Hackers Breach and Shame the KKK’s Security Company

DDoS protection firm Staminus has been breached and shamed by hackers, who released a mocking “Tips When Running a Security Company” list along with a data dump of Staminus customer information, including that for sites belonging to the Ku Klux Klan.

A crew going by the name of FTA took responsibility. The motivation was to bring to light one of Staminus’ key customers: The KKK.

“Yes, that’s right, Staminus was hosting the KKK and its affiliates,” it said. “An organization legally recognized in some regions as a terrorist collective. Not that we hold anything against the KKK. Choosing such an awful host as Staminus however is unforgiveable [sic], and consequently they had to be punished.”

The website run by the Klan has been downed as part of what appears to be a significant breach—and it remains down as of this writing, although the Staminus site itself is back online.

The hackers said that Staminus had used the same root password to access all its servers and hadn’t kept patches up to date, making it an easy target. In its sarcastic “Tips” zine, it detailed the company’s security holes:

  • Use one root password for all the boxes
  • Expose PDUs [power distribution units in server racks] to WAN with telnet auth
  • Never patch, upgrade or audit the stack
  • Disregard PDO [PHP Data Objects] as inconvenient
  • Hedge entire business on security theatre
  • Store full credit card info in plaintext
  • Write all code with wreckless [sic] abandon

The dumped data meanwhile includes customer contact details and password hashes, as verified by Forbes. Information for the KKK and related sites, including a KKK radio site, was included.

SOURCE: Tara Seals | Infosecurity Magazine


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s