AntiSec, Stratfor, WikiLeaks, and Much Ado about Nothing

Wednesday, February 29, 2012

Infosec Island Admin

7fef78c47060974e0b8392e305f0daf0

The Compromise

Back in December Stratfor, a private “Intelligence” group was hacked by AntiSec.

The hack to date, has yet to be really discussed as to the means to it’s accomplishment, but, I suspect that as usual, it was an SQLi attack if not some other low hanging fruit attack that allowed access into the Stratfor systems.

Once inside, the kids had access to everything (allegedly) that Stratfor had. They proceeded to take what they wanted and then RM’d their servers/data/site. It was, for all intents and purposes to Stratfor, a nuclear detonation.

I say this not from the fact that they likely had no backups, and were scrambling to repair their online presence post the hack, but instead the fact that once the AntiSec kiddies dropped data, it became apparent that Stratfor had done nothing to protect its clients and employees data from being taken or, more to the point, had it been stolen, unable to be used with the use of encryption.

Instead, it was clear that they had not encrypted anything that belonged to the clients, but also were keeping PCI (Payment Card Information) as well on their servers against the rules of PCI AND were also not encrypting them as well. BOOM.

The AntiSec crew then set out to troll all those they felt needed attention (Such as Nick Selby, because he does work for the government) dropping all their data and credit numbers for anyone. They then proceeded to use those same cards to make donations to charities that they thought were a good idea to “stick it to da man”. Heh…

In the end though, they only really stuck it to the charities who had to face charge backs and incur fee’s for their trouble. This was not a win for anyone and even if AntiSec claimed then, as now to more “win” with WikiLeaks dumping their email spool.

The win here though, (dumping of the spool) for me, is to get a real insight (haha to use a Stratfor term) into how they (Stratfor) operated as a pseudo private intelligence firm. The outcome of all this reading for me? Pretty much what I thought of them before when I got their newsletters...“Ho Hum”

The Leak

According to Wikileaks there are 5 million emails that they are in possession of. They have torrented them as well as placed them on their site for all to look at. The intonation of course by the ever increasingly paranoid and fanciful group, is that these guys were BAD! They were corporato-governmental-greedhead-evildoers. PROOF positive that they were a “shadow CIA” and that we are all far better off because AntiSec and Wikileaks teamed up to out their misdeeds.

I have perused many of the emails and files that they came with and am left with an even lower opinion of not only Stratfor, but also of Wikileaks and ANYONE who really bought into Stratfor as a company selling “Intelligence” as a service. The emails come off as exceedingly trite, unprofessional, and generally grammatically challenged. Of course you could make the case that many of them were typed out on Blackberries likely while sipping latte’s, so you can perhaps understand the internet speak/poor spelling.

Overall though, I am underwhelmed with the emails. They only show poor choices of language, poor choices of data collection and vetting, and a stunning amount of hubris on the part of the company in it’s dealings with foreign nationals.

The one real question though, that it has left me with is this. Is this it? Does AntiSec or WikiLeaks actually have finished analysis reports somewhere as well? I ask because the reports that I was privy to when I had access to Stratfor were, well, “meh” as well.

I never once really felt like any of their subject reports were that great to be honest. I kept thinking that I could do just as good a job with a browser and Google hacks. So I never went any further to get anything else from them... Well, that and the exorbitant price scheme they had really made me want to just do it myself.

So, Julian… Sabu? You got any real sugar for me? Do you have actual finished reports for say Dow or DUPONT or a government official that you can throw out there to show me and everyone what Stratfor was really doing (as you claim by these emails of bribes and source manipulation).

Do you have anything? Or are you just offering another half baked claim of conspiracy and then failing to deliver on it again? These emails are just truly unprofessional and to me bespeak just how poorly this org was going about cultivating assets and analyzing raw intelligence *cough* they were alleged to be getting from “sources”.

So, let me sum up... What you have put out there... Doesn’t scream UBER SECRET PRIVATE CIA… It screams something more like “LOOK AT MEEEEE!”

Smell the desperation.

HUMINT, OSINT, and STRATFOR

Going through the emails I just kept saying to myself; “WTF? What? No real reports, just scuttlebutt from people and no real vetting of the data? Just gut hunches and who knows who and for how long? It was a morass of terrible conclusions, hints, and allegations that weren’t properly looked into by analysts by the way things looked from the emails alone.

Like I said above, there may in fact be more as well as some of these may in fact not even have been put there by AntiSec to sweeten the conspiratorial pot. However, generally, it’s just amateur hour here and that is disturbing.

While the masses may be unaccustomed to the intelligence game, some of us out there know a little bit more about how it works. While the likes of WikiLeaks rail about how they are all bad, using money and perhaps even sex to sway their sources, the reality is that this game has ALWAYS been played this way. Intelligence is a dirty business and crying about it in this way for me, is just naive on the part of WL and Anonymous.

That said though, let me clarify for you all here and now, the data that was being collected via the emails dropped were not state secrets as a whole. In fact, this was much more TMZ than CIA.

This kind of information does have its place in real intelligence work, but, the idea of trying to make out that the things seen in this dump are at all akin to what the CIA really does is just laughable. As is the notion put out there by the emails that Stratfor thought they were “the man” by paying assets that they could not really trust nor really had a good way of vetting.

My question is just how many of those guys/girls took the money and just gave Stratfor a bill of goods? How many of these “sources” were actually just people making a buck and selling snake oil?

For that matter I half expected to see LIGATT listed as a source….

No, much more of what I was seeing in the emails was scuttlebutt or in fact OSINT of the lowest order. They were actually citing other news sources in their emails! Uhhh, yeah that is real INTEL there. Sure, today a lot of intel comes from the news because they are there and are quick to report it.

 Quicker than actual intelligence officers in the field, because, they are “in the field” and cannot just pick up a phone and call Langley. This stuff though, was just riddled with suppositions and half baked theories which I am now pretty sure, made it into finished reports… And that is sad.

Overall, my impressions from reading the emails and not seeing anything else bespeaks an organization that was hungry for money, willing to do what it took to give their clients “reports” and throw caution to the wind as to the veracity of their data. This is not an intelligence agency in any way and certainly should not be looked upon as any great threat.

Much Ado About Nothing

So, there you have it. It really is much ado about nothing. The emails show a certain callousness as well as a greedy disposition (8k for a background check/dossier on someone? Holy WTF indeed!) Generally, I would be more afraid that their data was faulty and full of half truths than real solid intel from sources that they have cultivated.

In fact, I would go as far as to say someone like Jericho might want to check their stuff for plagiarism himself because I think they must have ripped off someone in the news somewhere along the way, but, that is just my theory.

This firm should be afraid now that it’s emails (if all theirs) show a company that is hamfisted in its approach to data collection and analysis as well as one that did not perform ANY due diligence for its customer’s sake.

That last bit there is really really important as well. Any intelligence agency kids, would in fact perform the due diligence to protect their sources and their customers data. See, when real spies let stuff like that out or commingle it in email spools, people tend to die.

*Another point I meant to bring up earlier... None of this stuff would appear all in one spool in a real intelligence operation*

This is all much ado about nothing and once again, the kids with Anonymous and Wikileaks have failed to understand the realities of the world that they now want to play in. Intelligence.

Where Problems Do Come Up

Finally, I would like to enunciate the areas where I think there are large problems for Stratfor from this dump:

  1. Bad data and poor vetting of sources
  2. Bad OPSEC and Security Hygiene
  3. Lack of controls other than tags in emails for classifying data
  4. Lack of proper analysis of information collected
  5. An utter lack of equanimity in their analysis and collection

Lastly, this email covering the new capitol fund company that they started has me wondering. Would this not be insider trading using espionage? How is this not illegal? Really? You are going to start a new wing of business that is connected to your private intelligence firm that will profit from the collected intel you gather?

*shakes head*

I suspect that the senate may want to look into that..

Oh... Wait... Seeing as they too are also in the throws of some insider trading scandal as well, maybe they will just leave that alone eh Fred?

I guess the lessons learned from this whole event are; Never trust a scorpion on your back crossing a river… And don’t take wooden nickels from Julian Assange. though, I guess Fred really says it all in one quote from an email linked below:

Therefore while Stratfor is committed to intelligence collection, it does not intend to be slavishly committed to it.

There you have it... Pretty much covers the matter huh? Where’s Gordon Gekko when you need him huh?

K.

 Fun reading from WL:

Sourcing Insights: http://wikileaks.org/gifiles/docs/97882_re-alpha-sourcing-insight-.html

EPIC QUOTE http://wikileaks.org/gifiles/docs/898587_draft-of-handbook-chapter-on-organization-.html

Cross-posted from Krypt3ia

Possibly Related Articles:
7679
Network->General
Information Security
Encryption PCI DSS WikiLeaks Anonymous breach AntiSec Stratfor
Post Rating I Like this!
A22d865efb1586145b9b6e7c6c7d9853
Sara Hald Very nice analysis. I too am not impressed with neither Stratfor nor the "scandalous" contents of the dump.
1330677133
6f11dfa37d387cd7c2099ebcd00bccdd
Laura Walker Stratfor was always a sort of Drudge Report for me - a bit of aggregate news in a tidy package - but not itself a source. Can't even remember how long ago I cancelled my account, but if I find my old username in there it will be fun to guestimate how old & stale it is by the handle.
1330692719
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.