Hackers Leave Advice for Breached Security Company

Security firm Staminus servers have been taken offline today, following a supposedly successful cyber-attack on their network. The Newport Beach, California-based hosting and distributed denial of service (DDoS) protection company went down at 8 am EST on Thursday, with the company communicating details of the event via Twitter citing it as a “rare event [that] cascaded across multiple routers in a system-wide event.”

This ‘rare event’ was quickly revealed to be a far more deliberate malicious act against the company, with a data dump of Staminus’ servers being posted to the internet shortly afterwards. This leak contained the details of a large number of customer names and email addresses as well as their database table structures, routing tables and other crucial operational information. An unnamed Staminus customer verified the contents of the hack, confirming that his details were among those released in the dump. The posters of the dump declared that they had managed to gain access to all of Staminus’ routers and networked systems, resetting them to factory settings.

The dump begins with a note from the hackers responsible for the breach, titled “TIPS WHEN RUNNING A SECURITY COMPANY.” This preface detailed a number of security flaws found while breaching Staminus’ systems in a sarcastic style:

  • Use one root password for all the boxes
  • Expose PDU’s [power distribution units in server racks] to WAN with telnet auth
  • Never patch, upgrade or audit the stack
  • Disregard PDO [PHP Data Objects] as inconvenient
  • Hedge entire business on security theatre
  • Store full credit card info in plaintext
  • Write all code with wreckless [sic] abandon

While no credit card information was visible in the dumped data, doing so unencrypted goes against Payment Card Industry (PCI) security standards and inappropriate for any company handling such details, especially one claiming to be in the security business.

Also laid bare was the colourful selection of customers that Staminus served. From a number of small gaming server operators, including those for Minecraft all the way to the Ku Klux Klan, it was found that the KKK’s official website was in fact hosted by Staminus, as well as a number of affiliated sites such as the American Heritage Committee.

While Staminus claimed that service had been restored globally, many customers took to Twitter claiming that it was not the case. Since then, the only communication from the firm has been the announcement of a statement from their CEO, which is linked to their (currently offline) site. When Staminus will regain full functionality of the network is anyone’s guess, however, it will be interesting to see how the company will recover from this major event.

Companies Struggle to Defend Against Growing Surge of Cyberattacks

Sophisticated cyberattacks are giving security experts around the world complete fits, indicating how serious the problem continues to be. Custom-created malware and cyberattack strategies are easily found online and used to exploit unsuspecting users on a frequent basis.

Most recently, Domino’s Pizza restaurants in Belgium and France suffered cyberattacks, in which hackers stole customer data.  Customer records of around 650,000 were affected by the breach, as hackers demanded a ransom payment or information would be posted online.

Although some companies are stepping up to embrace modern security platforms, the amount of data stored without password-protection and encryption is staggering. A data breach can be costly for companies, but many executives would rather ignore the problem, roll the dice, and hope they aren’t targeted.

If nothing else, it’s clear that companies are struggling in their effort to keep customer and employee data secure from data theft. Once information is stolen and made available on the underground market, it can be hours – or months – before bulk records are sold or traded.

Credit card data, for example, must be distributed quickly, as customers will alert banks to flag stolen data. However, companies that either don’t inform users of a data breach, or are unaware they have been compromised, give cybercriminals better opportunity to get rid of the information at their own leisure.

Thank you Fierce CIO for providing us with this information

GCHQ Wants to Share Cyber Threat Analysis With Private Companies

The GCHQ intelligence agency plans to become more proactive in its fight against cyberattacks, opening up cyber threat intelligence information with private companies. It’s a unique turn of events following former NSA contractor Edward Snowden’s snooping disclosures, which also accused the GCHQ of organized surveillance activities.

To bolster support for the initiative, Cabinet Office minister Francis Maude mentioned how a “state-sponsored” criminal group accessed an account on an intranet government secure network.

Here is what GCHQ said in a statement:

“GCHQ will commit to sharing its classified cyber threat information at scale and pace to help communications service providers protect their customers; starting with suppliers to government networks and then moving on the other sectors of critical national infrastructure.”

The GCHQ hopes to help companies become the first line of security defense against sophisticated cyberattacks – a growing problem, as cybercriminals are becoming increasingly sophisticated when launching attacks. Compromised stolen data is worth big bucks on the underground market, with bulk records from data breaches available for sale.

The UK has seen an uptick of organized attacks from China and Russia, in an effort to steal intellectual property and gain a competitive advantage, which officials are keen to defend.

Thank you to the Engineering and Technology Magazine for providing us with this information

Image courtesy of Wired UK