After an easy breach, hackers leave “TIPS WHEN RUNNING A SECURITY COMPANY”

Not the message you want from your Web security firm.

A Web security company's systems are offline this morning after an apparent intrusion into the company's network. The servers and routers of Staminus Communications—a Newport Beach, California-based hosting and distributed denial of service (DDoS) protection company—went offline at 8am Eastern Time on Thursday in what a representative described in a Twitter post as "a rare event [that] cascaded across multiple routers in a system wide event, making our backbone unavailable."

That "rare event" appears to have been intentional. A data dump of information on Staminus' systems includes customer names and e-mail addresses, database table structures, routing tables, and more. The data was posted to the Internet this morning, and a Staminus customer who wishes to remain anonymous confirmed his data was part of the dump. The authors of the dump claim to have gained control of Staminus' routers and reset them to factory settings.

The dump, in a hacker "e-zine" format, begins with a note from the attacker. Sarcastically titled "TIPS WHEN RUNNING A SECURITY COMPANY," it details the security holes found during the breach:

Read 4 remaining paragraphs | Comments