Intelligence and security research group Stratfor was hacked Saturday, and a a list of clients, personal information and credit card numbers purloined from its servers.
Having exposed the group's customers, the hackers apparently used the card numbers to make donations to the Red Cross and other charities.
The New York Times' Nicole Perlroth writes that the attack was also likely intended to embarrass Stratfor. She ends with a curious quote from Jerry Irvine, a member of the Department of Homeland Security's cybersecurity task force:
“The scary thing is that no matter what you do, every system has some level of vulnerability,” says Jerry Irvine, a member of the National Cyber Security Task Force. “The more you do from an advanced technical standpoint, the more common things go unnoticed. Getting into a system is really not that difficult.”
Sure, if it's a web server, exposed to the public by design.
But Stratfor didn't just expose a website to the public. It also, apparently, put all this other stuff online, in the clear, for the taking.
It's true that websites are like storefronts, and that it's more or less impossible to stop determined people from blocking or defacing them now and again.
Here, however, it looks like Stratfor left private files in the window display, waiting to be grabbed by the first guy to put a brick through the glass.
Now, I'm not a member of the national IT security planning task force. But I'm pretty sure that putting unencrypted lists of credit card numbers and client details on public-exposed servers isn't quite explained by "no matter what you do, every system has some level of vulnerability."
UPDATE: One Anon claims that the hack was not the work of Anonymous. However, the usual caveats apply: no structure, no official channels, no formal leaders or spokespersons.
Earlier this week, I wrote about the legal threats from Landis and Gyr against the Freedom of Information service Muckrock, which had received documents from the City of Seattle detailing the workings of Landis and Gyr’s smart-meter system, which Seattle has purchased from them at public expense.
If you think that your phone may have been hacked so that your adversaries can watch you through the cameras and listen through the mics, one way to solve the problem is to remove the cameras and microphones, and only use the phone with a headset that you unplug when it’s not in use.
In A2: Analog Malicious Hardware, a paper given at the 2016 IEEE Symposium on Security and Privacy, a group of researchers from the University of Michigan detail a novel, frightening attack on the integrity of microprocessors that uses nearly undetectable tampering, late in the manufacturing process, to allow attackers to trip the “privilege” bit on […]
Every company wants to harness the power of social media, but few understand how to make that happen. Be one of those select few with this Social Media Marketing Course & Certification package, now just $29 in the Boing Boing Store.Over 12 modules of course material, you’ll learn what it takes to increase a brand’s […]
If you’ve got a killer app idea, but don’t have the technical expertise to pull it off, get a crash course in all things app development with the Comprehensive Android Development Bundle, now over 90% off in the Boing Boing Store. Across 83 hours of training, you’ll learn to develop for the world’s most popular mobile OS, mastering […]
Jared Sinclair developed the RSS reader app Unread, which made $10,000 in its first 24 hours on the iOS market. And we’ve all heard the story of Flappy Bird developer Dong Nguyen, whose creation was reportedly earning $50,000 a day at the height of its 2013 explosion. While those are rare examples, they’re also testament to the […]