Navigation

My projects

Ingrid Pitt: Beyond The Forest logo The Wild World of Ted V. Mikels logo Vampira: The Movie logo Curse album cover Ultraviolet band photo Shrieking Violets logo

My other sites

YouTube logo Twitter logo

Who knew first, the FBI or Stratfor? The first clear answer is found in a recent footnote.

When Jeremy Hammond hacked Stratfor, who knew first: the FBI or Stratfor? It seems a basic question, yet there has been surprisingly little discussion about it — mostly because people assumed (incorrectly) that they already knew the answer.

Let's see what Stratfor's official statement about the hack says:

In early December I received a call from Fred Burton, Stratfor's vice president of intelligence. He told me he had received information indicating our website had been hacked and our customer credit card and other information had been stolen. The following morning I met with an FBI special agent, who made clear that there was an ongoing investigation and asked for our cooperation. We, of course, agreed to cooperate. [Emphasis added.]

This does not say whether Burton received the information from inside or outside the company, and it does not say whether Stratfor or the FBI proposed the meeting. Accordingly, we can't tell whether the investigation was "ongoing" before Stratfor knew they'd been hacked.

Stratfor's FAQ about the hack is no more informative:

1. When did Stratfor learn of the problem and how?

We were notified in early December and have since been cooperating with the FBI's investigation of the incident.

"We were notified" could imply "by the FBI," but could also mean "by an automated intrusion detection system" or other source. Note that the question of "how" the notification occurred is left unanswered.

No one commented on the odd and I assume deliberate use of the passive voice ("he had received," "we were notified" rather than "so-and-so notified us"). Instead, people made assumptions.

Prior to the announcement of Sabu's arrest, the universal assumption was that Stratfor had notified the FBI. Of articles that cite a basis for this claim, it appears that virtually all rely on this Associated Press article, which says that "Fred Burton, Stratfor's vice president of intelligence, said the company had reported the intrusion to law enforcement and was working with them on the investigation." I suspect that this paraphrase represents an unwarranted assumption by the reporter. However, this statement appears (according to a Google search) on "about 12,000" webpages.

In short, from the public announcement of the hack on December 24, 2011 until March 5, 2012, there was a universal consensus that Stratfor had notified the FBI. As far as I can tell, this was based on nothing but the paraphrased statement from Burton, and arguably at odds with the "we were notified" language in the FAQ.

Contrast this to the media coverage after Sabu was revealed as an informant on March 6, 2012: there was a universal consensus that the FBI had alerted Stratfor. It was a reasonable assumption, but equally unsupported by evidence.

TL;DR:
Before announcement of Sabu's arrest: "Stratfor notified the FBI."
After announcement of Sabu's arrest: "The FBI notified Stratfor."
There was no proof of either statement, and no acknowledgement of the flip-flop.
#JournalismFail.

"I thought we'd always been at war with Eurasia," she said vaguely. (George Orwell, 1984)

The first clearer statements appeared in November 2013. It turns out that the FBI notified Stratfor, so the ~12,000 webpages relying on the (incorrectly?) paraphrased quote from Stratfor's Fred Burton are wrong. This was revealed by the "Government's Memorandum of Law With Respect To Sentencing" of Jeremy Hammond. See footnote 2 on page 3:

Upon learning that [another victim entity]'s computer systems had been compromised, the FBI immediately notified [the victim], as it did each time it received notice that Hammond or his co-conspirators had compromised an entity's computer systems. [Emphasis added.]

and with greater specificity, footnote 7 on page 7:

The FBI immediately notified Stratfor upon learning in early December that Stratfor's computer systems had been compromised. The FBI continued to provide updates to Stratfor as it learned more about Hammond's continued attack against that company.

If we want to be pedantic, we could point out that this doesn't preclude Stratfor from already knowing about Hammond's hack when the FBI notified them. But based on all available information, I believe it's safe to conclude that Stratfor first found out about the hack from the FBI. (As an added complication, the government states that prior to Hammond's hack, Stratfor had been breached by another individual known as "hyrriiya." It isn't clear when hyrriiya's hack occurred, but it seems likely that the FBI notified Stratfor of both hacks around the time Hammond commenced his hack, on December 5 or 6, 2011.)

To whatever reporter initially paraphrased Fred Burton saying "the company had reported the intrusion to law enforcement": please check your notes and see what he actually said. I think you may have misunderstood him. Now I expect all ~12,000 webpages using that quote to promptly print a retraction. Thank you.

(Sorry, I don't have my website set up for comments. If you're on Twitter, please tweet at me. Or post your reply somewhere on the internet and I'll probably come across it.)

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.