U.S. military and intelligence agencies to see if he could
crack their passwords.

He said he was able to break four of them, each in about a
second, using one rainbow table.

(Additional reporting by Tabassum Zakaria and Mark Hosenball in
Washington; Editing by Vicki Allen and Peter Cooney)