Encrypt, Encrypt, Encrypt ... or Else ...
Could the Stratfor Catastrophe happen to you? Yes.March 20, 2012 By Denny Hatch
Imagine Henry Kissinger or Warren Buffett trying to pay his hotel bill at the Ritz in Moscow and being told by a desk clerk that his credit card was no good.
What's more, imagine how you would feel if it were your fault. That is the embarrassment facing newsletter publisher George Friedman.
Stratfor Global Intelligence is a highly respected daily newsletter devoted to world news, covert actions, military affairs, terrorism and intrigue. If you are an international news junkie, this is a must read.
Subscribers include high-powered and high profile folks in Fortune 500 companies, international finance, academia, governments, the military and the media.
The entire subscriber file was hacked, and the criminals started looting money from the accounts. The FBI alerted the issuers of nearly 100,000 credit cards of the account numbers that had been stolen, and presumably they were summarily canceled.
From CEO George Friedman's letter to his subscribers:
We knew our reputation would be damaged by the revelation, all the more so because we had not encrypted the credit card files. This was a failure on our part. As the founder and CEO of Stratfor, I take responsibility for this failure, which has created hardship for customers and friends, and I deeply regret that it took place. The failure originated in the rapid growth of the company. As it grew, the management team and administrative processes didn't grow with it. Again, I regret that this occurred and want to assure everyone that Stratfor is taking aggressive steps to deal with the problem and ensure that it doesn't happen again.
Read Friedman's entire letter and you'll discover a confession of incompetence by an academic Ph.D. that has no business running a business.
Overnight, Strafor Global Intelligence became an oxymoron.
The Stratfor Debacle Gets Worse
Hacking the customer file was just the start. The Anonymous Group hacked Stratfor's entire internal correspondence files—more than 5 million emails—from confidential sources all over the world and released them through Wikileaks.
Only a fool would continue to supply Stratfor (or anybody else) with privileged information.
On March 7 it was announced that the Anonymous group and LulzSec were victims of an inside snitch and were arrested.
My bet: It’s too late for Stratfor to survive since all of their sources have been compromised, embarrassed and many likely fired from their jobs.
The Internet Is the Greatest Crime Venue the World Has Ever Known
Whether you are a giant country like the U.S., a small business like Stratfor Global or a single individual with an email account, every time you go on the Internet, you put yourself at risk. Consider the following:
• A debate within the executive branch of the government, Department of State and the Pentagon is whether a devastating cyber attack (e.g., one the shuts down the nation's power grid or Pentagon communications) is fair game for a cyber counterattack or even a casus belli that deserves full military retaliation.
• My guess: Easily 2 million or more cyber attackers from all over the world are loose on the Internet. As a result, you and I—all of us—who operate a portal into the Internet are under continuous assault 24/7. Unless we are hyper-careful, our very existences stand to be turned into a living hell.
When Life Was Simpler...
Late in World War II during cocktail hour the family was gathered in the den to hear Edward R. Murrow's nightly broadcast from London on CBS radio when the phone rang.
My father took the call, suddenly sounded very worried, jotted down some notes and ended by saying, "I'll wire you $50 right away.
He walked out the door and drove down to the Western Union office to keep his promise.
On his return I asked what that was about. My father said the caller was a chorus girl he had kept company with in the late 1920s. She was drunk, in jail, needed bail money, and my father was the only person she could think of who might have that much cash.
"Why would you send her $50?" I asked. At the time that was a lot of money.
"Because that is what you do when somebody out of your past calls and needs help."
Fast forward to 2012. Peggy received an email from a woman she knew, who said she was stranded in England with no money and needed $2,000 right away.
Peggy emailed her to verify her plight and the plea for help was bogus. It was an online version of the Facebook Grandparent Scam.
My Yahoo Email Inbox: A Mine Field
Several weeks ago I eyeballed the 291 emails in my trash file and separated them into three categories: Legit, Spams and Scams. The result:
- 198 were legit: These were people I knew or who knew me—clients, friends, family, PR people touting a story, Amazon.com offering me books, etc.
- 94 were spams (unknown senders): People I'd never heard of.
- Of the 94 spams, 81 were scams
These were strangers on the FROM Line or SUBJECT LINE smelled bad. Some examples:
FROM SUBJECT LINE
WE'RE OVERSTOCKED Apple iPad2 SOLD for only $8.76. GET ONE NOW!
!!!WARNING!!! SOMEONE RAN A BACKGROUND CHECK ON YOU!
abdullahi musa READ AND REPLY URGENT
ClubVIP Wager Here's USD777 of house money you can wager
Monday Lottery You've been approved £1,000,000
Mr.Maliam Nuhu Ribadu SECOND NOTICE
Loan Matching Get Cash with bad or no credit
Mrs. Jessica Willard THANK GOD I'VE FOUND YOU!!!
Julius Reiner Is it you in this picture?
Mr. Andrew Lloyd Scammed Victims Compensations.
Plus of course a bunch of explicitly sexual propositions.
How to Smell a Scam
An example is found in the mediaplayer at the right—the BBB Scam. It arrived in my inbox. I clicked on it to have a look and the message was on Better Business Bureau letterhead with the official BBB logo:
Your Customer's Complaint
TO: email@example.comfirstname.lastname@example.orgemail@example.com+ 96 more+
RE: Case # 34631552
The Better Business Bureau has been filed the above mentioned complaint from one of your clients concerning their dealings with you.
The details of the consumer's concern are included in attached file. Please examine this case and let us know about your position.
We encourage you to open the ATTACHED REPORT to respond this complaint.
We look forward to your urgent attention to this matter.
Better Business Bureau
The Scam Tipoffs
1. A client of mine would never bother to go the BBB with a problem. An unhappy client would simply fire me.
2. I was not the recipient of the email. The sender sent it to himself and 98 others.
3. If this email was going to 99 recipients, how could we all be Case #34631552?
4. I clicked on 96 more+ and up came a screen with 96 email addresses where all the names began with den. The sender forgot to enter these in the BCC box. Us poor suckers were further compromised as our email addresses could be downloaded and rocketed all over the world into spam/scam databases.
5. I clicked on FROM: Dennis Wurster and up came his real address: firstname.lastname@example.org. I went to www.exoriktiki.com and it was nothing.
6. Four grammatical errors in the lede sentence (edits mine):
The Better Business Bureau has been filed [received] the above mentioned [abovementioned or above-mentioned] complaint from one of your clients considering [concerning] their [his or her] dealings with you.
Perhaps two of the people out of 5,000 were embroiled in a quarrel with the BBB. They would open the email, quickly scan the message and click on the hyperlink, ATTACHED REPORT to see the latest developments in their case.
Malware would instantly invade their computers and they would be unwitting accomplices in exacerbating what is no doubt a huge Internet scam.
Just to sure, I Googled BBB Scam, and my suspicion was confirmed.
A friend of mine named Dave sent me an email on Jan. 20, 2012 with the following subject line and message:
Fri, 20 Jan 2012 17:18:12
"When grown on poor or dry soils, the effect of covering the soil with light manure, lawn mowings, or any such material that can be spared is excellent" (c) MILO wr4ig
I have known Dave for 35 years and this was nuts. I confirmed that it did indeed come from Dave's computer and then forwarded the MariaBonilla29 email to him with the following message:
Did you send me this?
Or has your computer been hijacked?
Hope all is well.
Two hours later I heard from Dave:
No, My address book has been hacked. Sorry, Dave
I have received six such messages from various friends in the past six moths and alerted the senders, who were grateful
A Sampling of Internet Scams
Readers of this prickly publication know that since I started in 2005, I prowl the Internet every day and vacuum up stories that 1) interest me or 2) might be useful in current or future columns.
They are cataloged under 390 major categories and number in excess of 71,000 stories. Among them is an extensive file of Internet scams. Below is a tiny sampling of what can smack you over the head with a two-by-four because you have a portal into the WWW—Wild West Web:
- Attacks from Overseas Scammers
- Botnet Attacks—Hijacking Your Computer
- Eastern Europe Funds Transfer Scam
- EBay Scams—14 Things to Know
- Facebook Scam
- Grandparent scam
- ID Theft
- Hotel Guest Credit Card Thefts
- LinkedIn Is a Hacker’s Dream Tool
- Koobface Facebook Scam
- LulzSec Gang
- Nigerian Scam
- Operation Ghost Click
- Password Theft
- Pharming Scams
- Phony Caller ID
- Spear Phishing
- Stranded Traveler Facebook Scam
- Stuxnet—US-Israeli malware neutralized Iran's nuclear program
- Tim Geithner U.S. Treasury Scam
- Twitter Scam
- Vacation Rental Scam
- Zeus Trojan Horse Financial Scam
I Ask Your Help on This
What else should a consumer and/or business owner do to protect self and company from being hacked and scammed?
Please send your suggestions to the Comment Section and they will be posted.
- Computer assault and invasion are so pervasive that hackers are advertising their services.
- Smell a rat in your inbox? Google [subject line] scam and see what comes up.
- Or reply to the sender. If your email is bounced back as undeliverable, it's a scam.
- If you receive a strange email from a colleague, family member, friend or acquaintance-something that does not make sense—do not open any attachment. And do not reply. Instead, forward that message to the sender's email address with the question, "Did you send me this?" I never click on reply and send the message directly, because replies could go to the scammer who would then capture my name as a live responder.
- Never open an attachment from a stranger. If curious, email the sender and confirm the legitimacy.
- Before doing business with a company you do not know, Google [Company Name] reviews.
- I do not maintain an online address book anywhere in my Yahoo or AOL account.
- Encrypt all your customer data and corporate information that, if hacked, could 1) put you out of business or 2) put hundreds of others in business, which would put you out of business.
- Marketers that maintain personal information about their customers and prospects have fiduciary responsibility.
- Empty suits that allow IT people to play fast and loose with that trust can cause havoc with the reputation of the company and wreck people's lives.
- Hire a world-class hacker and see how long it takes to breach your data.