Stratfor has restored its website to normal operation on Wednesday, more than two weeks after a hack attack by Anonymous that made the global intelligence analyst firm a byword for information insecurity. Members of Anonymous made off with stolen emails and credit-card data after breaking into Stratfor's chronically insecure …
"soz about the credit cards"
Was there actually an apology? I watched this yesterday and didn't notice one.
"Such transactions are highly likely to be identified and reversed, potentially leaving charities worse off in the process (as a result of charge-back fees)"
Make donations to a political party then... Simples.
Make sure it's the correct political party, you wouldn't want to charge money to a "right thinking" party, although all the others are fine.
Party doesn't matter
The party of the members of both the House and Senate don't matter, just if they're in favor of the draconian SOPA and PIPA measures. Trouble is most of those charged would probably want them to keep the donations.
Were they using Microsoft software? That's easily hacked...
And, they were using a Unix variant because Anon said they finished off with an "rm -rf *"
Apology - @AC 12.1.12:1707
As Sophos also noted, this was more of an apology than most hack victims give - a clear acknowledgement that the company failed to scale up appropriately, and shouldn't have been processing its own transactions.
"As the founder and CEO of Stratfor,
I take responsibility for this failure, which has created hardship for customers and friends, and I deeply regret that it took place"
...and in the light of the above failure, I resign, with immediate effect.
"With the credit card information stolen, I assumed that the worst was done. I was wrong. "
In other words "We looked bad about the credit cards and I thought that was bad but at least it didn't affect me, then I found out they had fucked with my shit too and that was worse"
The loss of your customers data is the worst aspect of the situation as they are totally blameless and trusted you with that info, whatever happens to your servers etc is secondary to that.
Storing credit card details in an unencrypted form is against the merchant card program rules. It certainly is in Europe. Failure to abide by the rules (especially a failure such as this where data was stolen) can result in withdrawal of your card processing facility.
As for the CEO resigning, I guess he is just taking the behaviour of our leaders as an example. Nobody in any lofty position carries any responsibility. On the rare occasions that one is forced out by massive public protest (RBS for example), they still walk away with a "jolly well done" handshake measured in the millions.
Fred Goodwin, who contrary to the popular reporting by the media at the time, didn't walk away with a massive golden handshake. What happened was that he stayed on to help the new board take over (something which he in no way had to do) for a consultancy fee. This consultancy fee was put directly into his pension.
After all the shouting about it in the press, he gave the consultancy fee for his work back, but that was never reported, either.
However, the current people running RBS get more pay than Fred did and are shredding the company making tens of thousands of people redundant and shipping jobs off to India. Offshoring was something the previous management never did, there were redundancies when RBS took over NatWest, but there were also jobs saved as the then management stopped the branch closure scheme and callcentre offshoring.
"Nobody in any lofty position carries any responsibility."
Except when it comes time to justify their massive salary package to the shareholders..
After that process....well, meh, who cares?
Sorry, but lack of security isn't one of those problems that comes about with "rapid growth".
However, lack of security IS one of those problems that comes from employing id10ts with zero experience in the real world to build your website.
A quick look at their html source shows it was built with Drupal 7. Also, instead of building a template from the ground up, or even properly tweaking one, they have a tremendous amount of HTML code just commented out... looks like someone didn't exactly know what they are doing and were a little unsure of themselves. Gotta love Kids.
Wonder if they've bothered applying any of the patches...
- Nokia: Read our Maps, Samsung – we're HERE for the Gear
- Ofcom will not probe lesbian lizard snog in new Dr Who series
- Kaspersky backpedals on 'done nothing wrong, nothing to fear' blather
- Too slow with that iPhone refresh, Apple: Android is GOBBLING up US mobile market
- Episode 9 BOFH: The current value of our IT ASSets? Minus eleventy-seven...