I admit, I was fooled.

As I’ve written previously, private intelligence service Stratfor was hacked in December, my information was leaked and since then I’ve been getting spear phishing messages.  Yesterday, I got another one and I admit, I was fooled.

From: George Friedman
Sent: Sunday, February 26, 2012 8:26 PM
Subject: Official Resignation Notice From Stratfor

Dear loyal Stratfor partners and clients,

It is with great personal disappointment I have to inform you that I will resign from my position as CEO for Stratfor to immediate effect.
 
Please rest assured that this decision was not an easy. But in the light of the recent events, especially the release of our company emails by WikiLeaks, I have decided that stepping down is in the best interest of Stratfor and its customer base.
 
I want to emphasize that this will have no effect on Stratfor's business or its members and we will continue to provide state-of-the-art intelligence services.
 
Regarding the latest breach, Stratfor is fully in control of the situation However, while I cannot take any personal responsibility for this incident, I still have to admit that mistakes have been made on our side. To be clear: We certainly do not condone any criminal activities by groups like Anonymous or other hackers. This is theft and we will continue to cooperate with law enforcement to bring those responsible to justice. But we must acknowledge that this incident would not have been possible if Stratfor had implemented stronger data protection mechanisms - which will be the case from now on. Indeed we will immediately move to implement the latest, and most comprehensive, data security measures.
 
While I played no role in our technical operations, as the company's CEO I do accept full responsibility thus will resign from my position effective immediately.
 
Again, my sincerest apologies for this whole unfortunate incident.
 
Sincerely,
George Friedman

I was getting off the plane last night and decided to check the email on my phone.  I saw that message and said “Oh, no!  Friedman is resigning?  That sucks!  He writes great articles!”  I was really disappointed because I read his books and find his views on geopolitics interesting.  It was too bad that the result of the hack would cause him to resign.

When I got home, I did a quick search on the web for the story.  It turns out that Wikileaks was publishing hundreds of thousands of internal emails sent between Stratfor employees (see article on Reuters). In light of that leak, Friedman was going to resign (i.e., yep, we screwed up and I take responsibility).

Lots of other services reported that Friedman resigned:

I shook my head.  Curse you, Anonymous and WikiLeaks!

Yet when I read the Reuters story this morning, I was lead to this excerpt:

It said it would not be cowed under the leadership of George Friedman, Stratfor's founder and chief executive officer. It said Friedman had not resigned as CEO, contrary to a bogus email circulating on the Internet.

Some of the emails being published "may be forged or altered to include inaccuracies; some may be authentic," the company statement said.

What the—? I went back to the email message in my inbox, and this time checked in my Thunderbird client (not on my phone).  I looked at the raw source, and sure enough, the mail was forged.  I fell for it yesterday evening; I was fooled.

Why did I fall for it?  There’s a couple of reasons.  First, the email looked genuine and the message From: address was forged, and the content was plausible (not to mention that it was in my inbox and not marked as spam).  This message had a neutral SPF result, although it would have failed a SenderID check.

Second, and this is something I have written about but not on this blog, is that I was in a negative frame of mind (disappointment) which clouded my cognitive thinking.  Research shows that people make better decisions when they are in good moods than bad ones, and me being in a disappointed (bad) mood interfered with my ability to know better.

Finally, I checked the message on my phone.  I couldn’t view the raw source the way I could in a regular mail client and therefore I couldn’t verify its authenticity.

Next time I’ll know better.