The CEO of Stratfor acknowledged Wednesday that the Austin company failed to encrypt the data that was taken by hackers last month and said the hackers actually made multiple attacks on Stratfor's servers.
Stratfor, which publishes geopolitical analysis, has said hackers took its website down on Christmas. The site has been restored with bolstered security, Stratfor CEO George Friedman said in a Wednesday interview with the American-Statesman.
Friedman's comments were the company's first public admission that Stratfor's policies before the attack did not include encrypting customer data.
"That was our failure," Friedman said. "As the CEO of Stratfor, I take responsibility. I deeply regret that this occurred and created hardship for our customers and friends."
The hacker group Anonymous claimed credit for the attack and took credit card information belonging to thousands of customers. Some of those credit cards were used to make donations to nonprofit groups, including the Red Cross.
Stratfor said its servers also had been damaged in the attack. The company retained Sec Theory, an Internet security firm, to rebuild its website, email system and internal infrastructure. It also built a new section to its website to tell its story of the hacking attack. Stratfor hired CSID, an Austin company that protects against identity theft, to work with its customers at Stratfor's expense. It also will move its entire e-commerce payment operation to a highly secure third-party payment company, eliminating the need for Stratfor to store credit card information in-house.
The company hired Verizon Business to conduct a forensic review of the hack, and it continues to cooperate with an FBI investigation.
By some estimates about 75,000 customers names, addresses and credit card numbers were exposed. One cyber security analyst, John Bumgarner, told the Los Angeles Times that thousands of those names exposed were military personnel and that 212 email addresses were from the FBI and dozens more from the National Security Agency and the Central Intelligence Agency.
Stratfor said its website will be free and accessible for all on a temporary basis, but it will contain only the company's most recent reports. All archived files will be gradually restored.
Over the next few weeks, the company will communicate with subscribers about how to obtain new, secure passwords and safely engage in credit card transactions.
Friedman said his company was hurt in separate attacks last month. In early December, he said, the company was aware that its customer credit card information had been stolen, and it notified customers and their credit card companies. It also alerted the FBI.
It did not make a public statement because of the ongoing criminal investigation, Friedman said.
Then on Christmas Eve, hackers tried to disable the website and destroy the content on the company's servers. The company did not issue a public statement at that time because of the investigation, but it was working with affected customers, Friedman said.
"They re-attacked us to take us down," Friedman said. Following that attack, Stratfor took its website down and began the process of recovering data and rebuilding the site.
Since then, Friedman said Stratfor has taken steps to rebuild its site in a more secure fashion and to have a secure, third-party firm handle customer credit card transactions.
The company, he said, is working "with all deliberate haste. We are going to do it carefully. The most important thing is taking care of our customers."
He said he is confident the company's customers will stay with it.
"They like what we do," Friedman said. "Their view is that a criminal attack was carried out on us."
"It is not really clear to me why we were a target. The hackers saw us as a hub of some sort of conspiracy involving large corporations and government."
That image, Friedman said, is inaccurate. The company simply gathers and publishes geopolitical intelligence and analysis.
The hackers, he said, "have taken a publishing company and tried to silence it."
No comments:
Post a Comment