While popular attention in cyber issues often focuses on the exotic APTs, enterprise security is being rocked by an unpleasant truth. Activist hackers have become a major problem, and not just for obvious targets such as the Church of Scientology or the United States government.
[The attack] appeared to be inspired by anger at the imprisonment of Bradley Manning, the US Army private who is accused of leaking hundreds of thousands of US government files to WikiLeaks. An online statement from the group said the attack would stop if Manning was given “a holiday feast … at a fancy restaurant of his choosing.”
However, STRATFOR is not related at all to the Manning case. The Texas-based firm carries out political risk analysis for corporate and government clients. Attacking STRATFOR to protest Manning’s imprisonment makes as little sense as hacking an ESPN sports show if you’re unhappy about the NBA lockout. STRATFOR, like all consulting firms, makes money by providing analytical products to clients. While other incidents, such as the attacks on HBGary, have more of a logical motivation behind them, the STRATFOR hacks simply seem bizarre.
The logic of the attack, however, is irrelevant. A large amount of emails, credit card information, and phone numbers have been lifted. What this attack should tell us is that enterprise security is not a niche concern anymore. Your company may be at best tangentially related to the object of an activist hacker’s ire, but he or she will target you anyway. Like OpCartel, the STRATFOR hack seems to also have been very controversial within the Anon ecosystem. But, of course, it takes only one.
There isn’t really a major takeaway in terms of the technical aspect of security–enterprise security matters, as people have said repeatedly. But the politics behind the hack–and what it means for the enterprise–are the issue here.
- Hacking group releases more Stratfor subscriber data (fedcyber.com)
- Rise of the Narcohackers (ctovision.com)
- Darpa’s New ‘Fast Track’ Okays Hacker Projects in Just Seven Days (bobgourley.com)