Agentless Backup is Not a Myth

Stratfor has restored its website to normal operation on Wednesday, more than two weeks after a hack attack by Anonymous that made the global intelligence analyst firm a byword for information insecurity.

Members of Anonymous made off with stolen emails and credit-card data after breaking into Stratfor's chronically insecure website in early December, much earlier than previously acknowledged. The website, torched during the attack, was restored on Wednesday to normal operation, along with an apology of sorts from its chief exec for its poor pre-hack security.

The FBI made it clear that it expected the theft to be exposed by the hackers. We were under no illusion that this was going to be kept secret. We knew our reputation would be damaged by the revelation, all the more so because we had not encrypted the credit card files.

This was a failure on our part. As the founder and CEO of Stratfor, I take responsibility for this failure, which has created hardship for customers and friends, and I deeply regret that it took place. The failure originated in the rapid growth of the company. As it grew, the management team and administrative processes didn't grow with it.

The trickster hacktivists who hit Strafor not only stole its data but defaced its website and thrashed its systems, as Friedman explains.

With the credit card information stolen, I assumed that the worst was done. I was wrong.

Early in the afternoon of Dec 24, I was informed that our website had been hacked again. The hackers published a triumphant note on our homepage saying that credit card information had been stolen, that a large amount of email had been taken, and that four of our servers had been effectively destroyed along with data and backups. We had expected they would announce the credit card theft. We were dismayed that emails had been taken. But our shock was at the destruction of our servers. This attack was clearly designed to silence us by destroying our records and the website, unlike most attacks by such groups.

Strafor specialises in geopolitical analysis, but judging from Friedman's post it remains pretty much in the dark about the motives of the hackers who hit it with such force, beyond suggesting that they supposedly perceived Stratfor as the intelligence hub in a non-existent global conspiracy. Friedman suggests Anonymous was trying to silence it, defiantly boasting that these efforts have failed.

The attempt to silence us failed. Our website is back, though we are waiting for all archives to be restored, and our email is working again. Our failures have been reviewed and are being rectified. We deliberately shut down while we brought in outside consultants to rebuild our system from the ground up.

A video statement from Friedman can be found here.

Anonymous boasted of stealing Stratfor’s confidential client list as well as email spools and more than 4,000 credit card details after extracting 20GB of data from Stratfor's systems. One member boasted of plans to use the stolen credit card data to make donations to charities including the Red Cross. Such transactions are highly likely to be identified and reversed, potentially leaving charities worse off in the process (as a result of charge-back fees) but more likely just achieving a huge inconvenience all round.

Hacktivists threatened to release stolen emails but nothing much has come of this threat so far. Strafor provides intelligence services for law enforcement agencies, among others, making them target for anti-sec hacktivists, who enjoy exposing the security failings of infosec consultancies and FBI affiliates.

Various comments from the semi-official AnonymousIRC account gently mocked Stratfor's statement and Wednesday and mocked the supposed ability of the firm to keep its website available. "What's that? stratfor.com - Not able to keep up your site for just a few hours!?" Later the hacktivists added: "To avoid misinterpretations: we're NOT dosing #Stratfor. We just interpreted their statement. :)" ®

Steps to Take Before Choosing a Business Continuity Partner