An apparently successful cyber-attack against the hosting company Staminus in the US has revealed the unsavoury customers with which the company was doing business.
Staminus is an anti-DDoS and hosting company whose customers rely on it to mitigate attacks against them.
Staminus' website went down late last week and was acknowledged by the company in a tweet which read: “a rare event cascaded across multiple routers in a system-wide event, making our backbone unavailable.”
While the statement made no mention of a data breach, information from Staminus servers was published online a day after the website went down. The stolen data apparently amounts to 15gb and was published in a file titled ‘tips when running a security company'.
The publicly disclosed information contained a number of tasty morsels, for any wilful fraudsters at any rate, including personal details such as contact information, hashed passwords, chat logs and usernames.
Moreover, the attackers also published the plain text data of 2000 customers, Staminus' main database and the source code for a number of the company's services.
Perhaps most interestingly, the info dump also included the database of Staminus customer - and America's premier costumed white power organisation since the civil war - the Ku Klux Klan.
Not only did Staminus play host to the KKK, but KKKradio.com and the Soldiers of the Cross Training institute, an organisation which organises christian white supremacist events in the Ozarks of Arkansas.
A group calling itself the FTA, standing for F*** Them All, claimed responsibility for the hack and commented on the revelation that the KKK used Staminus: “Yes, that's right, Staminus was hosting the KKK and it's affiliates. An organisation legally recognised in some regions as a terrorist collective. Not that we hold anything against the KKK. Choosing such an awful host as Staminus, however, is unforgivable, and consequently they had to be punished.”
Brian Krebs, cyber-security expert and investigative journalist noted in a blogpost: “It is not unusual for attackers to target anti-DDoS providers. After all, they typically host many customers whose content or message might be offensive – even hateful – speech to many.”
Justin Harvey, CSO at Fidelis cyber-security, also speculated on the attacker's intentions. He told SCMagazineUK.com, “It's impossible to know an attack group's true motivations, but given the fact that Staminus' sole business focus was to thwart attacks, I think that may be a part of it."
Harvey added, “I suspect that either the attackers had previously attempted a denial of service attack on a target and Staminus had stepped in to help – which could have made them angry – or that it is/was planning an attack in the future and needed a diversion of focus.”
Matt Mahvi, the company's CEO, released a statement on 11 March in which he was keen to point out that no social security information was stolen as Staminus does not collect it. “While the investigation continues, we have and will continue to put additional measures into place to harden our security to help prevent a future attack.”
The statement added, “I fully recognise that our customers put their trust in Staminus and, while we believe that the issue has been contained, we are continuing to take the appropriate steps needed to safeguard our clients' information and enhance our data security policies."