Compromised Stratfor has criticised its attackers but at least the firm is back online – although its limited-time free access offer seems to have overburdened its servers
Stratfor, also known as Strategic Forecasting, is finally back online after a cyber-attack shut down the site last month.
Stratfor re-launched its newly designed site on 11 January, 18 days after a group of individuals claiming to be affiliated with the hacktivist collective Anonymous struck its servers on 24 December. The attackers breached Stratfor’s servers and stole information related to its subscribers and also defaced the site. The data, including 75,000 credit card numbers and 860,000 usernames and passwords, were dumped online. Nearly 50,000 of those addresses had a .mil or .gov domain.
Shortly after the incident, Stratfor said that it was going to delay re-launching the site in order to bring in a team of consultants and experts to address the underlying security issues and secure the environment. It decided to move all credit card management activities to a third-party company to better protect that type of customer data.
“This was our failure,” George Friedman, CEO of Stratfor, said in a message to subscribers, as reported by The Hacker News. “I take responsibility. I deeply regret that this occurred and created hardship for our customers and friends,” he wrote.
Friedman also revealed that the company had been targeted multiple times and had known for some time about the credit card theft. Friedman was first alerted to the theft in early December, weeks before the attackers publicised the incident on Twitter and Pastebin, he said. He said he did not disclose the breach immediately because the Federal Bureau of Investigation said there was an on-going investigation and asked for co-operation.
“I felt bound to protect our customers, who quickly had to be informed about the compromise of their privacy. I also felt bound to protect the investigation,” Friedman said. The FBI had informed credit card companies of the breach and had provided a list of compromised cards, so “our customers were therefore protected,” he said, adding, “We were not compelled to undermine the investigation.”
The company had failed to encrypt credit card data in its database, storing them in clear text. Analysis of the passwords, which were also stolen and dumped, revealed some lax security practices, such as not enforcing its own password rules on users when they were creating passwords.
The theft of emails, Website defacement, and destruction of four servers occurred on Christmas Eve as a separate attack, according to Friedman. “This attack was clearly designed to silence us by destroying our records and the Website,” he wrote.
However, Friedman criticised some of the misconceptions that emerged after the attack about what Stratfor does and does not do. There was no distinction made between subscribers, individuals and organisations who purchase publications and clients, who may request customised work, creating the impression that Stratfor received classified intelligence from corporate and government “clients”, Friedman said.
“We were no longer an organisation that analysed the world for the interested public, but rather a group of incompetents, and conversely, the hub of a global conspiracy,” Friedman said. He said news reports focused on the “incompetents” part while the hacking community focused on the “global conspiracy” part.
The culprits behind the attack had justified their actions by claiming that Stratfor received classified data from governments. “At the core of our business, we objectively acquire, organise, analyse and distribute information,” Friedman countered.
“It is interesting that the hacker community is split, with someone claiming to speak for the official Anonymous condemning the hack as an attack on the media, which they don’t sanction and another faction defending it as an attack on the rich and powerful,” Friedman wrote.
With the re-launch, Stratfor decided to make the site free to all visitors for a limited time. However, that seems to have backfired as the Website has been down for most of the day.
“Due to the high volume of interest in our new Website, we are currently encountering a service interruption. We are working with outside experts to increase our capacity to handle the increased traffic to the new Website,” according to a message posted on Stratfor.com.