Report: Analysis of the Stratfor Password List
Category: Health, Science & Technology
Via: the-irascible-harry-krishner • 13 years ago • 7 comments
BACKGROUND ( From Wikipedia ):
About Stratfor:
Strategic Forecasting, Inc., more commonly known as STRATFOR, is a global intelligence company founded in 1996 in Austin, Texas by George Friedman who is the founder, chief intelligence officer, and CEO of the company. Fred Burton is STRATFOR's Vice President for Counterterrorism and Corporate Security.
STRATFOR has published a daily intelligence briefing since its inception in 1996. . . Before the end of 1999, however, STRATFOR had introduced a subscription service through which it offered the majority of its analyses.
At the time of the September 11, 2001 attacks, STRATFOR made its "breaking news" paragraphs, as well as some notable analyses predicting likely actions to be taken by al-Qaeda and the Bush administration, available freely to the public.
2011 hacking incident
It was reported on December 24th, 2011 that members of Anonymous had stolen emails and credit-card data from STRATFOR's web site. According to the one page that remained at STRATFOR's web site, the "Site is currently undergoing maintenance[:] Please check back soon".The hackers claimed to have retrieved the company's client list and used stolen credit card information to make donations to various charities.
The hackers claimed to have retrieved over 200 Gigabytes of data. The hackers stated that Stratfor was "clueless...when it comes to database security". ( Link) .
THIS ARTICLE (" Analysis of the Stratfor Password List "):
The Tech Herald has examined the list of 860,160 passwords hashes that were leaked, and the results of our tests were both expected and pitiful.
Were sorry to report that the state of password management and creation is still living in the Dark Ages. The statistical breakdown of the passwords below should shock no one.
So what do we mean by passwords that are personal in nature? Some of the cracked passwords leveraged names (Hanna, Robert, or James), important dates (19871987, or 1996linda), or personal markers such as blink182 or 1996ford.
Password recycling, as in using the same password on multiple accounts online, has been proven a serious security risk.. . ( Cont'd ).
Tags
Who is online
81 visitors
I know that this applies to personal as well as other online users. Between work, my PC and the sites I visit on-line...it really gets to be a drag having all these passwords. But it's worth it to stay secure.
What I finddisturbingis that this is anintelligencecompany!
Actually, looking at the infirmation in the article, I picked up some ideas re making my own passwords more secure.
I now use two different types of passwords. For sites where security is not really so important, i use "passwords that are "easy to remember'. But where security is important (mainly financial sites such as my online bank acct) I use very secure passwords--- not easy to remember (I write them down and keep in a secure place at home/work).
Pretty amazing, eh? Butpeople do foolish things-- even professionals who should know better.
It makes me re-think my ideals about hackers (whom I have in the past relegated to the 3rd level in hell), it's good that this hack by Anonymous has revealed the flaws in Stratfor's security.
Hopefully they (and others!) will learn from this.
yeah exactly; there is no good reason or excuse for companies like Strafor to not be super-secure.