Stratfor relaunches site post hack attack

Stratfor is officially back but its servers are heavily burdened due to its offer of free access. Stratfor CEO criticized the attackers for targeting the company, an email said. Stratfor aka Strategic Forecasting is back online after it was hacked into last month.

The new site

Stratfor relaunched  the new site on Jan. 11 exactly 18 days after the hacking group Anonymous hacked into its servers on Dec. 24. The hackers hacked Stratfor’s servers and took away data related to its subscribers and also defaced the site. The information that was dumped online included 75,000 credit card numbers and 860,000 usernames and passwords. Almost 50,000 of the addresses had a .mil or .gov domain. According to a Stratfor spokesperson there was going to be a delay with the site re-launch. The company planned to bring in a team of consultants and experts to tackle the security issues. The company further decided to move all credit card management activities to a third-party company so that customer data remained secure.

According to George Friedman, CEO of Stratfor “This was our failure,”. “I take responsibility. I deeply regret that this occurred and created hardship for our customers and friends.” “I felt bound to protect our customers, who quickly had to be informed about the compromise of their privacy. I also felt bound to protect the investigation,” Friedman said. The FBI had informed credit card companies of the breach and had provided a list of compromised cards, so “our customers were therefore protected,” he said, adding, “We were not compelled to undermine the investigation.” “This attack was clearly designed to silence us by destroying our records and the website,”.

What went wrong?

Apparently Stratfor had failed to encrypt credit card data and had stored the information in cleartext. After the passwords were analyzed, it was seen that security practices were not followed.There was no check on passwords when they were created by users.

Friedman further added “We were no longer an organization that analyzed the world for the interested public, but rather a group of incompetents, and conversely, the hub of a global conspiracy,”. According to him the media had publicized “incompetents” part while the hacking community focused on the “global conspiracy” part.

Relaunch offer

The complete story

Razer co-founder Min-Liang Tan’s statement says”As you can imagine, the return of these prototype units is very important to the company,” he said. “We have already reported this to the authorities who are working closely with us on this matter.”

“We take this act of theft seriously and would like to appeal for its return and discourage anyone from buying the Razer Blade prototypes from the perpetrators, whether online or otherwise, as they are stolen property.”

Razer came up earlier this year with a ultra-thin laptop, called the Blade– a $2,800 laptop that’ is not even an inch in thickness and weighs less than 7 pounds.

The break-in

Apparently the thieves had access to the building as it was not exactly a ‘break-in’. They seem to have entered the lobby and quietly nicked off the two laptops. What makes this case more interesting is that none of these laptops were completely functional, so looks like the robbers were not that lucky.

A great loss to the company

Speciality of this Razer laptop was the touchscreen on the right where generally the number pad is located. Razer is requesting the thieves to return these laptops as they contain a lot of diagnostic data. These laptops were getting tested that weekend. Customers are being requested not to buy any such laptop if they are offered one for sale or come across e-bay or craigslist.

Investigation

Police are investigating thoroughly every employee at Razer who swiped their security cards that weekend, in hope to catch the thief. Access logs are being checked out too. Razer has further asked that they are to be contacted about the break-in and/or missing prototypes on the following email “cult@razerzone.com”.

Was this just a publicity gimmick? Did Razer secretly want this? What did Razer have to say about it?

Razer has flatly denied these speculations and provided details about the theft. Razer has further stated that it won’t delay the release of the product because of this theft.

Alertsec offers good encryption service

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software. Encryption is the only secure method for complete protection of data stored on your hard disk. Today laptops are overtaking desktop PCs as the major source of computing and media storage, laptops frequently store an organization’s most valuable information. Thus laptop encryption is becoming more and more important.

Razer's CEO Min-Liang Tan hopes for the return of the laptops

For any company, data leaks are a huge worry, especially when so much personal and business data is stored. Most companies know they have information that is vital to their survival and that could damage the company if it falls into the wrong hands.

A survey has revealed that insider data theft is rife in the UK and theft of data by employees is common in UK companies. The most common methods of stealing the data were USB memory sticks (23%), personal laptops (23%), other portable storage (19%), mobile phones (13%), some 72% of more than 1,000 UK employees polled by security firm Imperva admitted taking data from an employer. The survey found 26% had stolen customer data, 25% had removed HR records, 25% had taken marketing data and 10% had lifted redundancy lists.

Almost half of those polled were aware of at least one colleague who had stolen data, and 69% believed a competitor had received information in this way. Intellectual property was the prime target, followed by customer information, the survey revealed. Faced with redundancy, 37% of respondents said they would want to take information with them, but that jumped to 70% if they knew they were about to be fired.

The most obvious problem is a lack of effective controls and data securityh software within UK companies, with a quarter of those polled saying their organisations did not restrict their access to sensitive information, and where there were controls in place, 44% of employees said they could get around these measures. “Companies are their own worst enemies, and this study confirms that,” said Amichai Shulman, chief technology officer at Imperva.

This is especially important because 59% of those polled said they would take information because they believed this information was rightfully theirs, including employees changing jobs. To overcome this and curb the loss of data to competitors, employers need to understand the problem, and define what constitutes intellectual property and why they retain ownership, says Shulman.

They need to re-examine what restrictions they have in place as a matter of urgency because they are not doing the job and are being circumnavigated, he says. According to Shulman, many businesses need to create policies that cover what is sensitive information, what is unacceptable behaviour, and what the penalties are for breaching such policies.

Another area of policy that companies typically neglect is regarding the removal of corporate information from personal devices when people leave. Some 85% of respondents said they had sensitive data on their home computer or mobile, 75% had a customer database, and 27% had some form of intellectual property.

But the survey found 60% of organisations did not have a policy to cover the removal of corporate information from personal devices as employees left the company and a quarter did not have any controls to restrict access to sensitive information.

Shulman believes that once UK law requires companies to report data breaches, there will be a growing awareness of just how much data is lost through employees in the course of normal business. “Effective tools will enable organisations to express their data protection policies rules based on the information they want to control,” he says.

How Alertsec Xpress Would Have Helped

In an incident which highlights the need of a data security and recovery software, the threat could have simply be reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Related articles

• All The Dirty Laundry Comes Out (lockergnome.com)
• Imperva warns of rise in Stuxnet hacking threats (v3.co.uk)

Laptops & mobiles worth more than £240,000 have been lost or stolen from the BBC over the last two years, a Freedom of Information Act request from an IT security company has revealed.

The equipment stolen from BBC or lost during the period from April 2008 to March this year included 146 laptops, 65 mobile phones and 17 BlackBerrys. The value of the missing laptops has been estimated at £219,000, the mobile phones at £12,913 and the Blackberrys at £9,106, according to BBC reports.

This comes to a total of £241,019, or the equivalent of 1,656 colour TV licenses costing £145.50 each, although 9 equipments, worth £23,450 were recovered.

The F.o.I. request also revealed that a BBC employee was investigated over the theft of a laptop, but whether a disciplinary action was taken against that employee is still unclear as the corporation could not confirm it.

The General Manager of the IT security company said “it is shocking that any organization could lose so much equipment, but the BBC is just one of many we’ve seen recently, proving it’s all too common.

“In this case, however, this technology is paid for by the license payer and employees should be far more careful about how they handle it.”

A BBC spokeswoman added: “The BBC takes theft very seriously and has implemented a number of measures to reduce the level of crime.

“The portability of laptops and phones means that in any large organization there is an inevitable risk of theft.”

Moreover, with the devices, the invaluable data on them was also stolen. Sure, the hardware theft is covered by the insurance in most cases, but the data lost in the theft is almost never recovered.

How Alertsec Xpress Would Have Helped

If you use a data security software a theft would simply be reduced to an insurance matter and cost of the hardware plus time to rebuild the laptop. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Businesses like HSBC are doing the right thing by looking out for their customers’ safety. Additionally, the move has generated lots of free positive press and helped put the bank in a positive light. The promotion is also low cost and affordable, making it a smart business decision. HSBC’s actions are commendable, however, it’s unclear whether the organization is fully protecting itself. Security experts are questioning some of the bank’s website features and the choice of Rapport as the security provider. The criticisms serve as a reminder- it’s crucial for businesses to defend themselves in every way possible to be fully prepared for the future. When it comes to a business’s security, there’s no such thing as being over-prepared when dealing with the Internet.

Spreading Your Resources

A company like HSBC usually has several separate budgets to cover expenses. These range from amounts allocated for administrative costs to figures backing the latest marketing campaign. HSBC’s move showed an in-depth understanding for business strategy. It’s important for companies to work on promoting a fully integrated message- one which shows how all of its different areas work together to create a great product. HSBC spent money to provide customers with free security software and the purchase helped decrease the need for spending in marketing, advertising, public relations, and even recruiting! After the media picked up the story, HSBC can sit back and enjoy its investment.

However, it appears the company standpoint on security fell short- an analyst at a rival firm crictized HSBC in an interview with eWeek Europe:

Cluley …questioned HSBC’s decision to allow banking customers to save their user ID on their browser. Rather than entering the ID every time they access the site, user’s can choose to have their browser remember the code.

“Certainly I wouldn’t feel comfortable if my online banking password was being remembered for me in this fashion,” he told eWEEK Europe UK. “A home computer may not be ‘public’ or ’shared’, but it can still be stolen or a dodgy workman might have access to it. My suspicion is that security and usability have once again had a wrestling match, with those who want less support calls from forgetful consumers winning.”

It’s unclear whether Cluley’s claims are well-founded; a representative of HSBC explained that the ID saved requires an additional password and exists as added convenience. Nonetheless, organizations need to evaluate how their budgets are being spent and make sure that security is well funded. A firm protected by Alertsec Xpress would be able to use advertisements to promote its business’s high level of security and market itself as a safe organization which uses encryption to protect customers. Companies should explore how their security spending is connected and find the strings which can be cut.