My first instinct was; STRAFOR? Why STRATFOR?
On Saturday, hackers who say they are members of the collective known as Anonymous claimed responsibility for crashing the Web site of the group, Stratfor Global Intelligence Service, and pilfering its client list, e-mails and credit card information in an operation they say is intended to steal $1 million for donations to charity. The hackers posted a list online that they say contains Stratfor’s confidential client list as well as credit card details, passwords and home addresses for some 4,000 Stratfor clients. The hackers also said they had details for more than 90,000 credit card accounts. Among the organizations listed as Stratfor clients: Bank of America, the Defense Department, Doctors Without Borders, Lockheed Martin, Los Alamos National Laboratory and the United Nations.Hey, I like those guys. Why didn't they pick on Greenpeace or sump'n? Now, I'm not a Ron Paul supporter, but my first instincts were to ponder - there must be some deeper conspiracy going on here ... what was REALLY on STRATFOR's servers .... and was this REALLY Anon ..... but then ....
The group also posted five receipts online that it said were of donations made with pilfered credit card details. One receipt showed a $180 donation from a United States Homeland Security employee, Edmund H. Tupay, to the American Red Cross. Another showed a $200 donation to the Red Cross from Allen Barr, a recently retired employee from the Texas Department of Banking.
Stratfor didn't just expose a website to the public. It also, apparently, put all this other stuff online, in the clear, for the taking.Oh come on. Talk about an easy target. Ummmmm .... let me guess - no one will be contracting STRATFOR for cyber security work in the near future.
It's true that websites are like storefronts, and that it's more or less impossible to stop determined people from blocking or defacing them now and again.
Here, however, it looks like Stratfor left private files in the window display, waiting to be grabbed by the first guy to put a brick through the glass.
Now, I'm not America's premier intelligence and security research group, and I'm not a member of its national IT security planning task force. But I'm pretty sure that putting unencrypted lists of credit card numbers and client details on public-exposed servers isn't quite explained by "no matter what you do, every system has some level of vulnerability."
