Lessons learned from Stratfor hack

Tuesday - 1/3/2012, 5:48pm EST

Richard Stiennon, chief research analyst, IT Harvest

Download mp3

By Jack Moore
Federal News Radio
@jmooreWFED

Just before the holidays, the hacker collective Anonymous is reported to have struck again — this time targeting defense intelligence organization Stratfor.

The hackers posted email addresses, credit card numbers and personal information of more the more than 800,000 people who subscribed to Stratfor's publications.

Richard Stiennon, the chief research analyst at IT Harvest and the author of the books Surviving Cyberwar and the forthcoming Cyber Defense: Countering Targeted Attacks, joined In Depth with Francis Rose with some lessons learned from the hack.

Stiennon reviewed the leaked information and wrote in a Forbes blog post that the passwords revealed "are an abject lesson in password strength."

Among the email addresses leaked were several ".gov" and ".mil" accounts, in addition to many accounts tied to major government contractors.

For example, by Stiennon's count, 12 Raytheon employees, eight IBM employees and 15 from SAIC had their accounts compromised.

Stiennon recommended complex passwords even for "throw-away" accounts and two-factor authentication for email accounts.

This story is part of Federal News Radio's daily Cybersecurity Update. For more cybersecurity news, click here.