Stratfor admits stolen credit cards were unencrypted

Powered by SC Magazine
 

But CEO says "the attempt to silence us failed".

Stratfor relaunched its website last night with its founder George Friedman acknowledging its security failures but remaining resilient.

In a lengthy statement, Friedman said credit card files had not been encrypted and the FBI advised stolen data would likely be published.

He said this was "a failure on our part" and that he deeply regretted it.

“The failure originated in the rapid growth of the company. As it grew, the management team and administrative processes didn't grow with it. Again, I regret that this occurred and want to assure everyone that Stratfor is taking aggressive steps to deal with the problem and ensure that it doesn't happen again,” he said.

“I was prepared for the revelation of the theft and the inevitable criticism and negative publicity. We worked to improve our security infrastructure within the confines of time and the desire to protect the investigation by not letting the attackers know that we knew of their intrusion."

"With the credit card information stolen, I assumed that the worst was done. I was wrong” he said.

This related to the second hacking on Christmas Eve, where attackers "published a triumphant note on our homepage saying that credit card information had been stolen, that a large amount of email had been taken, and that four of our servers had been effectively destroyed along with data and backups".

Friedman said he was most shocked about the destruction of servers adding that "this attack was clearly designed to silence us by destroying our records and the website, unlike most attacks by such groups".

He described the attack on the organisation's digital existence as "a different order of magnitude".

Friedman said that with archives set to be restored, email working again and failures "being rectified", the attempt to silence Stratfor failed.

“We deliberately shut down while we brought in outside consultants to rebuild our system from the ground up. The work isn't finished yet, but we can start delivering our analyses. The handling of credit cards is being handed to a third party with appropriate capability to protect privacy,” he said.

“We are fortunate that we have the financial resources and staff commitment to survive the attack. Others might not. We are now in a world in which anonymous judges, jurors and executioners can silence whom they want. Take a look at the list of organisations attacked. If the crushing attack on Stratfor is the new model, we will not be the last. No security system is without flaws even if it is much better than Stratfor's was.”

He concluded by saying that he expects Stratfor to be attacked again, as it was when emails were sent out to members from a fake Stratfor address, but it will continue to publish analysis and sell it to those who believe it has value.

He said: “To our subscribers who have expressed such strong support, we express our deepest gratitude. To our critics, we assure you that nothing you have said about us represents a fraction of what we have said about ourselves.

“To all, I dedicate myself to denying our attackers the prize they wanted. We are returning to the work we love, dedicated to correcting our mistakes and becoming better than ever in analysing and forecasting how the world works.”

This article originally appeared at scmagazineuk.com

Copyright © SC Magazine, UK edition


Stratfor admits stolen credit cards were unencrypted
 
 
 
Top Stories
Meet FABACUS, Westpac's first computer
GE225 operators celebrate gold anniversary.
 
NSW Govt gets ready to throw out the floppy disks
[Opinion] Dominic Perrottet says its time for government to catch up.
 
iiNet facing new copyright battle with Hollywood
Fighting to protect customer details.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  26%
 
Sourcing and strategy
  12%
 
IT infrastructure (servers, storage, networking)
  22%
 
End user computing (desktops, mobiles, apps)
  15%
 
Software development
  26%
TOTAL VOTES: 333

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  57%
 
No
  43%
TOTAL VOTES: 138

Vote