

Stratfor CEO: Data wasn't encrypted, and hackers made multiple attacks - rdp
http://www.statesman.com/business/technology/stratfor-ceo-data-wasnt-encrypted-and-hackers-made-2096774.html

======
stfu
So it has been a week or two since the hack went down. Now can somebody point
me now to the dirty little secrets Stratfor was hiding from us? Except for the
earth shattering news that they had some people in the security business as
subscribers - was there anything newsworthy coming out of that hack?

~~~
dantheman
I love stratfor, I read it all the time, there is nothing on the site that is
remotely scandalous. Now that being said, the hack captured all their email,
which haven't be released -- there might be something in there.

Stratfor's Article on the hack: <http://stratfor.com/weekly/hack-stratfor>

~~~
scarmig
I wonder if email theft will be the centerpiece of an era of what I would call
"information terrorism."

I use that term advisedly, though I know lots of people will object to the
t-word. It's not about killing people (though, when it comes to global
security, it's difficult to estimate the repercussions), but it is about
providing prominent public examples of what happens if you communicate in a
way that's publicly comprehensible. Which is to say, speaking openly behind
the walls of your organization with the (false) belief that your emails to
your colleagues are inherently hidden from a public view.

This creates a huge overhead to communication. We've all written emails that,
when a phrase is taken out of context, can bring massive scandal and disrepute
on you and your organization. (See, for instance, "hide the decline" or
"trick.") So the only option is to clamp down on communication, and when it
does happen rely on mealy-mouthed or specialized language whose real meaning
no one except the two speakers can understand.

This won't lead to the ossification and death of corrupt organizations that
rely on secrecy, contra Assange. It will lead to a Straussian world where all
real information is just hidden from the public and kept as public secrets
that only the elite are privy to, instead of available to anyone through media
like Stratfor.

~~~
dantheman
I wouldn't use the term terrorism, because it's meaning was difficult to
determine before 9/11 {freedom fighter or terrorist, you be the judge} and
it's only gotten worse since. Plus it's politically loaded, right now is used
to strip people of their citizenship, indefinitely detain them, torture them,
etc.

As far as Assange's goals, iirc he was trying to increase the cost of secrecy
and corruption; which you seem to think will happen.

As for the climategate emails, I'd say the more interesting portion was trying
to block the publication of various scientists they disagreed with.

Lastly, this is a simple problem to solve via encryption. Perhaps attacks like
these will have some good in that encryption products will become easier to
use. Microsoft outlook is very easy to use with PKI, we need to come up with
in the browser to do encrypted webmail.

~~~
stfu
Plus people are (or at least I am) willing to pay for encryption products or
services just because it is some sensitive area. Especially for cloud services
a client based encryption option would be extremely useful.

------
dantheman
Excellent response to the hack: <http://www.stratfor.com/hacking-news>

