Ah, it’s good to be back in the United States.
After a long holiday in New Zealand (more on that in a series of future posts), I’m almost ready to get back on the blogging trail. And what better way to do it than to write about a breaking news topic?
If you’ve read my blog for any length of time, you know that I sometimes touch on foreign policy and how other countries and cultures are different than the United States. The main reason that I like it is because I subscribe to Stratfor (short for Strategic Forecasting), which is kind of like a shadow-CIA. They provide analysis of global events on a daily basis and I like reading about them. So, when I talk about China, or Japan, or Russia, or Stuxnet, it’s because I have been influenced by Stratfor.
Well, last night, I got an email from Stratfor founder George Friedman indicating that Stratfor had been breached. I raised my eyebrows. “Oh?” I said. They said that they were suspending all email operations and that their list of corporate subscribers had been posted on other websites. But a couple of hours later, I got another email that contained a bunch of nonsense text that looked like excerpts from a book, although mainly in note form. “Well, that was weird,” I said.
Today, I got a follow up mail indicating the nature of the breach. On December 24th, an unauthorized 3rd party hacked into Stratfor and stole personally identifiable information and credit card data. “Um, what?” I said. I did a bit more web searching.
As it turns out, the online activist group Anonymous hacked Stratfor and posted the information. When I read that, I said “Oh… sh*t.” They were able to access the data because it wasn’t encrypted (oh, that’s just awesome). Furthermore, they posted the list of names online and used some of the credit card data to make purchases – actually charitable donations – using the information that they stole.
In other words, my information is at risk. Probably disclosed.
I went back to the Stratfor follow up email and read through it more closely. They are working with an identity theft monitoring company but in the meantime, they gave the following advice:
- Contact my financial institution and notify them of this incident.
- If I see any unauthorized activity, notify my financial institution.
- Submit a complaint with the FTC.
- Monitor my credit using the three US reporting agencies (Equifax, Experian or Transunion).
You know, it’s weird. I’ve seen a bunch of other hacks this year. But I’m not a Sony subscriber, don’t use Citibank and was not really all that connected to the attacks; I only read and wrote about them. But this one is personally real to me. Very much so.
The Hacker News has a summary of the Stratfor hack, as well as some other information including a video they posted on their web site (I checked the link to the Pastebin site, none of my information is publically posted yet although Anonymous claimed in a tweet that they only posted the A’s, i.e., the first parts of the list in alphabetical order).
I’m not sure what Anonymous’s goal here is, but it could be that Stratfor provides global intelligence and security analysis and this hacker group proved that their data – including mine – is not very secure. How secure could this security company be?
I don’t know what the lesson learned is here. What am I supposed to do, not subscribe to websites because they probably don’t have my information encrypted? Maybe I should only subscribe to websites that I know do encrypt my information (Microsoft does this for important data like credit cards). I decided to cancel my credit card and get a new one. I don’t like doing that because:
- I have to update all of my auto-billing and change the credit card information on all of them.
- I had the number memorized, I could type it in whenever I made online purchases. Now I have to memorize a new one which takes forever.
Or maybe I should start a consulting business that goes around advising companies how to protect their users’ data.
That’s not such a bad idea.