Stratfor relaunched its website overnight, which included a video from the company's CEO George Friedman thumbing his nose at Anonymous. This morning, the site has been pulled down again.
(Screenshot by Michael Lee/ZDNet Australia)
Stratfor has been at the centre of interest for hacking groups like Anonymous, which broke into the security intelligence company's systems last month and uncovered a treasure trove of personal information, including unencrypted credit card details and about 860,000 passwords.
Although the company restored its website some time in the early hours this morning, by the time most Australians were waking up, the site had been pulled down, replaced with a message from Stratfor stating that it was experiencing a service interruption due to a "high volume of interest in our new website".
This has led several to speculate that the site may be experiencing a distributed denial-of-service (DDoS) attack. While several Anonymous Twitter accounts have already made the "Tango Down!" cry, which is frequently done after a site has been successfully forced offline, it is still unclear whether the outage is due to genuine interest or it is in fact a secondary attack.
ZDNet Australia contacted Stratfor for comment, but the company did not confirm nor deny whether an attack was taking place, stating only that it was "getting overloaded with traffic" and that it was aware of the issue, was working on it and expected improvements soon.
One reason for a possible DDoS attack could be due to Friedman's video and commentary about the data breach in which he criticised the attackers.
"I wonder who the hackers actually are and what cause they serve. I am curious as to whether they realise the whirlwind they are sowing, and whether they, in fact, are trying to generate the repression they say they oppose," Friedman wrote in his commentary.
"We certainly expect to be attacked again, as we were last week when emails were sent out to members from a fake Stratfor address including absurd messages and videos. Our attackers seem peculiarly intent on doing us harm beyond what they have already done. This is a new censorship that doesn't come openly from governments but from people hiding behind masks. Do not think we will be the last or that we have been the first."
Friedman also revealed that Stratfor knew about the breach in early December and had met with the US FBI to assist in an investigation. This claim matches time-stamped emails leaked by Anonymous, which at the time show Stratfor senior programmer Kevin Garry raising suspicions that something wasn't quite right.
According to Friedman, the FBI required Stratfor to remain silent on the matter so as not to compromise the investigation and allegedly had provided credit providers with a list of compromised cards.
But it appears that not all credit providers took action or were informed, with many individuals finding out later that their accounts had been charged after the eventual Christmas Eve leak of information.
While Friedman has agreed with the opinion that the real reason Stratfor was attacked was for its emails and the credit cards were simply secondary to the attack, he said there would be nothing interesting in the company's communications.
"It was our email they were after. Obviously, we were not happy to see our emails taken. God knows what a hundred employees writing endless emails might say that is embarrassing, stupid or subject to misinterpretation. What will not appear is classified intelligence from corporations or governments."
"As they search our emails for signs of a vast conspiracy, they will be disappointed. Of course, we have relationships with people in the US and other governments and obviously we know people in corporations, and that will be discovered in the emails. But that's our job. We are what we said we were: an organisation that generates its revenues through geopolitical analysis. At the core of our business, we objectively acquire, organise, analyse and distribute information."
While Friedman appeared to be unperturbed by the theft of emails, he was more concerned over the loss of other information on Stratfor's servers.
"We were dismayed that emails had been taken. But our shock was at the destruction of our servers. This attack was clearly designed to silence us by destroying our records and the website, unlike most attacks by such groups."
An alleged log of commands used in the attack has appeared in an AntiSec "zine", short for magazine, showing the extent of the hack from the attacker's point of view.
The log shows what hackers did on Stratfor's compromised system, including retrieving the company employees' RSA private keys used to remotely log in, changing user passwords, gaining access to the MySQL database that contained credit card details, mapping out all of Stratfor's internal email addresses and, eventually, completely overwriting the server's file system with zeros.
An excerpt from the AntiSec zine with the attacker's log showing Stratfor's server being "zero'd".
(Screenshot by Michael Lee/ZDNet Australia)