Anonymous Hacks Again Hackmas Gift 4 Charities

UPDATE: 12-30-2011 (CentOS) is the OS that the Victims of the Duqu worm -Diagram -(son of Stuxnet).

Anonymous hacks Security Firm Stratfor Global Intelligence

Provides strategic intelligence on global business, economic, security and geopolitical affairs.

gAtO sMiLe – Hackers Breach the Web Site of Stratfor Global Intelligence. gATo did a goole search on Stratfor_com. As you can see the site as of Sunday night (12-25-2012) 2310 hundred hours it’s still down. The part that got gAtO 2 sMiLe is that the other links from google point to “default- error page”.  For a security firm they have done everything WRONG that they could after the HACK.

These error pages from a Google search gives away the OS  ((CentOS) Server) that they are using the Version of  (Apache/2.2.15)  also the the nomenclature they use in their Directory structure. This is a wealth of information to give any hacker to start hacking then next time (there will be a next time 4 Stratfor ) . A security firm should at least have a disaster recovery plan well Stratfor Global Intelligence has none.

Example: From Google click on Careers, ABOUT Stratfor, Geopolitical Weekly or any othe rpage and you get an error page with all kinds of information for any hacker during information gathering before the hack. 

From a simple google search:

(CentOS) Server

 

 

 

 

They use CentOS: – Check out their bug report page: –http://bugs.centos.org/view_all_bug_page.php

stratfor.com/subscibe error code show lots of Information about any site. A good web designer would of hiding this information to keep a hacker from knowing my information

This site list the bug reports for Cent(OS). A wealth of information for a hacker.

Apache/2.2.15

http://httpd.apache.org/security/vulnerabilities_22.html

You can see that if you need to hack Apache just scan for CVE-2022-3368 and CVE-2011-3348 and these are for version 2.21 and 2.2.22 they are running 2.215. To gAtO it looks like they may not of done proper Patch management to keep up with updates.

 

 

“Anonymous” claimed Sunday to have stolen thousands of credit card numbers and other personal information belonging to clients of U.S.-based security think tank Stratfor

 

I read that they did not encrypt their subscribers credit card so a few people have made charitable contribution from their credit cards on .stratfor. Why do companies that have credit and personal information not encrypt them. This is a no brainer, if I have customers information and I’m a security company why is my website so bad and open to hacking so easily.

 

Anonymous said the client list it had already posted was a small slice of the 200 gigabytes worth of plunder it stole from Stratfor and promised more leaks. It said it was able to get the credit card details in part because Stratfor didn’t bother encrypting them – an easy-to-avoid blunder which, if true, would be a major embarrassment for any security-related company.

 

Hours after publishing what it claimed was Stratfor’s client list, Anonymous tweeted a link to encrypted files online with names, phone numbers, emails, addresses and credit card account details.

 

Anyway gAtO just wanted to point some of these things out I just don’t understand it why these big shot Security firms scream so loud about hackers, maybe because they do such a bad job that they think that laws may help them but this damage of reputation may bring this company down.

The problem that gAtO has found is these big shots thing that they hire anyone that has a security clearance or a certification. These people have no real knowledge of what a hacker does but what’s in the book. When you read it from a book today it’s outdated before it’s been printed and the hackers are on to newer stuff. Companies cannot think if they are compliant and within regulatory that will stop a hacker, they think that just because it has n0t happened before and it looks impossible to you the hackers know all the same in-the-box stuff that everyone else does. So you better understand were the new information is coming from and keep learning every day. Cyberspace is not going to stop evolving so security people better not stop and, they need to always keep an open mind and think of the impossible and protect you data. It may be what keeps your company from going under with just one hack

gAtO_oUt

Directory Structure: just add strafer.com/xxx

/weekly/friedman_on_geopolitics

/analysis/20111028-mexicos-cartels-draw-online-activists-ire

Not Found

The requested URL /analysis/20111028-mexicos-cartels-draw-online-activists-ire was not found on this server.

Apache/2.2.15 (CentOS) Server at http://www.stratfor.com Port 80

Not Found

The requested URL /careers was not found on this server.

Apache/2.2.15 (CentOS) Server at http://www.stratfor.com Port 80

Not Found

The requested URL /weekly/20111212-russias-plan-disrupt-us-european-relations was not found on this server.

Apache/2.2.15 (CentOS) Server at http://www.stratfor.com Port 80

Read More:

http://www.huffingtonpost.com/2011/12/25/anonymous-stratfor-hack-hackers-hacking_n_1169268.html

http://www.nytimes.com/2011/12/26/technology/hackers-breach-the-web-site-of-stratfor-global-intelligence.html?_r=1&hp

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: