It took the Tech Herald less than 5 hours to crack the hashes of more than 80,000 passwords, using a readily available cracking tool and a standard computer. It was clear, based on the analysis, that Stratfor had not enforced its password policies on users to ensure they were selecting strong credentials or that it had adequately protected user data on its own systems.
In its own analysis of the leaked data, Identity Finder had estimated that of the 859,311 people affected, 11.8 percent could theoretically have a compromised password because they could be cracked easily. The average password length was 7.2 characters, according to Identity Finder, but the Tech Herald discovered a handful of users had gotten away with selecting a password that was only one character long.
On Jan. 6, several Stratfor subscribers reported receiving an email purporting to be from the organization that was actually a message from the attackers mocking Stratfor. There were also reports of Rick-Rolling messages and malicious attachments.
Also emerging in the first week of January were reports that Fujitsu was testing a “good virus” that had been created at the request of the Japanese government that could track down the source of a cyber-attack and disable any malicious software the attack had launched. Details were sketchy, but there were concerns about automating the process of searching out attackers and destroying the systems. Security experts wondered about the security implications of unauthorized code running on people’s computers.
Security researchers warned about a variant of the Ramnit worm that had stolen more than 45,000 Facebook passwords. The worm tried the stolen passwords against other corporate services and Websites to find instances where the victims had reused passwords. Ramnit also logged into the users’ accounts to spam Facebook friends to keep propagating the worm.
A group of hackers based in India claimed to have gotten their hands on internal Symantec documents and source code from a server belonging to Indian intelligence agencies. Symantec initially dismissed the claims, noting that the excerpt that had been leaked was from a document dating back to 1999. After further investigation, the company confirmed that attackers may have source code to two of its enterprise security products. However, the company claimed that the tools were more than 4 years old and one of the product versions had been discontinued.
“Even if it was up-to-date source code, it may be of limited use to hackers and be used more as a ‘trophy scalp’ for a hacking group intending to generate publicity for its grievances with the Indian authorities,” Graham Cluley, senior technology consultant at Sophos, wrote on the Naked Security blog.
Security experts were more concerned about the fact that Symantec lost its data through no fault of its own, since the code was on a third-party server. “It is not enough to ensure you follow best practices; in an interconnected world, you have to worry about the security of other organizations,” Mike Lloyd, CTO of RedSeal Networks, told eWEEK.
This coming week will be a patch-heavy week, as Microsoft plans seven bulletins for January’s Patch Tuesday update and Adobe will fix a slew of vulnerabilities in Acrobat and Reader. Developers released new versions of OpenSSL in which six vulnerabilities were addressed in the open-source implementation of the Secure Sockets Layer protocol this past week.