Monday, December 26, 2011
Inside the Stratfor hack—“Anonymous” denies responsibility, data was unencrypted
“The scary thing is that no matter what you do, every system has some level of vulnerability,” says Jerry Irvine, a member of the National Cyber Security Task Force. “The more you do from an advanced technical standpoint, the more common things go unnoticed. Getting into a system is really not that difficult.”
by Larry Geller
The pullquote above is the last paragraph of a New York Times story on a data breach at a company called Stratfor Global Intelligence. A version of it ran in the Monday edition of the Star-Advertiser with that paragraph cut. You can read the full story here: Hackers Breach the Web Site of Stratfor Global Intelligence (New York Times, 12/25/2011).
According o the NY Times, the credit card information taken was used to make charitable contributions. About 4,000 credit card numbers along with names and home addresses were taken, according to the story.
Stratfor’s customers are probably extremely pissed off.
They should, of course, have a few words with the folks that made the data breach possible. Not “Anonymous,” but Stratfor.
The Star-Advertiser article saved this for the very end:
The attack was also likely intended to embarrass Stratfor, which specializes in intelligence and security. The hackers said they were able to obtain the credit card details because, they said, Stratfor had failed to encrypt them.
So we have yet another case of a company failing to protect personal data.
If “getting into a system is really not that difficult,” all the more reason to encrypt the data stored there, and to keep it in a computer not accessible from the Internet. Stratfor didn’t do that.
Getting into a parked car is also not that difficult. So best not to leave valuables on the back seat in plain sight.
But there are further developments. “Anonymous” has denied the attack, according to new reports that have floated to the top of Google news:
"The Stratfor hack is not the work of Anonymous. Stratfor is an open source intelligence agency, publishing daily reports on data collected from the open Internet. Hackers claiming to be Anonymous have distorted this truth in order to further their hidden agenda, and some Anons have taken the bait," the group claimed in an online communiqué.
[TGDaily, Anonymous denies Stratfor hack, 12/26/2011]
Google, on a search for “Stratfor,” also turned up the actual purloined data posted on the web. If someone isn’t convinced that they should encrypt their data, they might have a look at this page, But look quickly, it’s possible that this data will be “disappeared” by authorities in due course.
So… is your personal data encrypted on your home computer? Just askin’.