Stratfor back online after cyberhack

Jan 11, 2012 By CASSANDRA VINOGRAD , Associated Press
The home page of the Stratfor website is seen on a computer monitor in London Wendesday Jan 11, 2012. Security analysis firm Stratfor has relaunched its website after hackers brought down its servers and stole thousands of credit card numbers and other personal information belonging to its clients. Stratfor acknowledged Wednesday that the company had not encrypted customer information a major embarrassment for a security company. (AP Photo/Cassandra Vinograd)

(AP) -- Global intelligence analysis firm Stratfor has relaunched its website after hackers brought down its servers and stole thousands of credit card numbers and other personal information belonging to its customers.

Chief Executive George Friedman acknowledged for the first time Wednesday that the company had not encrypted and said this decision had embarrassed the company.

Loose-knit hacking collective Anonymous, which claimed responsibility for the attack over the Christmas holidays, had said it was able to get the details in part because Stratfor didn't bother encrypting them.

"It was a truly unforgivable failure and I feel awful about it," Friedman told The Associated Press in a telephone interview. "Sometimes in rapid growth, you make a mistake. That's not an excuse, that's not a ... It's an explanation."

Stratfor had previously declined to say if the information was left unencrypted. Members of Anonymous have said it was targeting companies "that play fast and loose with their customers' private and sensitive information."

The company said Wednesday that it was moving its entire e-commerce process to a third-party system, which will eliminate the need to store credit information.

Friedman also revealed that the company was targeted more than once by and had known for some time about a .

He said he was first alerted to a website hack in early December - weeks before Anonymous took to Twitter to boast of bringing down the website and stealing a stash of numbers, emails and other data from the company.

The hackers said then that their goal was to use the stolen credit information to donate to at Christmas, and some victims confirmed unauthorized transactions were made from their credit accounts.

Austin, Texas-based Stratfor is a subscription-based publisher providing political, economic and military analysis to help customers reduce risk. It charges subscribers for its reports and analysis, delivered through the web, emails and videos.

On Tuesday, Friedman said he had met with an FBI agent in early December after being informed by the company's vice president of intelligence that customers' had been stolen.

He said he had felt torn over the need to protect and personally inform customers at the time, but that the FBI was setting the rules and wanted to conduct its investigation without tipping the hackers off.

"It was very important to them that the criminals not know the extent to which we had knowledge of the damage," Friedman explained, saying the FBI had assured him that it had informed credit card companies about compromised cards.

"We were caught between a very difficult situation where the FBI had control of the investigation and expected certain care in that investigation - and the need to protect our customers," said Friedman. "What little we could do, we did."

Still, he said he was under "no illusion" that the breach would be exposed.

"We knew our reputation would be damaged by the revelation, all the more so because we had not encrypted the credit card files," Friedman said in a note to subscribers announcing the website's relaunch.

But he told the AP that subscribers have stood by the company and subscriptions have held up in light of the attack.

"Our customers are primarily focused on the criminals," he said. "Some customers have been critical, but the primary theme isn't that 'you didn't know how to lock the door,' but 'locked or not, what are these people doing coming in?'"

While dismayed over stolen emails in the previous breach, Friedman said he was "stunned" to learn that the company's servers were "effectively destroyed" in another hack on Dec. 24.

"I was absolutely unprepared for their attempt to destroy us," Friedman said, describing how hackers took full control of the servers, overrode the systems and made recovery "just about impossible."

"Our systems were shredded," he explained. "The destruction of our servers and our backups... was clearly intended to take us offline and silence us."

Stratfor said it was continuing to cooperate with an FBI investigation into the attack.

Explore further: Thieves got into 1K StubHub accounts

not rated yet
add to favorites email to friend print save as pdf

Related Stories

Anonymous releases more Stratfor data

Dec 30, 2011

Online "hacktivist" group Anonymous has released a trove of email addresses and credit card numbers stolen from the website of intelligence analysis firm Stratfor and promised further attacks.

Stratfor warns hacking victims of further woes

Dec 27, 2011

US intelligence analysis firm Stratfor has warned its members whose emails and credit card information were hacked that they could be targeted a second time for speaking out on behalf of the company. ...

'Anonymous' hackers target US security think tank

Dec 25, 2011

Hackers with the loose-knit movement "Anonymous" claimed on Sunday to have stolen a raft of emails and credit card data from U.S.-based security think tank Stratfor, promising it was just the start of a weeklong, ...

US, British officials victims of Stratfor hack: press

Jan 09, 2012

Email addresses and passwords belonging to British, US and NATO officials were posted online following the hacking of a US intelligence analysis firm over Christmas, the Guardian daily reported Monday.

Citigroup says 360,000 affected by hackers

Jun 16, 2011

Hackers stole account information of more than 360,000 of Citigroup Inc.'s U.S. credit card customers in a recent data breach, the bank said Wednesday, almost double the number initially thought.

Recommended for you

Social Security spent $300M on 'IT boondoggle'

8 hours ago

(AP)—Six years ago the Social Security Administration embarked on an aggressive plan to replace outdated computer systems overwhelmed by a growing flood of disability claims.

Six charged in global e-ticket hacking scheme

9 hours ago

Criminal charges were filed Wednesday against six people in what authorities said was a global cyber-crime ring that created fraudulent e-tickets for major concerts and sporting events.

User comments : 2

Adjust slider to filter visible comments by rank

Display comments: newest first

fmfbrestel
not rated yet Jan 11, 2012
"I was absolutely unprepared for their attempt to destroy us," Friedman said, describing how hackers took full control of the servers, overrode the systems and made recovery "just about impossible."
"Our systems were shredded," he explained. "The destruction of our servers and our backups..."


Really? How naive can the CEO be? Did he think they were going to loot the place and NOT set it on fire when they left?
fmfbrestel
not rated yet Jan 11, 2012
Once they get full control, which they obviously did, you can start flashing the BIOS and really cause some serious trouble. File theft is the least of your worries once they start hacking the BIOS. Turn off all the chip fans, overclock the chips, overspin the drives, over volt the ram and watch the place start smoking.

I cant believe they didnt pull the plug on their servers. If I were them, I might even contemplate suing the FBI for not letting me unplug them.