Anonymous at it again with cyberattack on military supplier
After weeks out of the spotlight, the international hacker collective Anonymous has thrust itself back into the consciousness of the online security community with a pair of holiday revelations. According to the group, its members were able to compromise several thousand accounts held by military gear supplier SpecialForces.com.
The hacktivists claim to have breached the site several months ago, according to CNET, but have waited until now to chronicle the full scope of plundered data. As a result of the incident, Anonymous may have walked away with as many as 14,000 customer passwords and 8,000 credit card numbers.
The group mockingly commended website administrators for their comparatively strong use of data encryption techniques - a strategy that was allegedly absent in the cybersecurity plans of previously breached target Stratfor.
"To be fair, at least SpecialForces.com did store their customers' credit card information using blowfish encryption," Anonymous representatives noted in a related online posting. "Nevertheless, our voodoo prevailed and we were quickly able to break back into the military supplier's server and steal their encryption keys. We then wrote a few simple functions to recover the cleartext passwords, credit card numbers and expiration dates."
Some fear that the worst of these attacks is yet to come, with Anonymous members continually referencing their intentions for a week-long campaign targeting government, military and financial institutions around the world. The parting shot included in the group's announcement included a thinly-veiled reference to the WikiLeaks scandal and directed threats at Bradley Manning's perceived oppressors.
Yet despite these concerning revelations, some believe that the circumstances of this attack show a chink in the group's armor and have suggested that the group is simply posturing at this point.
"We have no evidence of any further security breaches, and we believe that the recent Stratfor incident is being used to bring this old news back into the spotlight," SpecialForces.com founder Dave Thomas told CNET. "Most of the credit card numbers are expired, and we don't have evidence of any credit card misuse at this time. The current website does not store customer passwords or credit card information."
Although the ultimate fallout from these incidents remains to be seen, it has become increasingly clear that cybercriminals around the world are routinely gaining access to sensitive information held by perceived security authorities. As this trend continues, it may be time for consumers to be more proactive in their data protection measures with advanced password organizer strategies and vigilant monitoring of their finances.