As a follow up to my previous post, I’d like to comment on the Reuters article where WikiLeaks is publishing hundreds of thousands of internal emails from security think tank Stratfor:

WikiLeaks did not say how it had acquired access to the vast haul of internal and external correspondence of the Austin, Texas company, formally known as Strategic Forecasting Inc.

Hackers linked to the loosely organized Anonymous hackers group said at the beginning of the year they had stolen the email correspondence of some 100 of the firm's employees. The group said it planned to publish the data so the public would know the "truth" about Stratfor operations.

This is easy to figure out:

  1. In December (or maybe earlier), Anonymous broke into Stratfor and stole much of their customer base’s unencrypted information and the company’s internal emails.

  2. They posted the subscribers’ email addresses on Pastebin where spammers collected them and have been using them in spear phishing attacks.

  3. Anonymous gave the emails to WikiLeaks.

That third point is really obvious.  Where else could WikiLeaks have possibly gotten the emails from?