Just days after a successful attack on the security think tank Stratfor, Anonymous, the anarchic hacking collective, is getting headlines again for an attack on Specialforces.com, a Web site used by members of the armed forces law enforcement officers and gun enthusiasts. However, an employee working for the online store said the group is playing the media by taking credit for a hack that happened months ago.
The group on Tuesday posted notice of the attack on the Website, specialforces.com, an online store and community that caters to military and gun enthusiasts. The site sells guns, ammunition and military surplus equipment and other supplies and counts members of the U.S. military and special forces, as well as law enforcement officers and private security professionals among its customers. Details of more than 18,000 customers of specialforces.com have been leaked, according to data reviewed by Threatpost.
In a message posted on the Web site hacktalk.net, an individual claiming to represent Anonymous, linked the attack to the hack earlier this week of Stratfor and said it was part of a “week long celebration of wreaking utter havoc on global financial systems, militaries, and governments.” Specialforces.com was targeted because of its customers, who the group said were “military and law enforcement affiliated individuals who the attackers linked to recent police actions against student protestors and members of the Occupy Wall Street movement.
An employee at Specialforces.com acknowledged that a breach took place, but said it happened more than six months ago and suggested the group was recycling old news to promote its image.
“We got hacked about six months ago,” said the employee, who asked not to be named, in a phone conversation with Threatpost. The company informed its customers of the breach at the time, though now public mention of it appears on the Specialforces.com Web site, he claimed.
The breach included the theft of credit card information, which was encrypted. However, Anonymous claims to have been able to decrypt it by way of a a separate attack on the military supplier’s server which yielded the private encryption keys used to protect the passwords. “We then wrote a few simple functions to recover the cleartext passwords, credit card numbers, and expiration dates to all their customers’ cards,” the group wrote.
It was unclear Wednesday whether the attack on Specialforces.com was, in fact, an old incident that was being publicized now to create the impression of a sustained campaign.
Joshua Corman, the Director of Security Intelligence at Akamai said that Anonymous has proven itself to be media savvy, and that the coordinated disclosure of breaches as part of the group’s “LulzXmas” may be part of a campaign to promote the perception of the group’s hacking prowess. “They certainly know that a tight cluster of successful attacks will make a bigger splash than the drip, drip, drip of revelations,” Corman told Threatpost. “It’s very possible that these targets were compromised a while ago, while other, failed hacks are hidden from view entirely.