Encrypt, Encrypt, Encrypt … or Else …

Could the Stratfor Catastrophe happen to you? Yes.

Imagine Henry Kissinger or Warren Buffett trying to pay his hotel bill at the Ritz in Moscow and being told by a desk clerk that his credit card was no good.

What’s more, imagine how you would feel if it were your fault. That is the embarrassment facing newsletter publisher George Friedman.

Stratfor Global Intelligence is a highly respected daily newsletter devoted to world news, covert actions, military affairs, terrorism and intrigue. If you are an international news junkie, this is a must read.

Subscribers include high-powered and high profile folks in Fortune 500 companies, international finance, academia, governments, the military and the media.

The entire subscriber file was hacked, and the criminals started looting money from the accounts. The FBI alerted the issuers of nearly 100,000 credit cards of the account numbers that had been stolen, and presumably they were summarily canceled.

From CEO George Friedman’s letter to his subscribers:

We knew our reputation would be damaged by the revelation, all the more so because we had not encrypted the credit card files. This was a failure on our part. As the founder and CEO of Stratfor, I take responsibility for this failure, which has created hardship for customers and friends, and I deeply regret that it took place. The failure originated in the rapid growth of the company. As it grew, the management team and administrative processes didn’t grow with it. Again, I regret that this occurred and want to assure everyone that Stratfor is taking aggressive steps to deal with the problem and ensure that it doesn’t happen again.

Read Friedman’s entire letter and you’ll discover a confession of incompetence by an academic Ph.D. that has no business running a business.

Overnight, Strafor Global Intelligence became an oxymoron.

The Stratfor Debacle Gets Worse
Hacking the customer file was just the start. The Anonymous Group hacked Stratfor’s entire internal correspondence files—more than 5 million emails—from confidential sources all over the world and released them through Wikileaks.

Denny Hatch is the author of six books on marketing and four novels, and is a direct marketing writer, designer and consultant. His latest book is “Write Everything Right!” Visit him at dennyhatch.com.
Related Content
Comments
  • Barry

    While blaming the victim is inappropriate, so it is inappropriate for software developers not to include protection from hacking. It has gotten to the point where cyberwarfare is not a joke it’s a profession, eagerly developed by America’s enemies. From the time I wrote "Why I Love Spam" some years ago to today, I often wonder why the ISP’s, Browser software developers, and others responsible for the wonders and capability of the Internet don’t develop a program that not only detects invaders, but counterattacks with software that utterly destroys the originator.

  • Barbara

    One of the best sources to check or double check scams is Snopes.com
    I’ve finally gotten some of my mother’s friends to check Snopes against what they’re getting in their inbox. They, in turn, are correcting their friends. Thanks for the links to your data–maybe they’ll consider you a "mature and reasonable" resource. :)

  • DJan

    One of the best examples of email address book hijacking was when I received an email from my colleague’s wife which said :
    " Hi, After we met the last time, I can’t stop thinking about you. I wish you’d call me sometime. "

    Now, how in the world do you confirm that this is legitimate?

  • John

    The problem has become so widespread that hacking software is now sold by the "black hats" with SLAs (Service Level Agreements), the IT world’s version of "guaranteed performance."

  • Andy

    It should also be mentioned that Apple holds all of the decryption keys to any data you sync through iCloud. Furthermore, their Terms and Conditions give them the right to not only look at your data, but to modify or delete it if they feel it violates their terms.

    So, while services like iCloud may be fine for your kids or even for syncing your personal photos, e-mails and contacts, they should NEVER be used for any business data — especially trade secrets and the like.

    One would imagine that since you can’t guarantee security, neither financial or medical information should be anywhere near iCloud or similar services as you might be violating HIPAA (medical confidentiality) or varous financial / commerce regulations.