Stolen Stratfor Information Ends up on Wikileaks
At the close of 2011 there was a data breach at a company called Strategic Forecasting. I wrote about it with a cynical view towards the company's internal security protocols. I also wrote, incorrectly, that Stratfor was in the business of providing advice on security; they are in the business of providing an analysis of "intelligence." A sort of “wanna-be CIA.” I still stand by my statement that a company like this suffering a breach is unacceptable.
Today, I took a spin on Wikileaks because I heard that the stolen information showed up there. What a fascinating read. According to Wikileaks, they have five million internal Stratfor e-mails. They published some of those e-mails on Monday.
Stratfor issued a press release discussing the disclosure of these e-mails and in it claim that:
Some of the emails may be forged or altered to include inaccuracies; some may be authentic. We will not validate either.
That's a great way of saying, "ah, there's bound to be some stupid, embarrassing stuff in there, but ah, maybe those are the forged ones... and the brilliant ones are certainly authentic..." Their attempt at creating an atmosphere of “plausible deniability” falls well short in my mind. But really, what else could they do?
When I first read about the hack, I presumed that the information was the target and although credit card numbers were stolen, it was the information the "bad guys" were after. Little did I know that it wasn't that the "bad guys" wanted to “use” the information in a conventional sense, they merely wanted to publicize it. I get the distinct feeling that someone doesn’t agree with Statfor’s business operations. (that “someone” looks to be associated with Anonymous)
Stratfor seems to be a private CIA, at least that's what they seem to want to be. At the same time, and if you believe the e-mails, they think that government intelligence agencies don't have a clue. They claim to have “sources” around the world in many different locations and positions including journalists, diplomats, and possibly “high-ish” ranking military figures.
By releasing these e-mails, and if you believe the content, we can all but conclude that Stratfor is in a shady business. Some tid bits: the Brazilian Government likes kickbacks when purchasing military equipment abroad according to one of their sources; Coca-Cola wanted to know if PETA would be actively protesting at the Vancouver Olympics; WalMart paid $16k for two background checks on potential employees; and my favorite: Venezuelan President Hugo Chavez apparently used Cuban doctors to operate on his supposed cancer and according to his second medical staff, the Russians, the Cuban doctors made serious errors… and now Chavez is seeking a third opinion from Chinese doctors because they use more “natural” means of treatment.
Now that it appears we know the real motive, public disclosure of private information, who gains? Do disclosures like this make the world a better place? Will this new release benefit Wikileaks? According to Wikileaks themselves, they're broke. Their boss is in the hoosegow (well, house arrest anyway) and they are still in the US Government's sights for that whole "Diplomatic Cables" disclosure. Do they think this will help their cause?
Perhaps it will. You see, Wikileaks is merely a conduit for the information. They probably didn't take it. They just have the right connections to publish it. As Wikileaks will surely come under government scruitiny based on this latest release, the Wild Wild West will surely come to its aid. Perhaps that is what will save Wikileaks... and perhaps Wikileaks will become an idea and not one man's company. Maybe Julian Assange will face eventual justice for publishing those diplomatic cables but Wikileaks will live on, just in a different form.
If we learned one thing from 2011, stealing data is possible, in fact, it's probable. Give the hackivist enough time, and enough computing power, and they can do quite a bit of damage. Can we stop it? Do we think that law enforcement is still investigating the Sony breach? How about the Michael's breach, the Citi breach, the Epsilon breach...? These cases are building up faster than they can be solved.
This hack involved a private company and may perhaps cause some embarrassment to various entities. Do I think that this hack will cause the FBI to drop everything and go after the perpetrators? Not exactly. Well, let me qualify that answer. It depends. It depends on how close the leadership of the company is with the power structure of the United States. You see, the squeaky wheel gets the grease.
If you don’t recall the whole HB Gary incident, Google it. By understanding what happened to them, you will learn what Stratfor shouldn’t do in response, no matter who they think they are…