Stratfor: the End Game Nears

January 11, 2012

Stratfor CEO George Friedman's letter was posted on the relaunched company website earlier today (though at the time of posting - 20:05 GMT - the site was down again)

The Stratfor hack story is approaching its most pivotal moment. The company finally got back online today, 19 days after hackers operating under the Antisec/Anonymous banner announced their hack and started releasing the intelligence firm's customer account information. In an email to subscribers, also carried on the newly free-to-access site, founder George Friedman admits that the company did not encrypt its customers' credit card details - as I wrote on Monday, this has the potential to turn into a legal nightmare for the company. But it is the second half of Friedman's email which throws down the most important gauntlet in this saga.

"Obviously, we were not happy to see our emails taken," he writes. "God knows what a hundred employees writing endless emails might say that is embarrassing, stupid or subject to misinterpretation. What will not appear is classified intelligence from corporations or governments. They may find, depending on what they took, that we have sources around the world, as you might expect." Later, he adds: "The interpretation of the hackers as to who we are... was so wildly off base as to stretch credulity. Of course, we know who we are. As they search our emails for signs of a vast conspiracy, they will be disappointed. Of course we have relationships with people in the U.S. and other governments and obviously we know people in corporations, and that will be discovered in the emails. But that's our job. We are what we said we were: an organization that generates its revenues through geopolitical analysis. At the core of our business, we objectively acquire, organize, analyze and distribute information."

In indirect response, Barret Brown, the Anonymous movement's de facto biographer, announced that any chance of redaction of the Stratfor emails has now vanished, and that the entire cache will be published.

Regardless of the debates around security and secrecy - as valuable and charged as they are - the key issue to me is the one that will be resolved when those emails are published. If the claims made in Anonymous and Antisec web posts are justified, and Stratfor has been involved in illegal or immoral activity, then Stratfor is doomed. But if what Friedman says turns out to be correct, and all that is revealed is the internal workings of what basically amounts to a newsgathering operation, then we're into new and profoundly disturbing territory. The only thing that is certain at the moment is that they can't both be right. 


It seems too many are reading into this event as a drive to access Stratfor product. If you know your subject of interest well and can read the local language, you can google your way to a similar if not better product. We know it is not always the what, but the how and through whom that is the secret.

The event fits because it was funny, the lulz, taking out an unsecured "security" organization, and it provided all of those usernames and passwords. Most people use the same set for everything. Finding the name of a hill staffer then could lead to an opening in intranet quorum, and what if lockhead got sloppy there? What about the lazy military official talking about things they should not on a personal email account with the same username and password as their Stratfor account? Going through the rabbit holes has an infinitely larger possibility of finding something of worth than learning Stratfor has been reading Foreign Policy blog posts....

posted by: No One: 12 Jan, 2012 17:25:23


You're not the first one to make the same basic point to me - that the email list was maybe the real target here and that the key thing to exploit is where those logins might lead. I've got some stuff coming up over the next few days that might shed more light on that aspect, and while I don't think this was the real reason Stratfor was targeted, it remains a valid argument and a cogent observation.

That said, I would hope that anyone whose details were published will have long since changed all their passwords - I did - but it appears that some people may not even now be aware that account information has been publicised. And any military, government or defence industry staffer who uses the same password for classified accounts as they do for something public - and who makes that password an easy one to guess... well, I'd be surprised if they're that stupid, and if they are that stupid I'd be surprised if they last long in their position.



posted by: Angus Batey: 12 Jan, 2012 17:43:45

Click here to add your comment.

Comments will be subject to approval and should not be defamatory, obscene, racist, in breach of copyright, or contrary to law. Neither Angus Batey nor the site host is reponsible for any views expressed here.





photo gallery


mailing list