A website hacked, a lesson learned

Share

On Jan. 11, nearly three weeks after the Great Christmas Eve Stratfor Hack, the Texas-based strategic analysis website came back online with limited service. And none too soon – some of us were starting to show signs of withdrawal.

If you haven't been following, Strategic Forecasting Inc., better known as Stratfor, probably the most reputable privately owned open-source intelligence firm in the world, suffered a massive hacker attack on Dec. 24. The hackers proceeded to publish the credit-card information and passwords of many of Stratfor's subscribers (4,000 alone beginning with the letter "A") and proceeded to use said information to make unauthorized donations to every major charity in sight.

Who exactly pulled off this heist isn't clear, as usual. It was first claimed on behalf of the known anarchist hacker grouping Anonymous, whose associates have hacked a wide variety of public and private targets, but Anonymous denounced it within a day and blamed Lulz, a splinter group. But in that demimonde, everything is a splinter group and the mutations are nearly impossible to follow.

Thanks to timely warning by Stratfor itself, many subscribers managed to cancel their cards before they could be hurt, but make no mistake, harm has been done on a broad scale, not only to Stratfor itself but to the public interest of information sourcing and dissemination. Not to mention the charities, who will not get the money that was illegally diverted to them and will incur substantial administrative fees and difficulties making refunds.

Good intelligence work the world over relies far less on secret information (Bin Laden takeouts and real-time military intelligence excepted, but that is very rarefied stuff) than on the accurate and speedy collation of "open-source" – publicly available – information, and unbiased and timely thematic analysis. Stratfor is among the best at this. What the hack has done among other things is to show how dependent almost everybody is on that kind of service.

Literally, almost everybody. The dump revealed corporate and/or individual subscriptions from most of the intelligence agencies on Earth, all the way down through major corporations to newsrooms to op-ed writers. Governments have their own open-source information channels, of course – it's a major function of embassies everywhere – but Stratfor is Everyman's intelligence network, and often enough a solid cross-check for official channels. Exaggerating only mildly, at some point, Canada will have been calling the United States and the United States calling the Germans, who'd have been calling the Russians asking, "What's happening in Lower Slobovia?" and all they'd be getting back was, "How should we know? Stratfor's down."

Stratfor's great value is in having a network of private local sources, many with previous experience in "the trade," who can intelligently analyze local information for value before passing it along. The extent that sources' identities have been compromised by the hack is not clear, but depending on what part of the world they live in, some of them have to be feeling very uncomfortable.

The reason Anonymous gave for denouncing the hack – that Stratfor is a relatively unbiased, accurate and available-to-all-comers information aggregator– is perfectly correct. Unfortunately, people of an anarchist bent have been disagreeing on who is "the real enemy" since the days of beards and black powder bombs. Stratfor is simply the latest example of collateral damage.

What is more surprising is that Stratfor, of all organizations, could be caught with an unencrypted subscriber database. CEO George Friedman has been very forthright in his apologies and attempts to make amends to subscribers, but the case remains a perfect example of the corporate forebrain and hindbrain getting fatally separated. The Internet was designed as a small information-exchange utility among trusted users, not as the universal medium it has become. Advocates of unrestricted online governance including general elections, take note. And everyone else, check your back office.

Stratfor subscriber Eric Morse is a former Canadian diplomat who is now vice-chair of security studies at the Royal Canadian Military Institute in Toronto.