Hackers Breach the KKK
Posted by: Timothy Weaver on 03/12/2016 11:46 AM
[
Comments
]
Staminus has been breached and shamed by hackers. The main target was the KKK and its affiliates.
A crew going by the name of FTA took responsibility. “Yes, that’s right, Staminus was hosting the KKK and its affiliates,” it said. “An organization legally recognized in some regions as a terrorist collective. Not that we hold anything against the KKK. Choosing such an awful host as Staminus however is unforgiveable [sic], and consequently they had to be punished.”
The KKK website is down and continues to remain offline.
Staminus was an easy target in that it used the same password for all its servers and did not keep its software up to date.
The dumped data meanwhile includes customer contact details and password hashes.
David Maman, whose company HexaTier protects databases in the cloud, said that the incident could have been a whole lot worse for Staminus.
"In this case, it ended in a good way,” he said. “Shaming has become the best possible outcome for a breached company. What if the attacker had started selling the ‘down time’ of the customers ‘protected’ by this security firm? Or even worse, what if the attacker had used the entire infrastructure at a critical time to attack additional security companies? Or even government sites?”
The FTA detailed the lack of security with its sarcastic “Tips” zine:
• Use one root password for all the boxes
• Expose PDUs [power distribution units in server racks] to WAN with telnet auth
• Never patch, upgrade or audit the stack
• Disregard PDO [PHP Data Objects] as inconvenient
• Hedge entire business on security theatre
• Store full credit card info in plaintext
• Write all code with wreckless [sic] abandon
Source: InfoSecurity
A crew going by the name of FTA took responsibility. “Yes, that’s right, Staminus was hosting the KKK and its affiliates,” it said. “An organization legally recognized in some regions as a terrorist collective. Not that we hold anything against the KKK. Choosing such an awful host as Staminus however is unforgiveable [sic], and consequently they had to be punished.”The KKK website is down and continues to remain offline.
Staminus was an easy target in that it used the same password for all its servers and did not keep its software up to date.
The dumped data meanwhile includes customer contact details and password hashes.
David Maman, whose company HexaTier protects databases in the cloud, said that the incident could have been a whole lot worse for Staminus.
"In this case, it ended in a good way,” he said. “Shaming has become the best possible outcome for a breached company. What if the attacker had started selling the ‘down time’ of the customers ‘protected’ by this security firm? Or even worse, what if the attacker had used the entire infrastructure at a critical time to attack additional security companies? Or even government sites?”
The FTA detailed the lack of security with its sarcastic “Tips” zine:
• Use one root password for all the boxes
• Expose PDUs [power distribution units in server racks] to WAN with telnet auth
• Never patch, upgrade or audit the stack
• Disregard PDO [PHP Data Objects] as inconvenient
• Hedge entire business on security theatre
• Store full credit card info in plaintext
• Write all code with wreckless [sic] abandon
Source: InfoSecurity
Comments
