Feeds

Stratfor slaps website back online after Anon mega-hack

CEO: Hacktivists can't silence us - and soz about the credit cards

Combat fraud and increase customer satisfaction

Stratfor has restored its website to normal operation on Wednesday, more than two weeks after a hack attack by Anonymous that made the global intelligence analyst firm a byword for information insecurity.

Members of Anonymous made off with stolen emails and credit-card data after breaking into Stratfor's chronically insecure website in early December, much earlier than previously acknowledged. The website, torched during the attack, was restored on Wednesday to normal operation, along with an apology of sorts from its chief exec for its poor pre-hack security.

Chief among Stratfor's mistakes was the failure to encrypt the credit card files that hacktivists stole and later dumped online. George Friedman, chief exec of Stratfor, blamed the rapid growth of the firm for this school boy error, which it has belatedly rectified.

The FBI made it clear that it expected the theft to be exposed by the hackers. We were under no illusion that this was going to be kept secret. We knew our reputation would be damaged by the revelation, all the more so because we had not encrypted the credit card files.

This was a failure on our part. As the founder and CEO of Stratfor, I take responsibility for this failure, which has created hardship for customers and friends, and I deeply regret that it took place. The failure originated in the rapid growth of the company. As it grew, the management team and administrative processes didn't grow with it.

The trickster hacktivists who hit Strafor not only stole its data but defaced its website and thrashed its systems, as Friedman explains.

With the credit card information stolen, I assumed that the worst was done. I was wrong.

Early in the afternoon of Dec 24, I was informed that our website had been hacked again. The hackers published a triumphant note on our homepage saying that credit card information had been stolen, that a large amount of email had been taken, and that four of our servers had been effectively destroyed along with data and backups. We had expected they would announce the credit card theft. We were dismayed that emails had been taken. But our shock was at the destruction of our servers. This attack was clearly designed to silence us by destroying our records and the website, unlike most attacks by such groups.

Strafor specialises in geopolitical analysis, but judging from Friedman's post it remains pretty much in the dark about the motives of the hackers who hit it with such force, beyond suggesting that they supposedly perceived Stratfor as the intelligence hub in a non-existent global conspiracy. Friedman suggests Anonymous was trying to silence it, defiantly boasting that these efforts have failed.

The attempt to silence us failed. Our website is back, though we are waiting for all archives to be restored, and our email is working again. Our failures have been reviewed and are being rectified. We deliberately shut down while we brought in outside consultants to rebuild our system from the ground up.

A video statement from Friedman can be found here.

Anonymous boasted of stealing Stratfor’s confidential client list as well as email spools and more than 4,000 credit card details after extracting 20GB of data from Stratfor's systems. One member boasted of plans to use the stolen credit card data to make donations to charities including the Red Cross. Such transactions are highly likely to be identified and reversed, potentially leaving charities worse off in the process (as a result of charge-back fees) but more likely just achieving a huge inconvenience all round.

Hacktivists threatened to release stolen emails but nothing much has come of this threat so far. Strafor provides intelligence services for law enforcement agencies, among others, making them target for anti-sec hacktivists, who enjoy exposing the security failings of infosec consultancies and FBI affiliates.

Various comments from the semi-official AnonymousIRC account gently mocked Stratfor's statement and Wednesday and mocked the supposed ability of the firm to keep its website available. "What's that? stratfor.com - Not able to keep up your site for just a few hours!?" Later the hacktivists added: "To avoid misinterpretations: we're NOT dosing #Stratfor. We just interpreted their statement. :)" ®

Combat fraud and increase customer satisfaction

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Canadian taxman says hundreds pierced by Heartbleed SSL skewer
900 social insurance numbers nicked, says revenue watchman
German space centre endures cyber attack
Chinese code retrieved but NSA hack not ruled out
Burnt out on patches this month? Oracle's got 104 MORE fixes for you
Mass patch for issues across its software catalog
Reddit users discover iOS malware threat
'Unflod Baby Panda' looks to snatch Apple IDs
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.