| By Robert Vamosi |
Creating truly secure passwords can be difficult — at least for some security professionals, it seems.
A recent data breach at the private intelligence firm Stratfor revealed some all-too-common password weaknesses. Here’s how to strengthen your own.
Stratfor fails to protect customer data
If not for the players involved, this story might have gone down as just another company losing customer credit-card information to clever hackers. As detailed in a Jan. 11 Reuters report, the perpetrators were members of the infamous hacking group Anonymous (also referred to as AntiSec) and the victim was Strategic Forecasting Inc (Stratfor), a Texas-based political and economic analysis firm with an impressive list of private and public clients and subscribers.
According to various sources, the hackers broke into Stratfor in early December 2011 and acquired company e-mails and customer account information. They returned Christmas Eve to publicize the break-in on Stratfor’s own homepage and then cripple the company’s servers. Eventually, Anonymous claimed responsibility and reportedly used some of the stolen credit-card information to make sizable donations to charitable organizations.
The irony in this story is that Stratfor, a company focused on global intelligence and forecasting, had not bothered to encrypt its subscribers’ credit-card information. Moreover, its security system required subscriber passwords that were no more elaborate than what we might use for everyday computing.
Here are some lessons to learn from the Stratfor incident.
Rebuilding passwords from encrypted hashes
As reported in a Jan. 2 story, online news site The Tech Herald analyzed 860,160 of the nearly one million Stratfor password hashes publicly revealed by the hackers. (A hash is a fixed-length bit string that represents the original password.)