Question...
... what platform did this take place on? Was it Winblows?
While L-tryptophanics were tucking in on Christmas day, private intelligence group Stratfor Global Intelligence was watching its reputation dissipate after online attackers copied e-mails and client lists. On Christmas Eve, the attackers announced that they had broken into Stratfor’s systems and obtained access to 200 GB of e- …
It is still not exactly easy to keep a Linux box patched to the latest versions, if you have trouble with the command line. You should not confuse your command line skills with those of a "political scientist". Probably this whole "stratfor" thing is a one-man show, with that one man not being a seasoned system administrator, but a guy struggling to just make it "running somehow".
A properly locked-down linux system is indeed very secure, but it still requires that proper practices, such as password, creditcard encryption and salting are used. Which apparently was not the case.
Agree with your general point about a badly maintained Linux server being just as vulnerable as a badly maintained Windows server. But you are wrong to be making assumptions about Stratfor. I can't speak for their admin side but they're definitely not a "one-man show". They're pretty good at what they do - strategic forecasting. Shame about this, though.
People who break into computers are not hackers. Calling them that is akin to calling somebody who breaks into a house a builder. Though I can apprecieate the confusion in a World were we call people who are professional money investment experts - bankers, and people who steal money - theifs were infact percentage wise of theft is actualy bankers.
That said major respect for factualy reporting this and not like all the others who are labeling this upon anonymous group, who themself have admited it was not.
...people who gain access into other people's computers through unofficial channels are, by definition, hackers. That said, there are hackers (white-hat, ethical hackers--legitimate security researchers, penetration testers, etc.) and there are hackers (black-hats, crackers, government and industrial spies, etc.).
Re: "The term Hacker far predates linus' ego."
Actually, Linus himself thought to name it "Freax". The name "Linux" was coined by a guy called Ari Lemke who first put the nascent sources online at the nic.funet.fi FTP site. I wonder if the history of computing would have been different without this name change. Who would have dared to run enterprise systems on something called "Freax"?
(Google for "freax linux" to get links to the story).
A hacker is somebody who codes for the Linux kernel.
Yes.
And the netbsd kernel. And RISC OS low level. And Windows low level. And who implements a working SCSI chain on 8 bit hardware, or gets a microcontroller to talk to an SD card, or correctly implements USB on a TI device from the ground up, or... [and special kudos to the guy that built a processor out of discrete transistors, You Are God!]
Frankly, if you can look at assembler and understand wtf is going on, you can call yourself a hacker. From 6502 to parallel GPU, it doesn't matter. "Hacker" is a platform agnostic term.
And people that do nasty crap like that described in this article are supposed to be called "crackers" (as they are...) so that mere mortals with zero clue about geek issues don't run and hide when you mention the word "hack". I mean, if they don't know what (non-criminal) hacking is, how the hell are they going to understand this stuff about hat colours?
Actually, Charles 9 is misinformed and the following AC is poorly informed.
According to Internet documentation http://tools.ietf.org/html/rfc1983
hacker
A person who delights in having an intimate understanding of the
internal workings of a system, computers and computer networks in
particular. The term is often misused in a pejorative context,
where "cracker" would be the correct term. See also: cracker.
http://dictionary.reference.com/browse/hacker
Definition 3B: a microcomputer user who attempts to gain unauthorized access to proprietary computer systems.
Like I said, this definition DOES NOT imply an unlawful intent, since a white-hat hacker would be doing the same thing but for legitimate reasons (such as being hired by the owner of the system being penetrated).
As for "cracker", which I also mentioned, that DOES imply malicious intent since a cracker's intent isn't just to penetrate but to DAMAGE as well.
Since we both have authoritative sources (yours an Internet RFC, mine an official dictionary), we'll have to say BOTH are correct.
Dear fellow pedants,
like very many words in english, hacker, and to hack, have multiple definitions.Those of us who have used the term in a positive sense for the last 25 or 30 years to describe a style of code and system manipulation just have to live with it also being used to describe certain unethical behaviours.
Thank you: someone who can divorce themselves from pedantry.
Take the word nuts. Does it mean a fruit from a tree, testicles or somebody who is suffering from mental dysfunction. Depending on context, all three are correct - though perhaps not politically correct in at least one case....
What we should be much more concerned about is how they got in and why the data were not secured. The word we choose to label these people is just noise on the periphery.
Actually, a bit more information about who Stratfor is and what do they do would not have gone amiss. Yes, some here are more informed then others - but that is no reason to just assume everybody who reads a particular article is already heavily into whatever information niche the article is about. Different readers have different favourite subjects - and it helps to provide some basic background information for completeness sake.
Just sayin'.
@AnonCoward
Odd, when I was young and 'hacking' for GODs and PBXs through Genie,Tymnet and UUNET. Linux hadn't even been created yet. Wonder what we were doing? Oh well. That being said, it was never for malicious purposes. Being detected was the last thing one wanted. It was all about the fascination with computers and technology, never harm to others. But the world doesn't stop for anyone does it?
StratFor (Strategic Forecasting) is a company based in Austin, TX that was founded in 1996 by George Friedman. It has approximately 110 employees and provides, by subscription, intelligence on politics, terrorism, business strategy and finance to governments and businesses around the world.
You probably shouldn't care that they can't secure their network - unless you view it as a learning opportunity or an amusing incident.
Fair point.
Stratfor are a news analysis and interpretation organisation with a reputation for apolitical, reasonably objective and unbiased assessment; their primary aim is to provide STRATegic FORecasting for corporate and other clients.
Most of their information comes, as they themselves clearly say, from freely available public sources - the 'added value' is the interpretation, provided by a team which includes various specialists and ex-intelligence agency analysts. And of course, it means that subscribers don't (for example) have to trawl the Arabic or Asian press for local views, official or otherwise. They are regularly cited by fairly serious news outlets like the NYT, the Economist, CNNi and such.
Nevertheless, I suspect that the vast majority of those whose details have been lifted - of whom I am one - are individuals who appreciate their assessment of world affairs, rather than governments or spooks.
Thanks to Anonymous, I'm out of pocket on this - having had to cancel and re-order a credit card, despite its not having been used for unauthorised transactions - and have had a lot of extra hassle while away from home over Christmas. Ho ho bloody ho.
I'm sure their clients will value that excuse greatly.
By the way, does this mean that Stratfor is inclined to use faith-based protection ? Because I wonder if that line of defense would hold up in court. Somehow, I am inclined to think not.