Whoever maliciously hacked into the servers of Stratfor.com on Christmas Eve must have known something about news cycles during the holiday season. Mainstream media, with skeletal and junior staff during the holidays, would jump on such a bold act of cyber sabotage. And, that’s happened … big time.
The company says it “cannot discuss any details because several law enforcement agencies are investigating the incident,” which is simply not a genuine statement. Meantime, many mainstream news media are running the story. It’s being called, “The hack of the year.”
The media coverage snowball rolls on while Stratfor is silent.
The hackers reportedly struck Stratfor’s three servers located at a small web hosting firm in Austin, Texas, Stratfor’s homebase. According to what has been pieced together, they were seeking access to the company’s confidential emails.
Not only did they find about 3.3 million emails, they also captured the credit card information – including pin numbers – of thousands of Stratfor subscribers, including Homeland Security, police departments, foreign governments, government officials, private individuals, and … well, you get the idea. The credit card information had been stored on the servers in unsecured, open and unencrypted in plain text files, possibly in violation of law by Stratfor.
What the hackers did then was to completely erase the company’s servers, possibly including any backup of the website. At this writing, Stratfor is dead in the online water – no website, no email, faltering subscriber trust and shattered reputation among many high profile subscribers.
What’s now hurting the most for Stratfor – an expensive, premium online news and analysis aggregating service – is not necessarily the hacking but rather their own lack of crisis management and prompt, transparent communications. The fact that as we head into “Day 4″ since the attack they cannot get their website back online exacerbates the situation.
The company’s last communication with subscribers was on Christmas day (see below). Since then, nothing except for a couple of rambling posts with poor grammar on Facebook. In none of the spattering of statements has there been any accountability or acceptance of responsibility by the company, probably the result of bad advice from an attorney. Let us not forget that Stratfor’s careless security practices have compromised the credit cards of thousands of clients.
The incident is causing many Stratfor subscribers to take a second look at whether the company’s daily email service of news summaries is still worth the hefty fees, especially when much of the same news and information is already online for free through Google and the plethora of online news resources.
Stratfor was created by Austin-based entrepreneur and salesman George Friedman. In his analysis of Friedman and Stratfor, David P. Goldman wrote in The Tablet in early 2010:
Friedman’s thriving business targets a key market niche: corporate types with geopolitical exposure who are too busy or too ill-informed to use Google.
“Controlling costs but without skimping on quality” is the secret to the McDonald’s-like commercial success of Stratfor, Friedman explained during a break from his New York book tour. “The secret is the division of labor: we have people who collect intelligence, people who analyze intelligence, and people who write,” he says. “It’s designed to give the subscriber a consistent product.”
“Friedman is not selling sophistication,” Goldman writes. “Subscribers to his premium service get more items in their inbox than the most avid geopolitics junkie could digest.”
Friedman today needs to sell believable crisis communications. It would have been easy and quick right after disaster hit:
- News blog to deliver a steady flow of updates and assurance to subscribers, the media and public.
- Engaging in the online social media discussion of the hacking and fallout. Stratfor’s voice is absent there.
- Genuine acceptance of responsibility and empathy for subscribers whose credit cards have been compromised.
- Clear and sincere messages, free of typos and grammatical mistakes.
“Global information” Stratfor has done none of this.
In a crisis situation, effectively managing communications may help to save a company’s reputation, image and viable future, regardless of what the lawyers might advise. At least expeditious crisis communications won’t get you sued, one way or the other.