Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[RedKing]

Over the weekend, they took down Stratfor, a pretty major private intel firm with government clients. Although the biggest surprise was that much of the info they scooped from Stratfor (including 75,000 names, addresses, CC nmbers and passwords -- mostly government/law-enforcement) WASN'T ENCRYPTED.

My guess is that Stratfor's head of IT security is looking for a new job today. Not surprisingly, ATF got a crapload of port scans and other suspicious traffic over the weekend. Screw you guys, seriously. Go mess with the spooks in CIA and leave us alone.

[Stargrasper]

It doesn't matter who you are, you are always constantly getting hit by people probing your servers and real cracking attempts.  Depending on what you are, it may well make sense to encrypt as little data as possible.  For example, your gmail is not encrypted to make it faster to access.  Google uses other methods to make it hard to find what a cracker might want.

The question really shouldn't be "why isn't this encrypted?", it should be "what security measures are in place?".  All I can say is, good luck dealing with the security breach.  It's hard to defend against these things when the crackers are getting paid more than the security guys.

[RedKing]

Considering that Stratfor was/is a major intelligence clearinghouse with multiple government/law-enforcement clients and a host of sensitive data...I would say damn near everything they touched should have been encrypted.

It's a major blot on the reputation of what had been a bellweather site.

[Stargrasper]

I'm not saying it's okay by any means.  Normally there'd be several levels of security around anything sensitive.  I was trying (and clearly failing) to make two points:

• There are other security measures than encryption that work quite well and are sometimes more reasonable.
• It really doesn't matter what your security is.  If it isn't in a hermetically sealed box, somebody can break in given enough effort.

Hope that clears up my intentions.  And hopefully these guys go through a thorough security audit.  There are always holes.  You need them so you can get to it.  You need to make them either hard to find or hard to pass through.

[RedKing]

No, I get that. Believe me, I get that. No counter-intrusion methodology is foolproof. But not encrypting SBU and classified data? That's like putting six padlocks on all your doors, then putting all your money and important documents in a big pile in the middle of the living room with a sign saying "STEAL ME".

[The Fool]

You have to admit, an intel company that allows their intel to be stolen has a problem. They should be using either an encryption or a complex cypher if their intel is valuable. Not modifying the information, or encrypting it was a mistake.