I don't know why it is, of all the things that Anonymous/LulzSec could do to get attention for its highly dubious "cause" (when of maximum eyeballs as people are surfing the Internet on vacation), that they'd attack Stratfor.
Are they such uneducated and naive bunnies that they think Stratfor is like, oh, the Trilateral Commission used to be for conspiracy nutters? (BTW, I used to have an office right across the hall from the Trilateral Commission, can you imagine?! And I was astounded to see that it was a small place, with the usual pathetic spider plants, and sometimes newspapers piling up outside the door as people didn't always come in -- it was that dinky an office.)
Did they think they were striking at some bastion of world strategic security work that would cripple the world's power brokers or something? Do they think -- in their literalist script-kiddie binary way -- that they would actually succeed in embarrassing this company that deals not with Internet security, but global security, if their customers' credit card info got hacked?
So what if Stratfor didn't hash their salt or salt their hash or whatever it is you are "supposed to do" to avoid hacking *for now* until the losers think up some other angle to attack you with.
If they moved a million dollars from credit cards over to charities, so what? George A. Normal out there in Wisconsin, some retired security officer, will simply move the $180 back stolen from him by calling the credit card company. No, George A. Normal will not be embarassed into leaving the donation with the Red Cross or Save the Children because he can't live on his social security and needs prescription medicine, so he will ask for it back. No mission accomplished. With that many transactions, the credit card companies will be able to help in catching the perpetrators even if they are "careful" and use proxies -- they will slip up and will be caught. Good! Thank you. They've maximized the surface level for being handily caught that way.
As for the list of customers, why would that be embarrassing or important? I'm truly not getting that. So the Pentagon or the State Department or the Miami Police or Bill Clinton gets security reports. This is like subscribing to the Wall Street Journal. It's a news and analysis service. Truly, so what?
Yeah, we all get it that Stratfor incites derision and snark, of the sort Registan.net specializes in, for example.
Herr derr! So what? They put out volumes of stuff, some of its wrong, but it's useful and some of its right. I can tell by the really smart people I know who sometimes forward me something from the free service, which I already get, which they found interesting.
And even when it's wrong, it's one version of the narrative, and you need to gather lots of versions of the narrative in a region to try to triangulate the story. It tells you what the establishment is thinking here or there, or the best level of intelligence that former CIA agents working in Austin, Texas can get on a situation, which can sometimes be laughably little or laughable wrong. Again, so what? It's a free market. Don't like their service? Try another one. The Anonymous hacksters themselves will go into the risk analysis business when they get a little older and realize they need jobs, there's money to be made in risk analysis, and that actually stealing from people's credit cards will bring that party van a little faster to Mom's Basement.
Interesting, too, how, with this action, LulzSec -- which is more aggressive and greedy than garden-variety Anonymous (think "Occupy Wall Street" versus "Moveon.org") -- has lost a certain ethos, if you will, of the whole Anonymous shtick. LulzSec has slipped badly. As much as these goons hacked and slashed at all these sites over the years, they prided themselves on claiming that they never stole people's credit card information in order to steal from them, they were just, um, helping with the security, you know? Showing up that absymal lack of hashing and salting. That was important to establish their credentials as, um, selfless fighters for, uh, the lolz.
If they think this is Robin Hood stuff, taking from George A. Normal and giving to...the mega-charities in America, they really are naive bunnies. They should take a closer look at some of those charities, what the CEOs get, how much their fund-raising costs are as a percentage of their budget, and how much direct giving they do and what impact they have.
And what is all of this for again, this week of hacking? In support of Bradley Manning. I'm not seeing any direct connection between WikiLeaks/Bradley Manning and Stratfor, but maybe the name fools them, they think "wow, a big fat security firm with big fat security clients and we can make them look really stupid by haxoring their unhashed salt-free credit card info and impress everybody with our mad skillz!" Yawn.
Stratfor will recover, and go on doing what it does, and likely not lose customers, because the credit card companies will reverse the charges and issue new cards, Stratfor will batten down its hatches better, and will go on producing that strange medley of grounded insight and the analysis equivalent of the back of the cereal box that it produces.
Meanwhile, the more criminalized the script kiddies become, the more imperative it is to stop them and catch them. Fortunately, as they become more greedy for power and influence and more criminalized, it becomes a bit easier to catch them if you just keep your head on straight.
BTW, Stratfor, welcome to having essentially a vandalized Wikipedia entry, as now the short entry about you on Wikipedia contains information about "Operation Anti-Sec" as if that is the most important thing in your biography and profile -- just like my Wikipedia entry is itself an act of vandalism (made to somehow deliberately expose my privacy -- silly idea -- and make it seem as if the harassment of me by a group of Anonymous hackers in Second Life, some based in Woodbury University, were the most important part of my life LOL.)
Oh, and I see Forbes has fallen for this same glib geeky gotcha-stuff of LulzSec itself, thinking that not hashing and salting is somehow "embarrassing" especially for a security company.
It's not. Because when you hack credit cards, it is easy to fix the problem -- credit cards are hacked often, and the companies fix them quickly. You don't accomplish a theft because the charges are reversed. And then the company hashes, salts, does whatever and -- what did you accomplish? By Anon's own claimed "do-gooding" thieves' law, this is a "service" because now the victim is "made stronger".
Secondly, if Stratfor were a company specializing in *Internet* security, and not *global security* -- i.e. of organic countries, you know? -- having their "goods in the store window" displayed like this *might* be embarrassing, but ultimately, let's not take the focus off the criminals here, shall we? You know, the people who did the hacking. They're what's wrong here, not whatever geek service Stratfor used to store its files.
Of course, it's good for Stratfor to think about how Internet security and organic global security are getting uncomfortably intertwined, but that's ok, it's good for them to have their own experience. Two weeks ago if I wrote them and told them that anarchic web vandals and hackers were really the greatest threat to the world, more than terrorists because they affect more people and shift mindsets in crowds more easily and effectively, they would never believe me. Now maybe they will. Good!
And once again, all those good people taking the thugs at Anonymous on board their social movement in the belief that it's great to have storm-troopers to help out your, um, civil disobedience (like Occupy Wall Street), perhaps this mass theft from credit cards will make people think twice.
Recent Comments