While L-tryptophanics were tucking in on Christmas day, private intelligence group Stratfor Global Intelligence was watching its reputation dissipate after online attackers copied e-mails and client lists. On Christmas Eve, the attackers announced that they had broken into Stratfor’s systems and obtained access to 200 GB of e- …
... what platform did this take place on? Was it Winblows?
re: Was it Winblows?
AnonymousIRC quoted on the zerohedge.com link from article suggest they where finishing the process with the command "rm -rf /*" - so I'g guess no
@Was it Winblows?
Or was it Linsux?
Or does it even matter?
No It Was AdminSuckxx
It is still not exactly easy to keep a Linux box patched to the latest versions, if you have trouble with the command line. You should not confuse your command line skills with those of a "political scientist". Probably this whole "stratfor" thing is a one-man show, with that one man not being a seasoned system administrator, but a guy struggling to just make it "running somehow".
A properly locked-down linux system is indeed very secure, but it still requires that proper practices, such as password, creditcard encryption and salting are used. Which apparently was not the case.
Agree with your general point about a badly maintained Linux server being just as vulnerable as a badly maintained Windows server. But you are wrong to be making assumptions about Stratfor. I can't speak for their admin side but they're definitely not a "one-man show". They're pretty good at what they do - strategic forecasting. Shame about this, though.
I disagree. I have never heard so much utter shite issued in the named of forecasting in all my days. I receive their guff regularly courtesy of working at a money manager.
Definition of hacker
People who break into computers are not hackers. Calling them that is akin to calling somebody who breaks into a house a builder. Though I can apprecieate the confusion in a World were we call people who are professional money investment experts - bankers, and people who steal money - theifs were infact percentage wise of theft is actualy bankers.
That said major respect for factualy reporting this and not like all the others who are labeling this upon anonymous group, who themself have admited it was not.
...people who gain access into other people's computers through unofficial channels are, by definition, hackers. That said, there are hackers (white-hat, ethical hackers--legitimate security researchers, penetration testers, etc.) and there are hackers (black-hats, crackers, government and industrial spies, etc.).
A hacker is someone that codes for the Linux kernel. Nothing more, nothing less.
That isn't right either
The term Hacker far predates linus' ego. Hacker was originally used to denote people that had high levels of knowledge about computer systems, no matter the OS. The term became popular on the original DARPA-net a good 20-30 years before linux was even a thought.
Not Linus' ego
Re: "The term Hacker far predates linus' ego."
Actually, Linus himself thought to name it "Freax". The name "Linux" was coined by a guy called Ari Lemke who first put the nascent sources online at the nic.funet.fi FTP site. I wonder if the history of computing would have been different without this name change. Who would have dared to run enterprise systems on something called "Freax"?
(Google for "freax linux" to get links to the story).
Multiple definitions of Hacker
Dear fellow pedants,
like very many words in english, hacker, and to hack, have multiple definitions.Those of us who have used the term in a positive sense for the last 25 or 30 years to describe a style of code and system manipulation just have to live with it also being used to describe certain unethical behaviours.
Actually, Charles 9 is misinformed and the following AC is poorly informed.
According to Internet documentation http://tools.ietf.org/html/rfc1983
A person who delights in having an intimate understanding of the
internal workings of a system, computers and computer networks in
particular. The term is often misused in a pejorative context,
where "cracker" would be the correct term. See also: cracker.
"Who would have dared to run enterprise systems on something called "Freax"?"
Agreed - so why the childishly-stupid names for each version of Ubuntu? Would you run an enterprise system on something called Manky Meerkat or Fascinating Ferret? The ability to alliterate is no excuse.
It's INCLUSIVE not EXCLUSIVE. Your deffinition is also a hacker. However, the person that decides to use his car windshield wipper fluid container as a makeshiff radiator, is also a hacker.
The person that us drain spouts on his house, to generate electricity, is also a hacker.
Re: Multiple Definitions of Hacker...
Thank you: someone who can divorce themselves from pedantry.
Take the word nuts. Does it mean a fruit from a tree, testicles or somebody who is suffering from mental dysfunction. Depending on context, all three are correct - though perhaps not politically correct in at least one case....
What we should be much more concerned about is how they got in and why the data were not secured. The word we choose to label these people is just noise on the periphery.
@ AC - Linux kernel?
A hacker is somebody who codes for the Linux kernel.
And the netbsd kernel. And RISC OS low level. And Windows low level. And who implements a working SCSI chain on 8 bit hardware, or gets a microcontroller to talk to an SD card, or correctly implements USB on a TI device from the ground up, or... [and special kudos to the guy that built a processor out of discrete transistors, You Are God!]
Frankly, if you can look at assembler and understand wtf is going on, you can call yourself a hacker. From 6502 to parallel GPU, it doesn't matter. "Hacker" is a platform agnostic term.
And people that do nasty crap like that described in this article are supposed to be called "crackers" (as they are...) so that mere mortals with zero clue about geek issues don't run and hide when you mention the word "hack". I mean, if they don't know what (non-criminal) hacking is, how the hell are they going to understand this stuff about hat colours?
How about the dictionary?
Definition 3B: a microcomputer user who attempts to gain unauthorized access to proprietary computer systems.
Like I said, this definition DOES NOT imply an unlawful intent, since a white-hat hacker would be doing the same thing but for legitimate reasons (such as being hired by the owner of the system being penetrated).
As for "cracker", which I also mentioned, that DOES imply malicious intent since a cracker's intent isn't just to penetrate but to DAMAGE as well.
Since we both have authoritative sources (yours an Internet RFC, mine an official dictionary), we'll have to say BOTH are correct.
and there was me wondering what the relevance was of them being shit at golf.
"nothing more than opportunistic attention whores who are possibly agent provocateurs,"
This is exactly what I though of stratfor....
And, indeed, Anonymous themselves.
1) Who the shuddering fuck are Strafor?
2) Why should I care that they can't secure their network?
3) Why are you reading El Reg?
Actually, a bit more information about who Stratfor is and what do they do would not have gone amiss. Yes, some here are more informed then others - but that is no reason to just assume everybody who reads a particular article is already heavily into whatever information niche the article is about. Different readers have different favourite subjects - and it helps to provide some basic background information for completeness sake.
Odd, when I was young and 'hacking' for GODs and PBXs through Genie,Tymnet and UUNET. Linux hadn't even been created yet. Wonder what we were doing? Oh well. That being said, it was never for malicious purposes. Being detected was the last thing one wanted. It was all about the fascination with computers and technology, never harm to others. But the world doesn't stop for anyone does it?
StratFor (Strategic Forecasting) is a company based in Austin, TX that was founded in 1996 by George Friedman. It has approximately 110 employees and provides, by subscription, intelligence on politics, terrorism, business strategy and finance to governments and businesses around the world.
You probably shouldn't care that they can't secure their network - unless you view it as a learning opportunity or an amusing incident.
@xj25vm - who dey?
Stratfor are a news analysis and interpretation organisation with a reputation for apolitical, reasonably objective and unbiased assessment; their primary aim is to provide STRATegic FORecasting for corporate and other clients.
Most of their information comes, as they themselves clearly say, from freely available public sources - the 'added value' is the interpretation, provided by a team which includes various specialists and ex-intelligence agency analysts. And of course, it means that subscribers don't (for example) have to trawl the Arabic or Asian press for local views, official or otherwise. They are regularly cited by fairly serious news outlets like the NYT, the Economist, CNNi and such.
Nevertheless, I suspect that the vast majority of those whose details have been lifted - of whom I am one - are individuals who appreciate their assessment of world affairs, rather than governments or spooks.
Thanks to Anonymous, I'm out of pocket on this - having had to cancel and re-order a credit card, despite its not having been used for unauthorised transactions - and have had a lot of extra hassle while away from home over Christmas. Ho ho bloody ho.
"As a media source, Stratfor's work is protected by the freedom of press"
I'm sure their clients will value that excuse greatly.
By the way, does this mean that Stratfor is inclined to use faith-based protection ? Because I wonder if that line of defense would hold up in court. Somehow, I am inclined to think not.
Reading comprehension fail.
That quote is from Anonymous explaining why they wouldn't target Stratfor and why they think the people who did this saying they are Anonymous are false flag. It's not a statement by Stratfor. But you seem to have been thumbed up by two people already.
Dang, you're right
So I did gloss over that. I blame the eggnog.
Still, I wonder what Stratfor's clients are going to think of the "security" that failed to protect them.
Surely CIA not Sabu?
Seems these blokes are up to all sorts of nasty things? http://forum.prisonplanet.com/index.php?topic=225332.msg1328775#msg1328775 Also their facility in Virginia Industrial estate logs millions of tweets/day. Oh, how nice to live in a Democracy?