Massive Security Flaws Allowed for Stratfor - BestCyberNews: Online News Presenter in the present world

BestCyberNews: Online News Presenter in the present world

Start knowing

test banner

Breaking

Massive Security Flaws Allowed for Stratfor

A group of hackers broke into the network of Strategic Forecasting, Inc. (Stratfor), compromising the personal data of some 860,000 customers, including a former U.S. vice president, CIA director, and secretary of state.

For Stratfor, a Texas-based geopolitical intelligence and consulting firm, the incident was an international embarrassment that caused roughly $3.78 million in total damages.

According to confidential internal documents obtained by the Daily Dot and Motherboard, Stratfor employed substandard cybersecurity prior to the infiltration that left thousands of customers vulnerable to potential identity theft.

According to the documents, Stratfor engaged Verizon Business/Cybertrust to “conduct a forensic investigation” into the breach on Dec. 30, 2011, and requested that findings be shared with the Federal Bureau of Investigation. 

Verizon's security team inspected the computers at Stratfor's office shortly after the attack, as well as servers later confiscated by federal agents from CoreNAP, an Austin-based data center that hosted Stratfor's customer information.

In a 66-page report filed Feb. 15, 2012, Verizon concludes in painful detail that Stratfor had insufficient control over remote access to vital systems, and that those systems were not protected by a firewall and lacked proper file integrity-monitoring. 

This discovery appears to further validate the claims of Hyrriiya, an Anonymous hacker known for his cyberattacks on Syrian government websites. In a May 2012 letter sent to Hammond’s attorneys, Hyrriiya confessed to hacking Stratfor and providing AntiSec with access.

Verizon concluded that Stratfor's customer payment system, at the time of the attack, met only three out of the 12 fraud prevention requirements maintained by the report, which were taken from Visa’s fraud control and investigations procedures. 



Author Venkatesh Yalagandula Follow us Google + and Facebook and Twitter