Charities may pay price for holiday hacking of security firm


by Doug Miller / KHOU 11 News

Posted on December 26, 2011 at 7:39 PM

Updated Tuesday, Dec 27 at 12:41 PM

AUSTIN, Texas—Hackers who cracked into the computer system at an Austin-based security firm say they plan to use stolen credit card information gleaned from a “week of mayhem” to donate $1 million to charity.

But computer experts say the scheme will probably hurt worthy charities, forcing them to invest time and money charging back ill-gotten donations rejected by credit card companies and their customers. 

Cybercriminals claiming to be affiliated with Anonymous, a loose confederation of computer hackers, broke into the databases of Stratfor Global Intelligence, a security consulting service renowned worldwide for its analysis of information on everything from Mideast terrorist groups to Mexican drug cartels. 

The company says hackers stole personal data - including credit card numbers - submitted by subscribers to its newsletters.  The hackers claimed Stratfor didn’t bother encrypting them, a claim which, if true, would be a major embarrassment for any security-related company.

Hours after publishing what it claimed was Stratfor’s client list, Anonymous posted images online that it suggested were receipts for charitable donations made by the group manipulating the credit card data it stole.

“Thank you! Defense Intelligence Agency,” read the text above one image that indicated an agency employee’s information was used to donate $250 to a non-profit.

One credit card customer, a retiree who worked for the Texas Department of Banking, said he discovered $700 transferred from his account to various charities, including the Red Cross, Save the Children and CARE.

“It’s just costing us all time and money and ruining my Christmas ...,” Allen Barr said.  “Not

my Christmas spirit and not my family.  But it’s costing everyone involved.”

Among the victims who may end up paying for the scheme are the very charities receiving the donations.  Stratfor has already notified its subscribers about the breach, prompting many of them to check their credit card statements for unauthorized transactions.  Even customers who don’t heed Stratfor’s warning are more likely to check their credit card statements in the weeks after the Christmas holiday season, computer experts say.

“They will take efforts to actually stop the transactions,” said Mary Dickerson, the IT security chief for the University of Houston System.  “And so most likely these charities not only are not going to see money from these transactions, but they’re also going to incur fees from the credit card companies in having to credit back the money that’s being given to them.”

The hackers took responsibility for the Stratfor attack on Twitter and said the attack would be the beginning of a weeklong holiday hacking spree. The breach was the latest in the online group’s ongoing campaign of computer attacks aimed at MasterCard, Visa and PayPal as well as groups as diverse as the Church of Scientology, the Motion Picture Association of America and the Zetas, a Mexican crime syndicate.

But the connection between the attacks is murky.  Shortly after the Christmas hack at Stratfor, a news release circulating on the Internet claimed that the confederation known as Anonymous had nothing to do with the attack and decried its perpetrators as “nothing more than opportunistic attention whores.”  Computer security experts interpreted the news release as an indication there’s a rift in the loose coalition of hackers that’s recently staged heavily publicized breaches of computer security systems.

“As a media source, Stratfor’s work is protected by the freedom of press, a principle which Anonymous values greatly,” the release said.  “This hack is most definitely not the work of Anonymous.”