Stratfor downed again after brief relaunch

Stratfor downed again after brief relaunch

Summary: Stratfor relaunched its website overnight, which included a video from the company's CEO George Friedman thumbing his nose at Anonymous. This morning, the site has been pulled down again.

TOPICS: Security

Stratfor relaunched its website overnight, which included a video from the company's CEO George Friedman thumbing his nose at Anonymous. This morning, the site has been pulled down again.

(Screenshot by Michael Lee/ZDNet Australia)

Stratfor has been at the centre of interest for hacking groups like Anonymous, which broke into the security intelligence company's systems last month and uncovered a treasure trove of personal information, including unencrypted credit card details and about 860,000 passwords.

Although the company restored its website some time in the early hours this morning, by the time most Australians were waking up, the site had been pulled down, replaced with a message from Stratfor stating that it was experiencing a service interruption due to a "high volume of interest in our new website".

This has led several to speculate that the site may be experiencing a distributed denial-of-service (DDoS) attack. While several Anonymous Twitter accounts have already made the "Tango Down!" cry, which is frequently done after a site has been successfully forced offline, it is still unclear whether the outage is due to genuine interest or it is in fact a secondary attack.

ZDNet Australia contacted Stratfor for comment, but the company did not confirm nor deny whether an attack was taking place, stating only that it was "getting overloaded with traffic" and that it was aware of the issue, was working on it and expected improvements soon.

One reason for a possible DDoS attack could be due to Friedman's video and commentary about the data breach in which he criticised the attackers.

"I wonder who the hackers actually are and what cause they serve. I am curious as to whether they realise the whirlwind they are sowing, and whether they, in fact, are trying to generate the repression they say they oppose," Friedman wrote in his commentary.

"We certainly expect to be attacked again, as we were last week when emails were sent out to members from a fake Stratfor address including absurd messages and videos. Our attackers seem peculiarly intent on doing us harm beyond what they have already done. This is a new censorship that doesn't come openly from governments but from people hiding behind masks. Do not think we will be the last or that we have been the first."

Friedman also revealed that Stratfor knew about the breach in early December and had met with the US FBI to assist in an investigation. This claim matches time-stamped emails leaked by Anonymous, which at the time show Stratfor senior programmer Kevin Garry raising suspicions that something wasn't quite right.

According to Friedman, the FBI required Stratfor to remain silent on the matter so as not to compromise the investigation and allegedly had provided credit providers with a list of compromised cards.

But it appears that not all credit providers took action or were informed, with many individuals finding out later that their accounts had been charged after the eventual Christmas Eve leak of information.

While Friedman has agreed with the opinion that the real reason Stratfor was attacked was for its emails and the credit cards were simply secondary to the attack, he said there would be nothing interesting in the company's communications.

"It was our email they were after. Obviously, we were not happy to see our emails taken. God knows what a hundred employees writing endless emails might say that is embarrassing, stupid or subject to misinterpretation. What will not appear is classified intelligence from corporations or governments."

"As they search our emails for signs of a vast conspiracy, they will be disappointed. Of course, we have relationships with people in the US and other governments and obviously we know people in corporations, and that will be discovered in the emails. But that's our job. We are what we said we were: an organisation that generates its revenues through geopolitical analysis. At the core of our business, we objectively acquire, organise, analyse and distribute information."

While Friedman appeared to be unperturbed by the theft of emails, he was more concerned over the loss of other information on Stratfor's servers.

"We were dismayed that emails had been taken. But our shock was at the destruction of our servers. This attack was clearly designed to silence us by destroying our records and the website, unlike most attacks by such groups."

An alleged log of commands used in the attack has appeared in an AntiSec "zine", short for magazine, showing the extent of the hack from the attacker's point of view.

The log shows what hackers did on Stratfor's compromised system, including retrieving the company employees' RSA private keys used to remotely log in, changing user passwords, gaining access to the MySQL database that contained credit card details, mapping out all of Stratfor's internal email addresses and, eventually, completely overwriting the server's file system with zeros.

An excerpt from the AntiSec zine with the attacker's log showing Stratfor's server being "zero'd".
(Screenshot by Michael Lee/ZDNet Australia)

Topic: Security

Michael Lee

About Michael Lee

A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Why is everyone so interested in discussing what "Anonymous" supposedly did to Stratfor. They're just an information service for hire, or for free if you don't want much info. Instead, why don't we discuss what should be happening to the gutless members of Anonymous. In fact, let's cut to the chase entirely. "Anonymous" is, jointly and severally, a bunch of gutless **** They're just over achieving tech heads who have a bit of knowledge about circumventing digital security measures, and want to show off like ten year olds. Some of them probably are 10 year olds. They're also thieves. Traitors to their respective nation - either in intent, or fact, or both. Egotistical ponces. What else can one say about a rag tag non-group of fools whose perception of their own value to society is so far out of sync with reality. Some of them are definitely criminals, and the rest are by association. If the work they claim to be doing is so wonderful for society in general and, by definition, for the rest of us as individuals then why did they steal our personal details and our money. If their cause is so noble, why do they hide from view rather than step forward and let us see who our crusaders are.
    There are people around the world who are fighting and dying for the causes they believe in - all the casualties in the Middle East during the Arab Spring are a testament to their courage and commitment to the point of death for a cause that they believe(d) in. Where are Anonymous - out in the streets getting shot at ? Lying in hospitals or morgues having fallen during the struggle for what they totally believed in ? No. Not at all. They're skulking lilke rats and vermin in dark corners, afraid of being seen or recognised, hiding behind proxy servers and relays and masks ans voice distorters.
    George Friedman is too kind and forgiving. In his position, I'd think about raising a fighting fund, put a bounty on the heads of those involved and then contact MOSSAD, the remnants of the KGB and MI6, plus a few independent contractors, and offer $1M for each Anonymous member who turns up face down in the river.
    Harsh ? I don't think so. These arse holes are childish, swollen headed sociopaths with a dress up for secrecy fetish, who haven't out grown their child hood spy game fantasies. There should, and indeed must be consequences for what they have done, and no doubt will do again. Or do we have to wait until they do some real damage, like seriously compromise our way of life by hacking and destroying Govt servers, or posting our children's contact details on the net because they were able to hack facebook or twitter, or something else of that ilk ?
    The internet is now a critical tool in life and business. Its security is an over-arching imperative. Pricks like Anonymous are destroying something great, and the most brutal international efforts should be engaged upon in order to bring them to account. They are a decentralised quasi political group, akin to a dissociated network of terrorist cells, and they are engaged in a war with existing societal government. Let us treat them as such, and hunt them as we would hunt down agents of espionage. Let the penalties, when caught, reflect the espionage and anarchistic nature of their activities. And let the peoples' redress of their crimes be permanent, allowing no opportunity for recurrence.
  • Sir (or madam), you have expressed the reality of this horrendous crime better than I could. I couldn't agree more with your assessment, and I share your feelings about the criminals. On the other hand, let this not be an opportunity for the repressive hand of government to get involved. 911 for example had far reaching implications in terms of government repression. Let us not hand the trophy of victory to those who commited the act, but remember to keep a sense of proportion in holding our sacred liberties dear.