6 January 2012

Stratfor: Beware of false communications

Also: http://blog.cyberwar.nl/2012/01/post-breach-stratfor-mailings-fake-vs.html

A sends:

From: Stratfor <mail@response.stratfor.com>
Date: 2012/1/6
Subject: Stratfor: Beware of false communications

To verify the validity of this communication from Stratfor, please view this video of our VP of Intelligence, Fred Burton, which references and authenticates this email.

Dear Stratfor Reader,

While addressing matters related to the breach of Stratfor's data systems, the company has been made aware of false and misleading communications that have circulated within recent days. Specifically, there is a fraudulent email that appears to come from George.Friedman[at]Stratfor.com.

I want to assure everyone that this is not my email address and that any communication from this address is not from me. I also want to assure everyone that Stratfor would never ask customers and friends to provide personal information through the type of attachment that was part of the email at issue. This email, and all similar ones, are false and attempt to prey on the privacy concerns of customers and friends. We strongly discourage you from opening such attachments. We deeply regret the inconvenience this latest development has created.

While Stratfor works to reestablish its data systems and web presence, we ask everyone to please look for official communications, such as this one, and to monitor the Stratfor Facebook page and Twitter feed for company-approved communications.

Thank you for your patience.

Please direct any questions and concerns to feedback@stratfor.com.

Sincerely,

George Friedman

A forwards an alleged Statfor email:

Fri,  6 Jan 2012 07:28:54 +0100 (CET)
Subject: Rate Stratfor's Incident Response
From: george.friedman@stratfor.com

Hello loyal Stratfor clients,

We are still working to get our website secure and back up and running again as soon as possible.

To show our appreciation for your continued support, we will be making available all of our premium content *as a free service* from now on.

We would like to hear from our loyal client base as to our handling of the recent intrusion by those deranged, sexually deviant criminal hacker terrorist masterminds. Please fill out the following form and return it to me.

My mobile: 512-658-3152
My home phone: 512-894-0125

Headers of the email:

For the video announcement, please see http://www.youtube.com/watch?v=oHg5SJYRHA0

Read full press release: http://bolt.thexfil.es/84e9h!t [This is a 1MB document attributed to Anonymous, Antisec and Lulzsec. Also distributed on other sites as the "Anonymous ZINE."]

Rate Stratfor's incident response: http://img855.imageshack.us/img855/9055/butthurtreportform.jpg

_____

Cryptome:

Well, the slurs are provocative, and a goad to additional attacks. Is there a way to authenticate it? With the Stratfor email addresses loose, anybody could have sent it. Based on the headers it appears to be a spoof.

We will publish to see who else got the email. If so, send to cryptome[at]earthlink.net.

Second copy of the email: "Hello, this appeared this morning in my inbox, looks like anonymous is trolling George Friedman."

Third copy: "I just received the following sender-spoofed message. From the links mentioned, check out at least http://bolt.thexfil.es/84e9h!t."

Fourth copy: "I have received this mail five times this morning, from 4:03UTC+1 until 10:52UTC+1." Message header: Received: from zulu710.server4you.de (zulu710.server4you.de [188.138.100.214] by mx.kundenserver.de (node=mxbap4) with ESMTP (Nemesis)."