Stratfor is officially back online, although its offer of free access seems to have overburdened its servers. In an email, Stratfor CEO criticized the attackers for targeting them.
also known as Strategic Forecasting, is finally back online after a
cyber-attack shut down the site last month.
relaunched its newly designed site on Jan. 11, 18 days after a group of
individuals claiming to be affiliated with the hacktivist collective Anonymous
struck its servers on Dec. 24. The attackers breached Stratfor's servers and
stole information related to its subscribers and also defaced the site. The
data, including 75,000 credit card numbers and 860,000 usernames and passwords,
were dumped online. Nearly 50,000 of those addresses had a .mil or .gov domain.
after the incident, Stratfor said it was going to delay relaunching the site to
bring in a team of consultants and experts to address the underlying security
issues and secure the environment. It decided to move all credit card
management activities to a third-party company to better protect that type of
was our failure," George Friedman, CEO of Stratfor, said in a message to
subscribers, as reported by
The Hacker News
. "I take responsibility. I deeply regret that this
occurred and created hardship for our customers and friends."
also revealed that the company had been targeted multiple times and had known
for some time about the credit card theft. Friedman was first alerted to the
theft in early December, weeks before the attackers publicized the incident on
Twitter and Pastebin, he said. He said he didn't disclose the breach
immediately because the FBI said there was an ongoing investigation and asked
felt bound to protect our customers, who quickly had to be informed about the
compromise of their privacy. I also felt bound to protect the
investigation," Friedman said. The FBI had informed credit card companies
of the breach and had provided a list of compromised cards, so "our
customers were therefore protected," he said, adding, "We were not
compelled to undermine the investigation."
had failed to encrypt credit card data in its database, storing it in
cleartext. Analysis of the passwords that had been stolen and dumped revealed
some lax security practices, such as not enforcing its own password rules on
users when they were creating passwords.
theft of emails, Website defacement and destruction of four servers occurred on
Christmas Eve as a separate attack, according to Friedman. "This attack
was clearly designed to silence us by destroying our records and the
website," he wrote.
Friedman criticized some of the misperceptions that emerged after the attack
about what Stratfor does and does not do. There was no distinction made between
subscribers, individuals and organizations who purchase publications and
clients, who may request customized work, creating the impression that Stratfor
received classified intelligence from corporate and government
"clients," Friedman said.
were no longer an organization that analyzed the world for the interested
public, but rather a group of incompetents, and conversely, the hub of a global
conspiracy," Friedman said. He said news reports focused on the
"incompetents" part while the hacking community focused on the
"global conspiracy" part.
culprits behind the attack had justified their actions by claiming that
Stratfor received classified data from governments. "At the core of our
business, we objectively acquire, organize, analyze and distribute
information," Friedman countered.
is interesting that the hacker community is split, with someone claiming to
speak for the official Anonymous condemning the hack as an attack on the media,
which they don't sanction and another faction defending it as an attack on the
rich and powerful," Friedman wrote.
the relaunch, Stratfor decided to make the site free to all visitors for a
that seems to have backfired as the Website has been down for most of the day.
to the high volume of interest in our new website, we are currently encountering
a service interruption. We are working with outside experts to increase our
capacity to handle the increased traffic to the new website," according to
a message posted at Stratfor.com.