Anti-Israel Hacking Collective Strikes Again

Parastoo claims to have hacked contractor linked to sensitive nuclear data

February 26, 2013

A major security consulting group that works with the U.S. government has admitted its internal servers were breached in an attack believed to have been carried out by an anti-Israel hacking collective.

The hacker group known as Parastoo claims to have stolen nuclear information, credit card information, and the personal identities of thousands of customers, including individuals associated with the United States military, that work with IHS Inc., a global information and analytics provider which includes IHS’s Janes, a publisher of security and defense information.

IHS confirmed to the Washington Free Beacon Tuesday that its servers had been breached, but maintained that no confidential information was comprised.

"IHS has become aware that an outside organization has illegally accessed some of our servers," said IHS spokesperson Ed Mattix. "Based on our investigation to date, the stolen information is content from books, magazines, and websites previously published in the public domain as part of normal IHS publishing activities."

"Since it is previously published in the public domain, there is nothing confidential or privileged contained in the information," Mattix said, adding that IHS is "continuing our investigation into this theft of our information and we are working to ensure that we remediate any vulnerability in our system."

Parastoo is an anti-Israel hacking collective linked to the Anonymous group that has also breached the Energy Department and the International Atomic Energy Agency (IAEA). It claimed in a statement posted to the website Cryptome to have obtained "8,500 records of distinctive current customers," of IHS, around 70 percent of which "are [government], military, or their contractors."

Among the more critical data stolen from IHS pertains to Jane's Chemical, Biological, Radiological, and Nuclear (CBRN) Assessments Intelligence Centre, according to the statement, which includes detailed source codes outlining how the anti-nuclear Parastoo carried out the hack.

CBRN data is primarily used to defend against and mitigate the effects of a major nuclear or chemical attack.

One of Parastoo’s chief goals is to reveal sensitive nuclear data in a bid to pressure the Israeli government and others to disclose their nuclear activities. The group is believed to have stolen "highly sensitive" nuclear data and satellite imagery from the IAEA in December.

Parastoo claims it now possesses the personal information related to "roughly 800 individuals linked to nuclear programs of 17 active countries."

It also claimed to have obtained sensitive "geo-spatial intelligence on roughly 180 in-service CBRN facilities around the globe," of which "close to 100 facilities officially belong to [government] or military."

Detailed information pertaining to "roughly 3,000 event[s] related to CBRN incidents from 1999 to [January] 2013" also were seized, Parastoo said.

Additionally, Parastoo claims to have stolen credit card numbers and other information relating to or connected with Israel.

"We made sure we get everything related to Israel since we read they get free 5th-[generation] fighters and jet fuel paid by American tax payers," the group wrote.

The group vowed to use the information to seize unnamed servers in Israel "for a greater good."

Moreover, Parastoo claims to have obtained the personal information of roughly 4,500 "companies who produce parts of a nuclear program" during the hack, which the group claims took around six months.

Commercial nuclear targets that contract with IHS and Jane’s were also hit, Parastoo claims.

This includes the personal information pertaining to some 11,000 companies doing nuclear-oriented "research, manufacturing parts, selling whole products, consultations, [and] regulations," as well those companies dealing with the "fabrication of sensitive detection and defense equipment against CBRN," the group claims.

Parastoo also stole more than 450,000 credit card records from some of IHS’s largest commercial clients, including Pepsi and BMW.

"Records contain names of contact points, their address and phone, [business] history with IHS-owned services and links to other databases on internal network containing more than 450,000 credit card info and purchase history from a roughly 10-year period," Parastoo wrote.

Parastoo claims it "did not meet any considerable it defense" as it penetrated IHS’s network.

Parastoo successfully penetrated the IAEA’s servers twice in late 2012, taking "highly sensitive information, including confidential ‘SafeGuard’ documents, satellite images, official letters, [and] presentations," according to the group’s statement at the time.

The hacking group also was suspected to be part of a sophisticated cyber break of the Energy Department’s networks in January.

Parastoo has demanded the IAEA investigate Israel’s Negev Nuclear Research Center located near the southern city of Dimona, which is suspected to house nuclear arms.