Hackers expose email addresses and passwords of 242 NATO officials

Secretary General Anders Fogh Rasmussen at meeting of NATO foreign ministers, December 7, 2011

From Ed Pilkington and Richard Norton-Taylor, the Guardian:  Thousands of British email addresses and encrypted passwords, including those of defence, intelligence and police officials as well as politicians and Nato advisers, have been revealed on the internet following a security breach by hackers.

Among the huge database of private information exposed by self-styled "hacktivists" are the details of 221 British military officials and 242 Nato staff. Civil servants working at the heart of the UK government – including several in the Cabinet Office as well as advisers to the Joint Intelligence Organisation, which acts as the prime minister’s eyes and ears on sensitive information – have also been exposed.

The hackers, who are believed to be part of the Anonymous group, gained unauthorised access over Christmas to the account information of Stratfor, a consultancy based in Texas that specialises in foreign affairs and security issues. The database had recorded in spreadsheets the user IDs – usually email addresses – and encrypted passwords of about 850,000 individuals who had subscribed to Stratfor’s website.

Some 75,000 paying subscribers also had their credit card numbers and addresses exposed, including 462 UK accounts.

John Bumgarner, an expert in cyber-security at the US Cyber Consequences Unit, a research body in Washington, has analysed the Stratfor breach for the Guardian. He has identified within the data posted by the hackers the details of hundreds of UK government officials, some of whom work in sensitive areas. . . .

Among the leaked email addresses are those of 221 Ministry of Defence officials identified by Bumgarner, including army and air force personnel. Details of a much larger group of US military personnel were leaked. The database has some 19,000 email addresses ending in the .mil domain of the US military.

In the US case, Bumgarner has found, 173 individuals deployed in Afghanistan and 170 in Iraq can be identified. Personal data from former vice-president Dan Quayle and former secretary of state Henry Kissinger were also released. . . .

A government spokesman said: "We are aware that subscriber details for the Stratfor website have been published in the public domain. At present, there is no indication of any threat to UK government systems. Advice and guidance on such threats is issued to government departments through the Government Computer Emergency Response Team."

Cybersecurity Security & Defense United Kingdom United States and Canada

Image: ap%201%2010%2012%20Rasmussen.jpg