11 January 2012
Stratfor Back Online
Previous:
http://cryptome.org/0005/stratfor-hack.htm
Stratfor.com 2012-Jan-11-12:08:
Several of the Stratfor.com links below do not work, perhaps because of the
sneaky subscriber-tracking code contained.
A sends:
Hello, looks like stratfor is back.
---------- Forwarded message ----------
From: Stratfor
<mail@response.stratfor.com>
Date: 2012/1/11
Subject: Stratfor: Back online + new Geopolitical Weekly
Watch this video of George Friedman on
the
hacking incident
More info on
the
attack
Dear Stratfor Member,
We are happy to announce that our website is back online.
Visit
Stratfor.com to view our 2012 Annual Forecast, as well as fresh analyses
on Syria, Iraq and Lithuania and our Geopolitical Diary.
Below you will find a special edition of the Geopolitical Weekly by George
Friedman on Stratfor's security breach.
We may experience brief service interruptions as we work to handle the high
level of interest in the new website. If you have trouble connecting to the
new site, please check back again soon.
While we continue to rebuild our infrastructure and website capabilities,
you will be able to access our content online without having to log in. We
are aggressively implementing our plan to reintegrate customers securely,
as this is our top priority. In the next several days, we will be informing
you about how to establish a new password and update your billing information.
In the meantime, visit
our
website to read fresh content every day.
We deeply regret that an unauthorized party illegally obtained and disclosed
the credit card data of some of you. We are making certain that this will
never happen again by having a third party with appropriate security safeguards
handle all credit card transactions in the future. We hope that you have
taken advantage of the
CSID
identity protection service we have provided.
We understand that you have many questions. Check out
www.stratfor.com/hacking-news,
a website we've created to give you a full rundown of the incident and our
plan to address your concerns.
Please contact us at
feedback@stratfor.com with any
questions, as well as any comments you may have on the Geopolitical Weekly
below.
Thank you again for your patience as we work to secure our website and resume
normal operations.
- The Stratfor Team
Geopolitical Weekly: The Hack on Stratfor
By George Friedman | January 11, 2012
In early December I received a call from Fred Burton, Stratfor's Vice President
of Intelligence. He told me he had received information indicating our website
had been hacked and our customer credit card and other information had been
stolen. The following morning I met with an FBI special agent, who made clear
that there was an ongoing investigation and asked for our cooperation. We,
of course, agreed to cooperate. The matter remains under active investigation.
From the beginning I faced a dilemma. I felt bound to protect our customers,
who quickly had to be informed about the compromise of their privacy. I also
felt bound to protect the investigation. That immediate problem was solved
when the FBI told us it had informed the various credit card companies and
had provided those companies with a list of compromised cards while omitting
that it had come from us. Our customers were therefore protected, as the
credit card companies knew the credit cards and other information had been
stolen and could act to protect the customers. We were not compelled to undermine
the investigation.
The FBI made it clear that it expected the theft to be exposed by the hackers.
We were under no illusion that this was going to be kept secret. We knew
our reputation would be damaged by the revelation, all the more so because
we had not encrypted the credit card files. This was a failure on our part.
As the founder and CEO of Stratfor, I take responsibility for this failure,
which has created hardship for customers and friends, and I deeply regret
that it took place. The failure originated in the rapid growth of the company.
As it grew, the management team and administrative processes didn't grow
with it. Again, I regret that this occurred and want to assure everyone that
Stratfor is taking aggressive steps to deal with the problem and ensure that
it doesn't happen again.
From the beginning, it was not clear who the attackers were. The term "Anonymous"
is the same as the term "unknown." The popular vision of Anonymous is that
its members are young and committed to an ideology. I have no idea if this
is true. As in most affairs like this, those who know don't talk; those who
talk don't know. I have my theories, which are just that and aren't worth
sharing.
I was prepared for the revelation of the theft and the inevitable criticism
and negative publicity. We worked to improve our security infrastructure
within the confines of time and the desire to protect the investigation by
not letting the attackers know that we knew of their intrusion. With the
credit card information stolen, I assumed that the worst was done. I was
wrong.
Early in the afternoon of Dec. 24, I was informed that our website had been
hacked again. The hackers published a triumphant note on our homepage saying
that credit card information had been stolen, that a large amount of email
had been taken, and that four of our servers had been effectively destroyed
along with data and backups. We had expected they would announce the credit
card theft. We were dismayed that emails had been taken. But our shock was
at the destruction of our servers. This attack was clearly designed to silence
us by destroying our records and the website, unlike most attacks by such
groups.
Attacks against credit cards are common, our own failures notwithstanding.
So are the thefts of emails. But the deliberate attack on our digital existence
was a different order of magnitude. As the global media marveled at our failure
to encrypt credit card information, my attention was focused on trying to
understand why anyone would want to try to silence us.
In the days that followed, a narrative evolved among people claiming to speak
for Anonymous and related groups. It started with looking at our subscriber
list and extracting corporate subscribers who were now designated as clients.
The difference between clients and subscribers is important here. A client
is someone you do customized work for. A subscriber is simply someone who
purchases a publication, unchanged from what others read. A subscriber of
The New York Times is not its client. Nevertheless, some of the media started
referring to these subscribers as clients, reflecting the narrative of those
claiming to speak with knowledge of our business.
From there, the storyline grew to argue that these "clients," corporate and
government, provided Stratfor with classified intelligence that we reviewed.
We were no longer an organization that analyzed the world for the interested
public, but rather a group of incompetents and, conversely, the hub of a
global conspiracy. The media focused on the first while the hacking community
focused on the second.
This was why they stole our email, according to some of them. As one person
said, the credit cards were extra, something they took when they realized
they could. It was our email they were after. Obviously, we were not happy
to see our emails taken. God knows what a hundred employees writing endless
emails might say that is embarrassing, stupid or subject to misinterpretation.
What will not appear is classified intelligence from corporations or governments.
They may find, depending on what they took, that we have sources around the
world, as you might expect. It is interesting that the hacker community is
split, with someone claiming to speak for the official Anonymous condemning
the hack as an attack on the media, which they don't sanction, and another
faction defending it as an attack on the rich and powerful.
The interpretation of the hackers as to who we are -- if indeed that was
their interpretation -- was so wildly off base as to stretch credulity. Of
course, we know who we are. As they search our emails for signs of a vast
conspiracy, they will be disappointed. Of course we have relationships with
people in the U.S. and other governments and obviously we know people in
corporations, and that will be discovered in the emails. But that's our job.
We are what we said we were: an organization that generates its revenues
through geopolitical analysis. At the core of our business, we objectively
acquire, organize, analyze and distribute information.
I don't know if the hackers who did this feel remorse as they discover that
we aren't who they said we were. First, I don't know who they actually are,
and second, I don't know what their motives were. I know only what people
claiming to be them say. So I don't know if there is remorse or if their
real purpose was to humiliate and silence us, in which case I don't know
why they wanted that.
And this points to the real problem, the one that goes beyond Stratfor's
own problem. The Internet has become an indispensible part of our lives.
We shop, communicate, publish and read on it. It has become the village commons
of the planet. But in the village commons of old, neighbors who knew and
recognized each other met and lived together. Others knew what they did in
the commons, and they were accountable.
In the global commons, anonymity is an option. This is one of the great virtues
of the Internet. It is also a terrible weakness. It is possible to commit
crimes on the Internet anonymously. The technology that enables the Internet
also undermines accountability. Given the profusion of technical knowledge,
the integrity of the commons is in the hands of people whose identities we
don't know, whose motives we don't understand, and whose ability to cause
harm is substantial. The consequence of this will not be a glorious anarchy
in the spirit of Guy Fawkes, but rather a massive repression. I think this
is a pity. That's why I wonder who the hackers actually are and what cause
they serve. I am curious as to whether they realize the whirlwind they are
sowing, and whether they, in fact, are trying to generate the repression
they say they oppose.
The attempt to silence us failed. Our website is back, though we are waiting
for all archives to be restored, and our email is working again. Our failures
have been reviewed and are being rectified. We deliberately shut down while
we brought in outside consultants to rebuild our system from the ground up.
The work isn't finished yet, but we can start delivering our analyses. The
handling of credit cards is being handed off to a third party with appropriate
capability to protect privacy. We have acted to help our customers by providing
an identity theft prevention service. As always, we welcome feedback from
our supporters as well as our critics.
We are fortunate that we have the financial resources and staff commitment
to survive the attack. Others might not. We are now in a world in which anonymous
judges, jurors and executioners can silence whom they want. Take a look at
the list of organizations attacked. If the crushing attack on Stratfor is
the new model, we will not be the last. No security system is without flaws
even if it is much better than Stratfor's was.
We certainly expect to be attacked again, as we were last week when emails
were sent out to members from a fake Stratfor address including absurd messages
and videos. Our attackers seem peculiarly intent on doing us harm beyond
what they have already done. This is a new censorship that doesn't come openly
from governments but from people hiding behind masks. Do not think we will
be the last or that we have been the first.
We will continue to publish analysis and sell it to those who believe it
has value. To our subscribers who have expressed such strong support, we
express our deepest gratitude. To our critics, we assure you that nothing
you have said about us represents a fraction of what we have said about
ourselves. While there is much not to be proud of in this affair, I am proud
beyond words of all my dedicated colleagues at Stratfor and am delighted
to return our focus to analyzing critical international affairs.
To all, I dedicate myself to denying our attackers the prize they wanted.
We are returning to the work we love, dedicated to correcting our mistakes
and becoming better than ever in analyzing and forecasting how the world
works.
Comments? Send them to
feedback@stratfor.com.
Click
here to unsubscribe from future emails.
STRATFOR
221 W. 6th Street, Suite 400
Austin, TX 78701
US
|