Stratfor Hack Hindsight: Anonymous Only Hurting ‘Innocent Members of the Public’
Image Credit: AnonOps/IBTimes UK

With Stratfor's website back online security experts have issued statements attacking the Anonymous collective, suggesting its "hacktivist" antics are doing more harm than good, hurting the very people it claims to represent.

Speaking to the International Business Times UK, Sophos senior technology consultant, Graham Cluley, clarified his belief that while the collective had helped bring to light certain issues regarding the world's attitude towards cyber security, it was doing more harm than good.

"Certainly high profile hacks have raised the agenda of IT security in many companies. But I don't think that justifies the attacks," commented Cluley when asked about Anonymous' effect on the security industry. Later, specifically referring to the collective's recent attack on Stratfor, adding:

"What is perhaps more of a security wake-up call is when simple techniques allow hackers to gain access to sensitive information (such as customer details, credit card data etc) because of a weakness in a company's website security for example, or bad policies regarding passwords or a lack of strong encryption.

"Although some may find the hacking activities of Anonymous amusing in many case it's innocent members of the public who are put at risk by their actions. For instance, the thousands of customers who have their personal information and credit card data released into the wild are exposed by Anonymous. That's no laughing matter, and it's something that people should think about next time they applaud the hacking activities of Anonymous."

Cluley's statements run contrary to Anonymous' own portrayal of itself. A central tenant of the Anonymous collective has always been the notion that its attacks are done on behalf of the people. While the motivation between each attack changes - some being enacted to protest specific government policies, others to "punish" perceived crimes against the public - Anonymous has always insisted it is a force for good.

Anonymous announced the attack on Stratfor on 26 December via a post on the Pastebin website. In its statement the collective claimed to have successfully bypassed Stratfor's online security, stealing roughly 50,000 credit card numbers, 87,000 email addresses and 44,000 encrypted passwords. The collective went on to follow up its initial attack targeting the company's servers.

Stratfor's website went back online on 11 January, alongside a statement from Stratfor CEO George Friedman apologising for the loss of the data and the fact that the information was not encrypted. In his apology Friedman was quick to note that the credit information used by Anonymous included "subscribers" as well as "clients" - meaning a number of people affected by the attack were innocent bystanders guilty of nothing else but subscribing to the company's mailing list of publications.

Stratfor is a Texas-based company that produces analysis on international security issues. Its client list includes numerous banks, oil companies and law enforcement agencies. Outside of Stratfor the collective has mounted similar campaigns against numerous government and corporate targets. Most recently, Anonymous biggest western offensive has seen it focus its energies on protesting the US' Stop Online Piracy Act (SOPA).

Anons seeking to respond or refute Cluely's comments should contact the writer of this piece; a.stevenson@ibtimes.co.uk.