Encrypt, Encrypt, Encrypt ... or Else ...
Could the Stratfor Catastrophe happen to you? Yes.March 20, 2012 By Denny Hatch
Imagine Henry Kissinger or Warren Buffett trying to pay his hotel bill at the Ritz in Moscow and being told by a desk clerk that his credit card was no good.
What's more, imagine how you would feel if it were your fault. That is the embarrassment facing newsletter publisher George Friedman.
Stratfor Global Intelligence is a highly respected daily newsletter devoted to world news, covert actions, military affairs, terrorism and intrigue. If you are an international news junkie, this is a must read.
Subscribers include high-powered and high profile folks in Fortune 500 companies, international finance, academia, governments, the military and the media.
The entire subscriber file was hacked, and the criminals started looting money from the accounts. The FBI alerted the issuers of nearly 100,000 credit cards of the account numbers that had been stolen, and presumably they were summarily canceled.
From CEO George Friedman's letter to his subscribers:
We knew our reputation would be damaged by the revelation, all the more so because we had not encrypted the credit card files. This was a failure on our part. As the founder and CEO of Stratfor, I take responsibility for this failure, which has created hardship for customers and friends, and I deeply regret that it took place. The failure originated in the rapid growth of the company. As it grew, the management team and administrative processes didn't grow with it. Again, I regret that this occurred and want to assure everyone that Stratfor is taking aggressive steps to deal with the problem and ensure that it doesn't happen again.
Read Friedman's entire letter and you'll discover a confession of incompetence by an academic Ph.D. that has no business running a business.
Overnight, Strafor Global Intelligence became an oxymoron.
The Stratfor Debacle Gets Worse
Hacking the customer file was just the start. The Anonymous Group hacked Stratfor's entire internal correspondence files—more than 5 million emails—from confidential sources all over the world and released them through Wikileaks.
- Computer assault and invasion are so pervasive that hackers are advertising their services.
- Smell a rat in your inbox? Google [subject line] scam and see what comes up.
- Or reply to the sender. If your email is bounced back as undeliverable, it's a scam.
- If you receive a strange email from a colleague, family member, friend or acquaintance-something that does not make sense—do not open any attachment. And do not reply. Instead, forward that message to the sender's email address with the question, "Did you send me this?" I never click on reply and send the message directly, because replies could go to the scammer who would then capture my name as a live responder.
- Never open an attachment from a stranger. If curious, email the sender and confirm the legitimacy.
- Before doing business with a company you do not know, Google [Company Name] reviews.
- I do not maintain an online address book anywhere in my Yahoo or AOL account.
- Encrypt all your customer data and corporate information that, if hacked, could 1) put you out of business or 2) put hundreds of others in business, which would put you out of business.
- Marketers that maintain personal information about their customers and prospects have fiduciary responsibility.
- Empty suits that allow IT people to play fast and loose with that trust can cause havoc with the reputation of the company and wreck people's lives.
- Hire a world-class hacker and see how long it takes to breach your data.