Stratfor hacked; clients and credit card numbers exposed

Discuss

27 Responses to “Stratfor hacked; clients and credit card numbers exposed”

  1. I wonder whether this is a case of, “The cobbler’s children have no shoes,” or whether it truly reflects the level of technical competence at Stratfor.

  2. dazzlepod says:

    STRATFOR customer checklist: http://dazzlepod.com/stratfor/ – Only the A’s and B’s for now. More may be released by them later.

  3. SedanChair says:

    Sleep with dogs, wake up with fleas. 

    Or, in this case, traffic with government agencies, wake up with their security habits.

  4. Schizno says:

    With security minded nabobs like this in charge of “cyber” security and security think tanks, it’s no wonder the Chinese know what I ate for breakfast.

  5. Kommkast says:

    Anon put out a “press release” saying they had nothing to do with it… soo.. :x

    http://pastebin.com/8yrwyNkt  <-Press release

    • That_Anonymous_Coward says:

      I trusts that release as much as I trust Sony saying they have a text file that proves it was all Anonymous all along owning their systems and their entire lapse in judgement and security can be blamed on the text Expect Us.

      Well that and its to well written, and extolls the virtues of the company always being right…

      One just needs to see what else might show up for #LulzXmas to decide who is being truthful.

    • Diogenes says:

      Isn’t Anonymous a leaderless loose mix of hackers who act in concert only when they feel like it?  How can anyone speak for them? 
       
      Personally, I think whoever hacked Stratfor performed a public service in exposing an insecure company, not to be trusted with your personal details or credit card numbers.

      • HahTse says:

        Yes.

        But as far as I can see it, most anons don’t like to “play” with credit card information.

        It IS a good troll, though. So it might still be possible.

  6. alephxero says:

    I think the “gee whiz, whaddyagonna do?” kind of response that sounds so inappropriate here is kind of the default response for this sort of attack. I mean, if you’re talking to a reporter, especially in a paper as widely read as the NYT, what would you rather put out there? That you fucked up and left your data wide open to attack, or “we tried, but hackers will break in no matter what so it isn’t our fault at all”?

    It’s just like a politician…they won’t give a correct, nuanced response if it might make them look even the tiniest bit bad, so everything is ludicrously over-the-top.

  7. eyeruh says:

    I’m not sure that it’s accurate to describe Stratfor as a security research group.  I haven’t checked out their site in a while but in the past they’ve been almost entirely focused on analysis of international events–not security/technology.

    • Alex Young says:

      Stratfor does security in the “national” sense, rather than “technical”.

    • kmckee7 says:

      This is correct. But as a merchant accepting payment cards, Stratfor should have known better than to store unencrypted card numbers — it’s a violation of the most basic PCI DSS requirements, and they’re going to catch hell from their acquiring bank. Why wasn’t Stratfor outsourcing this to a payment gateway? They can’t be doing that high a volume of card transactions per annum.

      • eyeruh says:

        Sure, no argument from me.  All I was trying to point it is that it’s misleading to think they were tech security consultants, etc. 

  8. Anonymous is getting like Al Qaida inasmuchas one doesn’t quite know which part is state-sponsored and what part isn’t.

    Is releasing Stratfor customers’ credit card details within the ethos of earlier Anonymous operations? I don’t believe so.

    Anonymity in such matters presents a conundrum: Cult of the anti-personality – v – letting in the agent provocateurs sponsored by corporations and corrupt government.

    One “Anonymous” clone on Twitter has been tweeting about porn they have been appreciating recently. That certainly sounds like a psy-op.

  9. Baldhead says:

    Anonymous being, well, anonymous makes for a group that will naturally become unfocused about what it’s actually doing rather quickly. Easy bet that there’s splinter groups already, and I should have little doubt that some of them still call themselves “Anonymous”

  10. davevontexas says:

    @Diogenes:twitter  In their defense, Stratfor wasn’t exactly a “computer/network security” company; they were a strategy forecasting company. They got hired to read tea leaves for governments and companies. 
    I’m pretty curious to know what the hell they did to piss off anon_finland that much. Their twitter feed said that the “incriminating evidence” is in an article on the Barron’s website, but it’s behind a paywall, and I haven’t gotten around to getting the article yet. 

  11. Xof says:

    Of course, all those non-profits to whom anon (or whoever) so generously donated are going to be hit by a string of chargebacks, each one of which might also carry at $25+ fee (depending on their merchant bank). In extreme cases, it might screw up the non-profit’s ability to accept credit cards. What a lovely Christmas present to give them!

  12. sgtdoom says:

    “The scary thing is that  ….. Jerry Irvine is in charge of Cyber Security, what a colossally effing idiot!  Is Irvine related to Friedman, by any chance?

    And is George Friedman, the CEO of that douchebagging operation, Stratfor, employer or more low-IQ types than any other douchebagger outfit, related to Thomas Friedman, douchebagger extraordinaire?  Or Jaclyn Friedman, anti-Wikileaks whiner and trashy girl for the (Rockefeller/Kissinger/Perle) Perseus LLC/Perseus Books?  Or Stephen Friedman (Goldman Sachs, Marsh & Mclennan during 9/11/01 attacks, and a government intel board member on every board over the past 20 years), and had to resign as chair of the NY Fed Reserve due to insider trading, ‘natch?

    From that client list, amost every Rockefeller company (AT&T, JPMorgan Chase, Exxon, etc., were on the list) — and I especially enjoyed Frist Capital, LLC — isn’t that Bill Frist’s private equity leveraged buyout pirate group?

  13. Teller says:

    Security lapse. Right. This is just nerds making ideological attacks.

  14. GeorgeMokray says:

    Having recently read _ Next Decade:  Where We’ve Been… and Where We’re Going_ by George Friedman, Stratfor doesn’t need hackers to embarrass themselves.  Friedman,  “the founder, chief intelligence officer, financial overseer, and CEO,” does fine all on his own.

Leave a Reply