there are thing with which you get attention
but probably he didn't want the attention from the police and copyright services when he upload a pre-release album from the Kaisers
our national Sabam saw it an went to court
when it became clear that the man had a few hundred movies and a few hundred albums a hundred other copyright owners joined Sabam in the complaint
the judge ruled that the man should pay around 65.000 euro but that he wasn't guilty of commercial pirating of this kind of stuff
sometimes, you better think twice
and never think that nobody can find you
and stratfor.com itself is giving all the analysis for free for the time being - it is the kind of Economist stuff
the analysis of the hack itself is very poor and shows that you shouldn't employ them to try to understand Anonymous or any other activist organisation (as there are some mindsets necessary to understand what it is to be an activist)
they have rebuilt the systems more secure (first too little, but you can't rebuild a totally hacked server, you have to throw it away and re-install it on new infrastructure, you never know what may be lurking out there somewhere that you didn't think off - so there is a risk there.....)
another very surprising thing is this " The emails are private property. Like all private emails, they were written casually, with no expectation that anyone other than the sender and recipient would ever see them
uhhhh, you are collecting intelligence and information through email with sources all over the world and you expect that because those emails were between persons that no government, agency or any other interest party would do nothing to get an hold on them, read them and eventually leak them ?
where are you living as an analyst ? Wonderland ? It is this casual attitude which has broken the company.
Because when it went from analysis of more or less public information to recruiting resources to get more private and important information the goals, workings and importance of the information and contacts had changed and so the securitysituation had changed and so security should have been adapted before.
so you will not only have to change the infrastructure and buy some products to secure your information from end to end but you will also have to change the total business culture and workflow (and inject enough paranoia in it)
It is as if you are going with an old caravan to participate in a F1 car race.....
stratfor may be a joke, being an informer for it may be not (maybe it was a social engineering front)
several articles are being published saying that stratfor is in fact a joke and that its marketing campaign saying that it was the private CIA was just overblown crap and that The Economist is much better and cheaper (which is true, The Economist is a must to read if you care about facts, analysis and reflection - even if you don't agree)
but this is not the question a securityperson would care about
first it is the best example that security and investing in security (and all the solutions exist now) is the first thing such a company should do (it will not survive if it is not secure enough). How can you say that you trade in secrets and confidential research if you don't have the business culture to keep it secret and the tools to guarantee its security over time (for starters, emails from years ago should have been archived and locked up)
but secondly being an informer for stratfor is maybe not a joke
if you were an informer for a joke like stratfor in these wikileaks-sensitive times, who else would you be willing to inform or enlight about something and against which price or under which circumstances
if stratfor wanted to make real money it was as a social engineering front trying to find out who was reliable, who was made of the real stuff, who could resist even the simple temptation, who would spill the beans, who was desperate for money or attention
thousands of people around the world and hundreds of organisations and institutions and businesses are now finding out who is a risk and who just gave them public knowledge and understood the risks
it all depends on the kind of institutions, the level of access, the risk one is prepared to accept
most of the times, it will not be explained this way, there will be re-organisations, security-audits, new levels of access and re-assignment of information to higher levels, new missions of tasks with not much access to the network or the office (and so on)
in very secure or trusted institutions and organisations or services there will be no doubt because that is part of the engagement and part of the risk one took when one wanted to go to work for such an institution or service, you have breached security and trust and whatever you did, you have lost the necessary trust to function
btw every intelligence firm now has more analysts than spooks or operatives
the question the new mails will have to answer is if Stratfor was also involved in (planning or preparing) black operations or why would they have to collect information about activists for big multinationals and in which case they may have breached an international, US or national law
but there are also European firms involved
the technology can be great for the security of internal networks but there is no way that the same technology should be used with the same purpose on the global internet against citizens because if they fall into the wrong hands or begin with acceptable goals (like the traditional pedophile argument) but after some time are used for other purposes because of mission creep (or special circumstances like a big terrorist attack) than that is dangerous technology
one could say that the technology is not really working as it should if you see the number of videos that are coming out of Syria each day
but it is probably used on a daily basis to find critics and citizen journalists or locate them (so the snipers and tanks know where to hit them)
and here it is not an accident, Bluecoat and the European firms were well aware who they were selling to and what the regime would be doing with it and what the consequences would be for the victims of that spying
a bit like IBM and hitler when it helped with Microfiches implementing his final solution (even if they are still doing everything to get that book out of any public attention)
and no the Syrians were not bombarding their own citizens and killing daily around at least 100 people but there was no doubt that the regime would be able to do such a thing
this must have been the biggest SLA research anytime
The researchers said in an examination of 6.4 million distinct X.509 certificates and PGP keys containing RSA moduli, 71,052 (1%) occur more than once, some of them thousands of times. "Overall, over the data we collected, 1024-bit RSA provides 99.8% security at best," the paper states.
now it still means that your security is high
but if you are a really important security intelligence financial or critical infrastructure or military or espionage service than there is a problem
because if you have the same key or certificate as any other service than that key can be used to impersonate you or your service - under certain conditions and the most important is that you have bought strong and expensive certificates (not just a global domain or just for the ip address or other worthless certificates like that - make believe certificates)
and no one will see and everybody will think that they are safe - because encrypted by a certificate
now the biggest and most valuable information in the world is
getting the list with all the certificates that are the same
the best thing to do is to change them all
and for RSA - who has some issues with the research (but it is too late for that) - to start checking themselves all their certificates with software robots to be sure that by chance or bad luck no two certificates are the same or could be used as such
yeah attacks against the certificates are going to continue and it is up for the business to get their act together - instead of complaining that rats are getting in through the holes or that researchers are discovering weaknesses they should have addressed already long time ago
meanwhile about 12OOO networks and installations are receiving an alert that they will have to change their certificate and re-install another one, although this isn't always that simple (to make and process) and to install and eventually in an interconnected network get the different certificates to work together (especially if some are playing with openssl ....)
but it is race against the time .....
anyone with some very fast computers and networkconnections can do exactly the same research (eventually helped by some special program) so it means that the same mistake can't be made again (one will have to check eventually if the same key has always be made 'ad random' before releasing it). People know that it takes a few days before you receive effectively your certificate, so it would be no problem prolonging this a bit with a full check of the certificates already delivered
when Anonymous activists hacked the servers of Stratfor they couldn't know that they had hit the jackpot
it is the mother of all private intelligence companies that just as the private army industry was beginning to spread its wings into every corner and aspect of the international policial, military and economic aspects (and through a side- aspect trying to make lots of money by using it on the stockmarket - if this ain't abuse of knowledge (imagine the CIA playing on the stockmarket and making money because it knows things that are going to happen)
and so Wikileaks has found a second life
after the publication of the nearly one million accounts and information about its users (making it the most important breach anytime because they were nearly all contacts with access to high level networks and services)
the whole database of 5 million emails has begun - in parts
and it is really amazing stuff
http://wikileaks.org/gifiles and you can download all 5 million of them at once (26 Giga of files) and if the mails already published are representative, this is the biggest security breach of all times - can you imagine the thousands of sources all over the world - of which some were paid through swiss bankaccounts - who are now having to
* explain all this to their colleagues
* take their bags, their family and leave immediately before the secret service of their country has downloaded and analysed all these files and found their names (yes those amateurs gave full names and functions of all their sources in these unencrypted mails)
* people who will lose their jobs, their social influence, their reputation, their access and the trust of many - even if they were more manipulated than they seemed aware off - and even if not everybody has the necessary intelligence to look through flatter, dinners, speaking engagements and intellectual exchanges between analysts (some wiser people became very cautious when they began to understand that the firm had privileged links to the US Intelligence and military community (as they call it now))
In some of the files released today you read really stuff and language you only read in CIA training material (or any other spook(y) organisation)
If this is a source you suspect may have value, you have to take control od him. Control means financial, sexual or psychological control to the point where he would reveal his sourcing and be tasked. This is difficult to do when you are known to be affiliated with an intelligence organization. The decision on approach would not come from you but from your handler. This is because you're position is too close to the source and your judgment by definition suspect. Each meeting would be planned between you and your handler and each meeting would have a specific goal not built around discussing the topic of interest which would ideally be hidden but in analyzing him personally and moving toward control.
The justification for the op would be specific classes of information and on gaining control the first step would be determining his access. If he failed the test contact would be terminated.
the problem of analysts in the field is that they tend to want to discuss the topic, which raises the targets awareness, rather than focus on establishing the control relationship.
So from a professional point of view this target knows your affiliation, understands your interests and you have not established any control which is defined as a high confidence in his obedience
and than if you read another mail, you read that someone went to a Turkish conference and during that conference established a lot of 'useful' contacts high in the military or in business circles
so this is not an organisation that is analyzing all the incoming information or trying to organise the discussion and input about information and analysis but this is a spyfirm infiltrating with the soft and corrupt approach in all kinds of institutions and business and trying to get as much as possible valuable information out of its 'handled' contacts and reselling it to their customers and/or use for their investments
but here is all out
all their contacts, all their strategies and thoughts, the way they handle people and the real way they think about people
the careers and securitypositions and access of tens of thousands of people is at risk here
they have shown themselves to be not secretive enough to give them access to any confidential information
let it be a lesson to all others with access to confidential information or knowledge
every analyst calling you may be really a spook or spy
it is all in a name, but sometimes it is just newspeak
you expect that a company that is working in the intelligence and securitybusiness and handles hundreds of secrets on a dialy basis was doing enough to keep them secured
shows you the importance of encryption, archiving and double authentification
after years of development and many millions of Euro in the drain the Belgian federal police has decided to stop the development of a new software and will go back to the more than 10 year old software that was being used before (and is still being used by the Belgian local police forces)
so where is the cop in this software project
who followed up or didn't
it only shows again that making software 'on demand' is just crazy and that the best thing to do to go forward is to use as much as possible standardized installations and adapt the workflow to use it as much as possible
THis goes together with the problems with the Informatisation of the Justice Department (also tens of millions of Euro going down the drain)
it is not that the technology is not there, it is that they are making too many big projects that will take so much time that they finally will go nowhere and that you promise to do anything for anybody so that in the end everybody is asking anything so that in the end nothing gets done (first)
Keep it simple or be stupid
The biggest City of Flanders, Antwerp will have a big electoral showdown fight coming october 2012 and the nerves have already reached the sky/limit and we are still months away (and 24hours can be years in politics)
now it seems that there was a database accessable to all the people working in cityhall on the internet that shouldn't have been there
it was a database with all the administrative and judicial convictions because of local reglementations and rules
the local administrator said that he had to deplace the file and didn't see that it was accessable to all
no harm done
but it shows that important information should be isolated in every way (hardware and access) so that it is always totally clear immediately that if it goes out of the cage, it will have no protection
even for an administrator in a hurry
it also shows the importance of double authentification for important information (where ever the information is place, you can only access it if you have the right usb stick or card or whatever you are using)
Sometimes titles are funny because they want to attract the attention but they are giving a totally wrong picture
there has been a lot to do about a computervirus (dnschanger) that is still infecting or has still infected about 5 million computers worldwide (just a small percentage of all computers and off all infected computers).
As you can read it, it means that this virus is changing the IP address of your dns server your computer is going to on the internet (or intranet) to find the server where the domainname (and ip address) of the webservice is hosted. This is a bit like a telephonebook. With your smartphone you don't remember telephone numbers, but names and the phone will use the number it has for that name. THis is the same with a dns server but with names of websites.
Now imagine that some virus changes the phone numbers you use most often to be redirected though and expensive international rerouter and makes you pay some cents for every connection. Well this is what dnschanger does.
Now imagine that the police (in this case the FBI which is more and more playing the role of international cybercop) confiscates this telephone rerouter and tries to inform all the telephone users that use it that their phones have been infected, which is what they have been doing for the last months.
The problem is only that the US judge has given the FBI untill the 7th of march the right to manage that server. The 8th of march all infected computers will lose their ability to connect to any internetservice because they won't have a dns server that works (as if all telephone numbers in your phone don't work because the rerouter service stopped working and your phone has forgotten all real telephone numbers).
I am not sure that this period will not be extended because there are still hundreds or thousands of US governmental computers in these listings (which says a lot about computersecurity over there).
Secondly the internet will not break down because even when some central dns servers that are used by tens of millions of people broke down some years ago, the rest kept working.
Just three tips
* time to install a free antivirus like avast (if you don't have professional information or do many financial transactions and are careful this is quite enough)
* time to change your dns to opendns.org which will also protect your computers against known malwaresites (see this as a firewall before your firewall) and if your country does any censoring based upon dns-traffic it may be possible to bypass that
* if you are responsable for an internal network you should have organised your internal dns traffic to be under control of your own dns server and your external internettraffic to be solely controlled by your own chosen dns servers (all other traffic will show infections and malconfigurations). If you would have done this, you would already have cleaned your network since november 2011.
and if you don't have internet the 8th of march
than it is time to spend some real time with your computer instead of using it only to surf the internet. You also go with your car to the garage, don't you ? well, your computer needs a fix.