December 30, 2011
Anonymous Confirms August Hacking Of Military Supply Site
Members of the hacking collective Anonymous announced this week that they had breached the database of a military supply Web site earlier this month, reportedly obtaining 14,000 passwords and the credit card information of nearly 8,000 customers in the process.
According to a Thursday article by Chloe Albanesius of PCMag, Anonymous targeted the website, SpecialForces.com, "their customer base is comprised primarily of military and law enforcement affiliated individuals, who have for too long enjoyed purchasing tactical combat equipment from their slick and 'professional' looking website."
Albanesius notes that the attack was carried out by the same hackers who were responsible for the attack on the security firm Stratfor Global Intelligence on Christmas Eve.
Anonymous claims that the SpecialForces.com attack was done to show the group's support for Bradley Manning, who currently faces charges related to the release of confidential military information to Wikileaks, and the Occupy Wall Street protesters.
A communiquÃ© released by the hackers involved and quoted by Trent Nouveau of TGDaily said, "SpecialForces.com was just no match for our hella wicked black hat voodoo. We were quickly able to break back into the military supplier's server and steal their encryption keys. We then wrote a few simple functions to recover the cleartext passwords, credit card numbers, and expiration dates to all their customers' cards. That's how we roll."
The group also posted an email, distributed by SpecialForces.com parent Special Forces Gear that acknowledged the attack. In that email, the company said that they were investigating the incident, working with the FBI, and working with third-party experts to improve their website security.
In a statement, Special Forces Gear representatives told PCWorld's Ian Paul that the attacks had taken place in August 2011 and resulted "in a security breach that allowed the hackers to obtain customer usernames, passwords, and possibly encrypted credit card information in some cases."
"The compromised customer passwords were from a backup of a previous version of the website that is over a year old. Most of the credit card numbers are expired, and we don't have evidence of any credit card misuse at this time. The current website does not store customer passwords or credit card information... After the security breach, we completely rebuilt our website and hired third-party consultants to help us shore up website security," they added.
Spokesman Dave Thomas told Albanesius that the company believed that the recent hacking of Stratfor was being used "to bring this old news back into the spotlight." He added that the site continued to be up and running, and that SpecialForces.com had found "no evidence of any further security breaches."
On the Net: