Author Topic: Inside the Stratfor Attack  (Read 2392 times)

0 Members and 1 Guest are viewing this topic.

Offline mayya

  • Administrator
  • *****
  • Posts: 7874
Inside the Stratfor Attack
« on: April 24, 2014, 22:11:20 PM »
Inside the Stratfor Attack

 MARCH 12, 2012, 6:44 PM 

1:58 p.m. | Updated 

Adding clarification from the F.B.I. regarding how much of Stratfor’s data it was able to salvage.
Last December, a group of hackers quietly orchestrated an attack on Stratfor Global Intelligence Service, a company based in Austin, Tex., that analyzes geopolitical risk and publishes a newsletter for various clients, among them the Departments of Homeland Security and Defense. The hackers breached the company’s network and, once inside, confided in their fellow hacker, Hector Xavier Monsegur, and, as it turns out, the Federal Bureau of Investigation.

Six months earlier, in June, the F.B.I. had arrested Mr. Monsegur and turned him into an informant. With his help, four hackers in Britain and Ireland were charged last Tuesday with computer crimes; a fifth man was arrested Monday in Chicago. Using the information he passed along, F.B.I. officials said it was able to thwart attacks on roughly 300 private companies and government agencies.

But with Stratfor, they were not so lucky.

Conspiracy theorists across the Internet surmise that federal agents sat back and let the Stratfor attack occur to collect evidence, or perhaps net a juicier target — say, Julian Assange, the founder of WikiLeaks, which later released the five million internal e-mails that hackers obtained in the Stratfor hack.

“That’s patently false,” said one F.B.I. official, who would speak only on anonymity because the investigation was continuing. “We would not have let this attack happen for the purpose of collecting more evidence.”
F.B.I. officials said they learned of the Stratfor breach on Dec. 6, after hackers had already infiltrated the company’s network and were knee-deep in Stratfor’s confidential files. On that date, F.B.I. officials said, Jeremy Hammond, suspected as the attack’s ringleader, informed Mr. Monsegur he had found a way into Stratfor’s network and was already working to decrypt its data.

The F.B.I. said that it immediately notified Stratfor, but said that at that point it was too late. Over the next several weeks, hackers rummaged through Stratfor’s financial information, e-mail correspondence and subscribers’ personal and financial information, occasionally deleting its most valuable data — all in full view of  F.B.I. agents.
In addition to monitoring hackers’ chat logs, the F.B.I. managed, with Mr. Monsegur’s help, to persuade Mr. Hammond and Stratfor’s other attackers to use one of the agency’s own computers to store data stolen from Stratfor. The hackers complied and transferred “multiple gigabytes of confidential data,” including 60,000 credit card numbers, records for 860,000 Stratfor clients, employees’ e-mails and financial data, to the F.B.I.’s computers, according to the complaint against Mr. Hammond.

In an interview, F.B.I. officials clarified that they were able to salvage the Stratfor data that hackers transferred to its servers. Officials said this included some, but not all, of Stratfor’s data. As for why the F.B.I. was not able to stop hackers from siphoning five million Stratfor e-mails to Wikileaks later on, the F.B.I. said hackers had also stored data on their own servers.

The F.B.I. said it told Stratfor to delay notifying customers while it completed its investigation — a demand that later made Stratfor the target of a class-action lawsuit from subscribers who complained the company did not inform them of the breach until it was too late. Stratfor had little choice but to go public with the breach on Dec. 24, when hackers defaced its Web site and began posting receipts online for donations they had made with customers’ stolen credit card information.

Over the following days, hackers released credit card details for thousands of Stratfor clients, made at least $700,000 in fraudulent purchases using their credit cards, and exploited their e-mail addresses for malware attacks. Stratfor was forced to stop charging for subscriptions to its newsletter — its principal source of revenue. All told, Stratfor estimates the breach cost it $2 million in damages and lost revenue, according to the complaint.

And that’s just the financial cost. Two weeks ago, the company suffered further embarrassment when, three months after the breach, hackers funneled its internal e-mails to WikiLeaks, for widespread publication.

Conspiracy theorists wonder why, with ample evidence, the F.B.I. waited three months to arrest Mr. Hammond after the Stratfor breach. Some suggest that the F.B.I. purposely waited to net a bigger fish: Mr. Assange.

But F.B.I. officials said it simply took that long to collect the evidence to support their case. Cybercrime investigators and former federal prosecutors say that this makes sense, and that the time frame between Stratfor’s attack and subsequent arrests is not unusual.

“It’s not surprising it would take them that long to make arrests,” said Mark Seiden, a cybercrime investigator. “They have to collect evidence, and the paperwork takes between three and six months. If you don’t know exactly how hackers attacked a site, it’s difficult to bring them to justice. There’s no point in picking an unripe fruit.”
That news might disappoint the conspiracy theorists, but not nearly as much as it does Stratfor and its subscribers, whose personal and financial information was compromised as a result of the attack.

“It’s extremely frustrating,” said David White, a subscriber. Mr. White said he and his company were debating whether to renew their subscription. “At this point, it’s up in the air.”