Following a series of highly publicized cyber attacks that occurred over the holidays, Stratfor today launched a rebuilt version of its website.
During the attacks, hackers stole and released personal information of Stratfor customers, including credit card data and hashed passwords. Attackers also managed to destroy company servers in what, Stratfor says, appeared to be an attempt to silence the company.
In response, Stratfor said it contracted Internet security firm Sec Theory to rebuild its website, email system and internal infrastructure.
One thing that was obvious based on data released by the hackers, and that Stratfor admitted to, is the fact that it didn’t encrypt credit card data stored on its servers. “We did not encrypt credit card files,” said Stratfor CEO George Friedman. “This was our failure. As the CEO of Stratfor, I take responsibility.”
Following the breach, approximately 860,000 passwords hashes were leaked, with several individuals and groups making a run to crack as many as possible. The Tech Herald was able to quickly crack 81,883 passwords, noting that 49 of them were single characters, and 51 were 15-23 characters long. Still a work in progress, many more passwords have been cracked since.
Stratfor also hired Verizon Business to conduct a forensic review of the hack and said that it was cooperating with the FBI on an investigation.
“We are now in a world in which anonymous judges, jurors and executioners can silence whom they want. This is a new censorship that doesn’t come openly from governments but from people hiding behind masks,” Friedman said.
Stratfor said it has offloaded its e-commerce operations to a third-party, eliminating the need for Stratfor to store credit card information in house.
The company said that it will communicate with subscribers about how to obtain new, secure passwords over the next few weeks.
Stratfor originally downplayed the hack of its systems that was credited to Anonymous in support of the AntiSec movement.