Stratfor admits stolen credit cards were unencrypted

Powered by SC Magazine

But CEO says "the attempt to silence us failed".

Stratfor relaunched its website last night with its founder George Friedman acknowledging its security failures but remaining resilient.

In a lengthy statement, Friedman said credit card files had not been encrypted and the FBI advised stolen data would likely be published.

He said this was "a failure on our part" and that he deeply regretted it.

“The failure originated in the rapid growth of the company. As it grew, the management team and administrative processes didn't grow with it. Again, I regret that this occurred and want to assure everyone that Stratfor is taking aggressive steps to deal with the problem and ensure that it doesn't happen again,” he said.

“I was prepared for the revelation of the theft and the inevitable criticism and negative publicity. We worked to improve our security infrastructure within the confines of time and the desire to protect the investigation by not letting the attackers know that we knew of their intrusion."

"With the credit card information stolen, I assumed that the worst was done. I was wrong” he said.

This related to the second hacking on Christmas Eve, where attackers "published a triumphant note on our homepage saying that credit card information had been stolen, that a large amount of email had been taken, and that four of our servers had been effectively destroyed along with data and backups".

Friedman said he was most shocked about the destruction of servers adding that "this attack was clearly designed to silence us by destroying our records and the website, unlike most attacks by such groups".

He described the attack on the organisation's digital existence as "a different order of magnitude".

Friedman said that with archives set to be restored, email working again and failures "being rectified", the attempt to silence Stratfor failed.

“We deliberately shut down while we brought in outside consultants to rebuild our system from the ground up. The work isn't finished yet, but we can start delivering our analyses. The handling of credit cards is being handed to a third party with appropriate capability to protect privacy,” he said.

“We are fortunate that we have the financial resources and staff commitment to survive the attack. Others might not. We are now in a world in which anonymous judges, jurors and executioners can silence whom they want. Take a look at the list of organisations attacked. If the crushing attack on Stratfor is the new model, we will not be the last. No security system is without flaws even if it is much better than Stratfor's was.”

He concluded by saying that he expects Stratfor to be attacked again, as it was when emails were sent out to members from a fake Stratfor address, but it will continue to publish analysis and sell it to those who believe it has value.

He said: “To our subscribers who have expressed such strong support, we express our deepest gratitude. To our critics, we assure you that nothing you have said about us represents a fraction of what we have said about ourselves.

“To all, I dedicate myself to denying our attackers the prize they wanted. We are returning to the work we love, dedicated to correcting our mistakes and becoming better than ever in analysing and forecasting how the world works.”

This article originally appeared at

Copyright © SC Magazine, UK edition

Stratfor admits stolen credit cards were unencrypted
Top Stories
Myer CIO named retailer's new chief executive
Richard Umbers to lead data-driven retail strategy.
Empty terminals and mountains of data
Qantas CIO Luc Hennekens says no-one is safe from digital disruption.
BoQ takes $10m hit on Salesforce CRM
Regulatory hurdles end cloud pilot.
Sign up to receive iTnews email bulletins
Latest Comments
Who do you trust most to protect your private data?

   |   View results
Your bank
Your insurance company
A technology company (Google, Facebook et al)
Your telco, ISP or utility
A retailer (Coles, Woolworths et al)
A Federal Government agency (ATO, Centrelink etc)
An Australian law enforcement agency (AFP, ASIO et al)
A State Government agency (Health dept, etc)

Do you support the abolition of the Office of the Information Commissioner?

   |   View results
I support shutting down the OAIC.
I DON'T support shutting the OAIC.