UPDATE: Wikileaks Dumps First of 5 Million Stratfor E-Mails

The whistle-blower Web site Wikileaks has published what it claims are the first of millions of internal e-mails taken from the Texas based strategic intelligence firm Stratfor. 

The whistle-blower Web site Wikileaks has published what it claims are the first of millions of internal e-mails taken from the Texas based strategic intelligence firm Stratfor

In a statement on the Web site of Wikileaks, the organization published links to 167 email messages – a first installment on what it claims is a trove of5 million Stratfor e-mails stolen in a hack in December, 2011.The messages in question “reveal the inner workings of a company that fronts as an intelligence publisher, but provides confidential intelligence services to large corporations, such as Bhopal’s Dow Chemical Co., Lockheed Martin, Northrop Grumman, Raytheon and government agencies, including the US Department of Homeland Security, the US Marines and the US Defence Intelligence Agency,” the Wikileaks page states. Wikileaks coordinated its release with dozens of publications around the globe including Rolling Stone Magazine, McClatchy News, The Hindu Times and La Republica. 

In a statement released Monday, Stratfor called the publication by Wikileaks a “deplorable, unfortunate — and illegal — breach of privacy.” Echoing firms like Anonymous target HBGary Federal, it also warned that some of the leaked e-mails may be forged, but said it would not make any effort to sort out legitimate from illegitimate communications.

“Having had our property stolen, we will not be victimized twice by submitting to questioning about them,” the company said.

Though Wikileaks promotes itself as a whistleblower Web site, the e-mail messages from Stratfor were taken in an illegal hack by members of the anarchic hacking collective Anonymous. Anonymous has accused the company of being engaged in spying on behalf of, and in cahoots with the U.S. government, defense contractors and the media – charges that Friedman has strenuously denied. In an e-mail to customers, Friedman claimed the attack was an attempt by Anonymous and its followers to silence his firm.

Anonymous used a Twitter account affiliated with the group to take credit for passing the e-mails to Wikileaks on December 29, shortly after the Christmas Eve hack. Wikileaks .

Data stolen by the group has been dribbling out in the weeks since the comrpomise. On December 31, Anonymous released 75,000 names, addresses, credit card numbers and md5 hashed passwords for Stratfor’s customers, as well as more than 800,000 usernames, email addresses, and md5 hashed passwords for individuals who registered on Stratfor’s Web site.

Following the hack, a number of security problems were identified on Stratfor’s network. Among other things, account information and passwords were stored in clear text on Stratfor’s servers, or weakly protected with encryption.

The organization’s Web page also allowed account holders to create passwords as short as one character to secure their account

With the e-mails released, focus now shifts to the information contained in them. That could prove to be embarrassing both for Stratfor employees and their many private- and public sector correspondences, just as leaked e-mail from the D.C. firm HBGary Federal did a year ago.

Among the e-mail exchanges released is one between Friedman and former senior Bush Administration tactician Karl Rove concerning an effort to arrange a meeting between the Indonesian Ambassador to the United States, Dino Djalal, and the former President. Other e-mail messages include sensitve information on Stratfor customers paying the firm for “Protective Intelligence” services, and capture open-source intelligence sharing between Stratfor’s various regional operatives and headquarters.

In its statement, Stratfor said that the disclosure of the emails “does not mean that there has been another hack of Stratfor’s computer and data systems,” and that its data systems”remain secure and protected.”

The Stratfor publication comes almost exactly a year after the breach and at security firm HBGary Federal and the publication of tens of thousands of internal e-mail messages. Those e-mails revealed troubling collaborations on behalf of HBGary Federal and other security firms on behalf of organizations like the U.S. Chamber of Commerce. They ultimately led to the resignation of its chief, Aaron Barr


Suggested articles

Hey Alexa, Who Am I Messaging?

Research shows that microphones on digital assistants are sensitive enough to record what someone is typing on a smartphone to steal PINs and other sensitive info.


  • Anonymous on

    Spell check... "  credit card numberss "

  • Not Anonymous on

    In order to "remain secure and protected" the web sites must first BE "secure and protected", which was apparently not the case, Mr. Friedman.  

    How convenient to say "we won't answer any questions" while first raising doubts about the authenticity of the emails with "some may be forged".  If I had to guess, it will not be necessary to commit forgery to produce some email content that will be embarassing to Stratfor: hell, if they were willing to falsify stuff, why take on the risk of stealing it in the first place?  

    Answering questions, clarifying intent and identifying what's real and what's false is a mature and responsible action, Stratfor.  Refusing to face the heat when put on the spot for your actions because it 'makes you a victim twice' is the response one might expect of a petulant teenager, or an addict who is in denial of his problem.

    In contrast, other than their illicit hacking Anonymous has generally shown themselves to adhere to a higher standard of veracity than most of their 'victims'.

    Mr. Friedman's claims of security of the Stratfor web site are laughably silly now that it's come to light that the password policy in effect on its site allowed single-character passwords.  Maybe the strategic intel they disseminate is good, but no one can take seriously any claims of great security expertise when their protections were so laughably weak in the first place.

    This continuing spin just ensures that Stratfor will remain an object of ridicule until they "man up" and admit that they fell down on the job of securing this information.  Their implicit pre-emptive denials of "they might be forged" will hold little water if any "troubling collaborations" are found in the email contents.  

    Is it noble to remain above the controversy?  Apparently Mr Friedman thinks it will be perceived that way.  I think it will be perceived as haughty and self-serving evasion, but ultimately it's Stratfor's customers who will determine whether they remain a viable player on the info-sec scene.

  • Anonymous on

    So sad, but not shocking. The financial companies I have worked with also have very laughable security in place. When you point it out to them they act like what you are saying is not true and they know what they are doing. Once they get owned I will gladly point fingers and supply emails for there negligence. 

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.