It looks like the hactivist collective Anonymous has been targeting Big Oil by hitting Shell, Exxon, BP and two Russian firms—Gazprom and Rosneft—in what appears to be part of a protest against a form of drilling that damages the Artic environment. The most recent leak published around 1,000 credentials, e-mail addresses belonging to the firms, as well as hashed and unencrypted passwords.
With a dutiful sense of irony, the hackers used the stolen credentials to add signatures to Greenpeace’s “Save the Arctic” petition, says Kim Zetter of Wired. However, the hackers made certain that it’s understood that they and Anonymous are not affiliated with Greenpeace, just doing this in their honor.
According to the leak it was quite a haul: “After the full operation, a total amount of 96K petitions where signed at http://www.savethearctic.org/ (96,176 to be precise).”
The operation so-called #OpSaveTheArctic saw the credentials leaked on Pastebin and a manifesto accompanied the data:
“We know we’re going up against the most powerful countries and companies in the world,” the hackers write. “But together we have something stronger than any country’s military or any company’s budget. Our shared concern for the planet we leave our children transcends all the borders that divide us and makes us – together – the most powerful force today.”
This is the second hack in as many months and this one follows another credential leak from June [Pastebin.com]. That hack leaked around 300 credentials from Exxon-Mobil Corporation and apparently came about not from an outright exploit, but a mistake made by the webmaster (perhaps a misconfiguration of the webserver that exposed important data.)
Anonymous is well known for picking moralistic projects and hitting them hard using distribution and shaming techniques. The effect of taking the credentials and then using them to sign a Greenpeace petition to stop Artic drilling is the icing on the cake of this particular hack.
[Image credit: AP]
