UPDATED 14:09 EST / JANUARY 09 2012

NEWS

Christmas Hack of Stratfor Leaves US and UK Intelligence Officials Laundry Flapping in the Wind

When hackers believed to be associated with the hacktivist collective Anonymous raided Texas security think tank Stratfor’s Christmas stockings they also pilfered e-mail addresses and encrypted passwords of numerous international security professionals. A British newspaper took the leaked list to task and analyzed the names cropping up in it and the leak is weirder than first expected.

The total number of stolen records of personal information appears to be in the ballpark of 85,000 and it included a great deal of people—including, according to The Guardian, 221 British military professionals and 242 Nato staff. Alongside them, over 19,000 e-mail addresses belonging to the .mil domain of the US military were also uncovered. That’s not all, information was discovered in the leaked documents that links to people who work in the in the UK Ministry of Defense, US military personnel, the UK parliament, even personal information on former vice-president Dan Quayle and former secretary of state Henry Kissinger.

“Many of the email addresses are not routinely made public,” wrote The Guardian, “and the passwords are all encrypted in code that can quickly be cracked using off-the-shelf software.” At least the passwords were encrypted—but for a security outfit like Stratfor, I would have expected some sort of layered encryption once over the database to make pilfering the contents itself more difficult and then atop the passwords as per usual.

Hopefully all of the security professionals, defense contractors, and intelligence operatives who had e-mail and password information stolen and leaked have done what we always tell everyone to do: change your passwords and don’t use the same password twice in sensitive contexts. After all, this is their chosen domain so chance are good they already know the “wash your hands” of password security.

British officials were quick to point out that indeed UK subscribers to Stratfor follow this particular bit of wisdom when they let the media know that they were aware of the hack and that sensitive communication within their organizations would be different than used for the think tank. However, staffers who didn’t follow this policy in their personal lives would probably be at risk.

A British government spokesman said: “We are aware that subscriber details for the Stratfor website have been published in the public domain. At present, there is no indication of any threat to UK government systems. Advice and guidance on such threats is issued to government departments through the Government Computer Emergency Response Team.”

While it’s obvious that 2011 was the rise of the hactivist with Anonymous, LulzSec, and AntiSec at the helm, the Christmas-hacking of Stratfor shows us that we’re only moving into a new era and not looking at the tail end of one. In the case with Stratfor, the hackers published the leak online for all to see—actors committing foreign espionage would have never brought attention to themselves in such a fashion.

Hopefully 2011 will be the wake-up-call to all security professionals that tighter policies are necessary to retain better compartmentalization in this era of highly integrated communication.


A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU