Remember the Stratfor hack back in 2011? Stratfor cybersecurity was pretty much non-existent, according to a leaked confidential forensic investigation report (pdf), originally released by Verizon in February 2012. It was a hack waiting to happen, and the report serves as a reminder for how NOT to do business.BackgroundStratfor Global Intelligence bills itself as \u201ca geopolitical intelligence firm that provides strategic analysis and forecasting to individuals and organizations around the world.\u201d After AntiSec hackers stole five and a half million emails and then gave them to WikiLeaks, the Atlantic said \u201cStratfor\u2019s reputation among foreign policy writers, analysts, and practitioners is poor; they are considered a punchline more often than a source of valuable information or insight.\u201d Yet as far back as 2001, \u201ca Stratfor subscription could cost up to $40,000 per year.\u201dSuspected cause and attack vectorsVerizon spelled out suspected host and network attack vectors. It found practically no system hardening and no file integrity monitoring. Stratfor had no firewall, no antivirus protection and no security monitoring. \u201cNo device was used to filter any ingress or egress traffic, allowing any data into and out of the systems environment unrestricted.\u201d There was \u201cno level of centralized logging to routinely monitor and analyze suspicious and\/or anomalous security events.\u201dKeep in mind that Stratfor is a level 3 merchant, charging at least $40,000 annually for subscriptions via its Ubercart shopping cart application. \u201cThe back-end database driving the Stratfor e-commerce process retained Primary Account Number (PAN), expiry, and CVV2\/CVC2 in plain, unencrypted text.\u201d There was also no network segmentation. \u201cStratfor did not segregate its payment ecommerce environment from its corporate office environment. That is to say, systems interacting with cardholder data were directly accessible from systems within the corporate subnet with single-factor authentication credentials.\u201dNo secured remote access: The \u201caffected systems (web server, database server, mail servers, Active Directory server) in both the corporate and payment environments allowed for single-factor remote access either through SSH (Linux) or Windows Remote Desktop (RDP).\u201d Furthermore, the \u201cremote access channels were not restricted by trusted IP address or geolocation.\u201d Remote access was left permanently enabled, yet there was also no remote access monitoring or logging.Those were just a few examples of Stratfor\u2019s security ineptitude found during Verizon\u2019s investigation. \u201cThis is an extreme case and a breakdown of a magnitude I\u2019ve never seen before." Kevin Cunningham, president and founder of SailPoint, told The Daily Dot, \u201cYou have to define your policy and ensure that controls are in place. In this case, it doesn\u2019t look like they had any policies defined. It\u2019d be like not only leaving your front door unlocked and your windows open, but also your family jewels on the kitchen table.\u201dAnti-forensic measures Verizon investigators wrote that hackers disabled the web server by \u201cusing the Unix \u2018rm \u2013rf\u2019 command against the root director as superuser. This caused the contents of nearly every writable mounted file system on the server to be deleted, up to the point that the server itself crashed after system-critical files or directories were deleted. This same Unix command was also run against two separate mail servers as well as the e-commerce database server.\u201dThis one command helped to remove the intruders\u2019 digital footprints from the compromised systems and proved to be an investigative challenge, as standard file timeline and metadata analysis could not be conducted.The intruders used TOR for most of their malicious activity. The report stated, \u201cEngaging in this degree of anti-forensic activity indicates the high level of sophistication and organization during the intruder\u2019s actions. Many intruders in similar cases make no effort to \u2018cover their tracks\u2019 or otherwise obfuscate their actions. Taking specific and deliberate actions that hinder investigative efforts after the fact is indicative of a highly specialized, and professional attacker or group of attackers.\u201dChat logs floating around on the web show that FBI informant Sabu orchestrated the Stratfor hack. Fellow LulzSec member Jeremy Hammond, who is serving 10 years, claimed Sabu set him up for the fall. Another Anonymous hacker, Hyrriiya, confessed to first hacking Stratfor -- two weeks before LulzSec \u2013 and providing access to other AntiSec hacktivists.Considering all the extreme security mistakes, Stratfor got off easy; it did not admit to any wrongdoing or liability. Instead, the company settled a class-action lawsuit for approximately $1.175 million in 2012.