If you’re in the security community (or even if you’re not), I’m sure you’ve heard of it. If not, well I hope you enjoyed your Christmas and New Year vacations under that big rock in some unknown cave.
So, remember the 2011 back-to-back incident at SONY? Well, that was stupidity. You’d think other companies and institutions will learn from their mistake and learn to encrypt their data. Just recently, 200GB of data were stolen from Stratfor with little to no encryption. And make no mistake, they have used the stolen data conduct trasactions (or donations) online. This recent event is just downright alarming.
In case you are not familiar with the intelligence community, Strategic Forecasting, Inc. (STRATFOR) is a global intelligence company based in Texas that provides analysis of national and international affairs. It was known for its secrecy, especially its confidential client list.
Last 24th of December, Stratfor fell victim to a high-profile case of cyber-theft. Stratfor took its website off-line and confirmed the attack on its Facebook page.
It was reported that operation AntiSec of Anonymous claimed responsibility for the attack. However, in an Emergency Christmas Anonymous Press Release, it said that “Hackers claiming to be Anonymous have distorted this truth in order to further their hidden agenda, and some Anons have taken the bait.” And that, “Anonymous does not attack media sources. […]As a media source, Stratfor’s work is protected by the freedom of press, a principle which Anonymous values greatly.”
AntiSec said it targeted Stratfor in part because it had poor network security. Also in 2011, hacking group LulzSec gained attention for successfully hacking into parts of websites owned by Sony Pictures, the CIA and the U.S. Senate.
I hope you at least considered my advice on how to protect your privacy. And while identity theft is the most apparent issue raised by these attacks, it is by no means the only one. All our online interactions and transactions depends highly on trust: their trust in our identity, and our trust in the company or institution and trust in their system to protect our data. And to maintain that trust is the foundation of the internet as we know it today.
Ronal Regan once said, “Information is the oxygen of the modern age. It seeps through the walls topped by barbed wire, it wafts across the electrified borders.” This is the information age and to control and safeguard the activity on information infrastructures must be on top of our priorities.
The nature of these attacks underscores the need for robust security audits at institutions and corporations of all sizes. And since I can’t say this enough: this will happen again. Maybe not to Stratfor, but it will. It is not just ironic that this major security breach happened to a leading security think tank. It is inexcusable.