..

This design element requires flash & JavaScript to be enabled to play. Download the latest version of flash from Adobe.com.

commissum is a company one hundred percent focused on the provision of information security advice and services. Our team has been providing the full range of these services to a broad cross-section of businesses and government organisations for over twenty years.

commissum'ko-mis-sum, n. that which is entrusted [Latin]

Stratfor Fall Victim To Anonymous Attack – Exposing Defence And Intelligence Officials

Tue 10 Jan, 2012 // Chris Allan
Data Security

During the Christmas period, thousands of British email address and encrypted passwords, including those of defence, intelligence, and police officials have been revealed online following a security breach by hackers. The hackers are believed to be part of the hackivist group known as Anonymous, who attacked global intelligence company Stratfor.

Stratfor specialise in strategic intelligence on global business, economic, security, and geopolitical affairs. Their clientele include U.S. Military and government organisations, as well as technology giants IBM and Microsoft.

Posted on pastebin.com, the hackers revealed 860,000 subscribers user names, email addresses and encrypted passwords, resulting in everyone who has ever registered on the Stratfor websites being named. This also includes the full names and credit card information for all 75,000 paying subscribers, with 462 UK accounts being noted, resulting in one of the most significant breaches of 2011.

Anonymous said:

“We call upon all allied battleships, all armies from darkness, to use and abuse these password lists and credit card information to wreak unholy havok upon the systems and personal email accounts of these rich and powerful oppressors.”

According to IDG, since the hack it has been made aware that passwords are already being decrypted at Utah Valley University. Where a study is under way to study what passwords are being used. Kevin Young, area IT director at Utah Valley University who also teaches information security believes that one of the major threats from the hack was that many passwords were too easy to decode, most likely resulting in these passwords being used for other websites that may contain sensitive information.

Young confirmed that although passwords were encrypted using MD5 hash, which is considered an industry standard, simple and short passwords remained relatively simple to decode.

Although the attack was carried out by Anonymous hackers it has become apparent that there are no 'orders', and that each and every attack is carried out by individuals that all have different aims and are involved in different 'operations' which have been previously carried out by the group. As such, it is difficult to predict who will be targeted next.

The important message to take from this is the importance of using secure passwords, and using more passwords to help increase security measures for individuals where necessary.

“We have been pleased to work with commissum who have provided us with services to address our Security Assurance requirements. commissum met our demands, as an organisation operating within the Legal Services sector, with the highest level of integrity, commitment and excellent level of service. We would have no hesitation in recommending commissum.”

Mr Kenneth P, IT Manager, National Legal Services

"commissum recently provided us with services to assess a web application and supporting infrastructure. I was impressed with the consultants throughout the project, by their technical knowledge, flexibility, open communication and willingness to go that extra mile. Of particular benefit was the sound advice given both during and after the engagement. By identifying vulnerabilities promptly, accompanied with practical recommendations on how to address them. We were able to implement improvements quickly. Good value, a job well done.”

JM, Infosec Analyst, International Investment Bank

"We engaged with commissum for the first time this year and found them highly professional and a pleasure to do business with. We were particularly pleased with the report provided which was of excellent quality, with an appropriate level of detail and clarity in its recommendations. I would happily refer others to commissum.”

Mr Billy K, IT Director, National Law Firm

"We are extremely pleased with the work carried out by the commissum team. All of the commissum staff were a pleasure to work with and maintained a high level of professionalism at all times. They were able to provide us with sound advice and guidance to make sure that we got the best value for money from our test and provided excellent communication and recommendations before, during and after the tests. I would strongly recommend commissum to other companies that are looking for peace of mind in relation to their IT security and I can say that we will use commissum again for future testing.”

Chris S, IT Officer - UK Housing Association

"commissum understood exactly what we needed and delivered excellent service on time, and on budget. Why can't all companies be like them!"

Mr Duncan M, Information Security Manager - National Building Society

Get in touch with one of our security consultants today

  • No obligation
  • Expert advice
  • Tailored solutions
"commissum was particularly responsive and the project was well managed under demanding conditions. I was very happy with the technical standard. Very good value for money as well”

Mr Kenneth Y, Head of IT Risk & Compliance, International Retail Bank

"I was very pleased with the work delivered by commissum from start to finish. The quality of reporting was excellent and the consultants very helpful with clear communication throughout the engagement. I would happily recommend commissum to others.”

Ms Louisa L, IT Manager, National Building Society

"commissum provided us with a high quality service. We found the project team helpful and flexible in responding to changes in requirement; the technical staff in particular were excellent. All commitments including deliverable timescales were met and I would have no hesitation in recommending commissum.”

Mr A Moretti, Executive Director for IT Security Risk Management, Global Investment Bank

"From the start the project went very smoothly despite the short notice. commissum maintained excellent communication throughout ........ their flexibility and responsiveness right up to the end of the project was of great value to us.”

Mr Keith H, Senior Business Manager - UK Local Government