Intelligence and security research group Stratfor was hacked Saturday, and a a list of clients, personal information and credit card numbers purloined from its servers.
Having exposed the group's customers, the hackers apparently used the card numbers to make donations to the Red Cross and other charities.
The New York Times' Nicole Perlroth writes that the attack was also likely intended to embarrass Stratfor. She ends with a curious quote from Jerry Irvine, a member of the Department of Homeland Security's cybersecurity task force:
“The scary thing is that no matter what you do, every system has some level of vulnerability,” says Jerry Irvine, a member of the National Cyber Security Task Force. “The more you do from an advanced technical standpoint, the more common things go unnoticed. Getting into a system is really not that difficult.”
Sure, if it's a web server, exposed to the public by design.
But Stratfor didn't just expose a website to the public. It also, apparently, put all this other stuff online, in the clear, for the taking.
It's true that websites are like storefronts, and that it's more or less impossible to stop determined people from blocking or defacing them now and again.
Here, however, it looks like Stratfor left private files in the window display, waiting to be grabbed by the first guy to put a brick through the glass.
Now, I'm not a member of the national IT security planning task force. But I'm pretty sure that putting unencrypted lists of credit card numbers and client details on public-exposed servers isn't quite explained by "no matter what you do, every system has some level of vulnerability."
UPDATE: One Anon claims that the hack was not the work of Anonymous. However, the usual caveats apply: no structure, no official channels, no formal leaders or spokespersons.
The Electronic Frontier Foundation has just filed a lawsuit that challenges the Constitutionality of Section 1201 of the DMCA, the “Digital Rights Management” provision of the law, a notoriously overbroad law that bans activities that bypass or weaken copyright access-control systems, including reconfiguring software-enabled devices (making sure your IoT light-socket will accept third-party lightbulbs; tapping […]
Exiled NSA whistleblower Edward Snowden and legendary hardware hacker Andrew bunnie” Huang have published a paper detailing their new “introspection engine” for the Iphone, an external hardware case that clips over the phone and probes its internal components with a miniature oscilloscope that reads all the radio traffic in and out of the device to […]
The baseband firmware in your phone is the outermost layer of software, the “bare metal” code that has to be implicitly trusted by the phone’s operating system and apps to work; a flaw in that firmware means that attackers can do scary things to your hone that the phone itself can’t detect or defend against.
3D printers are hot, but they’re also pricey. While the prospect of cranking out everything we can dream up is enticing, cost is often one factor that keeps us from jumping onto the 3D printing train.Now, thanks to M3D, that doesn’t have to be the case. You can now get its flagship 3D printer–plus four reels of filaments–for just […]
It’s no secret that technology is changing the way we all work—but it’s also transforming the way we play. The games of today look nothing like those of 10 or even 20 years ago: these days it’s all about mobile and 3D. And now you can learn to design 3D mobile games with the Intro to Unity 3D Game […]
Earbuds are fine for casual listening while you work out or run errands. But when you really want to experience music as it was intended, nothing beats a serious set of noise-canceling, soundscape-enhancing headphones.The REMXD On-Ear Bluetooth Headphones offer high-quality sound with complete wireless connectivity — and at just $35.99, this rechargeable set won’t even cut into […]